It is important to keep your Linux server up to date with security updates. Linux distributions like Ubuntu and Debian release updates on a daily basis, so keeping the system up-to-date can become a tedious task. Fortunately, there is an option to install security updates automatically. Here are the steps to enable automatic security updates in Ubuntu 20.04 and later versions.
Auto Updates in Ubuntu 20.04
To enable automatic updates, also known as unattended upgrades, follow the steps below. First, open a console or connect to your Ubuntu system by SSH.
Update Ubuntu package lists and install pending updates:
sudo apt-get update sudo apt-get upgrade
Then install the unattended-upgrades package with apt.
sudo apt-get install unattended-upgrades
To enable the unattended-upgrades function, run:
sudo dpkg-reconfigure --priority=low unattended-upgrades
This will start the package configuration wizard:
Choose "Yes" here and press enter. This will create a new file /etc/apt/apt.conf.d/20auto-upgrades which activates the auto-update function.
Optional: You can adjust the update options in the file /etc/apt/apt.conf.d/50unattended-upgrades
nano /etc/apt/apt.conf.d/50unattended-upgrades
The default setup will be this:
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
// Extended Security Maintenance; doesn't necessarily exist for
// every release and this system may not have it installed, but if
// available, the policy for updates is such that unattended-upgrades
// should also install from here by default.
"${distro_id}ESMApps:${distro_codename}-apps-security";
"${distro_id}ESM:${distro_codename}-infra-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};This means that only security updates will be installed automatically. This is the safest option as security updates should never break the existing server setup.
If you like to install normal updates automatically as well, then remove the // in front of the "${distro_id}:${distro_codename}-updates" line.
Unattended Upgrades Log
There is a log file where you can view all actions done by the unattended upgrade system. You can view the file e.g. with the tail command:
tail -n 100 /var/log/unattended-upgrades/unattended-upgrades.log
The command will show the last 100 lines of the log file. Example:
