How To

Automatic Updates on Ubuntu: Set Up unattended-upgrades

Keeping your Ubuntu system updated is one of the best ways to protect it. Security vulnerabilities are found all the time, and patches are released to fix them. If those patches do not get installed, your system stays at risk.

If you manage more than one server, checking for updates manually every day is not practical. And even on a single machine, updates are easy to forget. Ubuntu has a built-in tool called unattended-upgrades that handles this in the background for you. This guide shows you how to set up automatic updates on Ubuntu. The same steps work on other Ubuntu-based systems like KubuntuLinux Mint, and Elementary OS.

<strong>Prerequisite:</strong>&nbsp;You need a user with sudo access to follow this guide.

Install the unattended-upgrades Package

The unattended-upgrades package checks for updates and installs them on a schedule. It is often pre-installed on Ubuntu. If it is not on your system, run:

bashsudo apt install unattended-upgrades

The service starts on its own after install. Check it is running:

bashsystemctl status unattended-upgrades

Look for active (running) in the output. That confirms the service is ready.

Set Up Automatic Updates on Ubuntu: What Gets Updated

The settings file is at /etc/apt/apt.conf.d/50unattended-upgrades. The defaults are fine for most people, but you can edit it to change what gets updated.

The file has an Allowed-Origins section that controls which sources are checked. Here is what each option does:

  • Security — turned on by default. Installs critical security fixes only.
  • Updates — regular package updates beyond security patches.
  • Backports — packages back-ported from newer Ubuntu versions.
  • Proposed — test packages that are not yet stable (not recommended).

To also get regular updates, find the right line and remove the // at the start:

perl// "${distro_id}:${distro_codename}-updates";

To stop specific packages from being auto-updated, add them to the blacklist:

perlUnattended-Upgrade::Package-Blacklist {//  "vim";//  "libc6";};

You can also get email alerts when an update fails. Add these lines and enter your email address. You will need mailx or postfix on the server for this to work:

perlUnattended-Upgrade::Mail "your@email.com";Unattended-Upgrade::MailOnlyOnError "true";

Enable the Automatic Update Schedule

Open /etc/apt/apt.conf.d/20auto-upgrades and check that it has these two lines:

perlAPT::Periodic::Update-Package-Lists "1";APT::Periodic::Unattended-Upgrade "1";

The "1" means each task runs every day. The first line updates the package list. The second one installs the updates.

You can also clean up old downloaded files every 7 days by adding:

perlAPT::Periodic::AutocleanInterval "7";

Rather than editing the file by hand, you can run this command to get a simple setup screen:

bashsudo dpkg-reconfigure -plow unattended-upgrades

Test That It Is Working

Run a dry run to check the setup. This does not install anything:

bashsudo unattended-upgrades --dry-run --debug

Look through the output. If you see “No packages found that can be upgraded unattended”, that is normal when your system is already up to date. If errors appear, check the config file for typos.

If you want to run updates right now without waiting for the schedule, use:

bashsudo unattended-upgrades -v

The -v flag shows what is being installed. This is useful when you need an update applied straight away.

All update activity is saved to /var/log/unattended-upgrades/unattended-upgrades.log. Check it any time to see which packages were updated and when.

With unattended-upgrades running, your Ubuntu system will install security patches on its own every day. You do not have to think about it. If you ever want to change what gets updated, just edit the config files above. Any questions? Leave a comment below.

Cyber Defence

Recent Posts

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…

43 minutes ago

Install Xrdp Remote Desktop on Ubuntu: Setup and Connect

Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…

56 minutes ago

Tomcat 9 on Ubuntu 20.04: Install, Configure, and Start

Apache Tomcat is an open-source web server and Java servlet container. It is one of the…

1 hour ago

Best OSINT Tools for Intelligence Analysts 2026: Evidence-Grading Workflow

Intelligence analysts do not use OSINT only to collect information. They use it to turn…

1 day ago

Best OSINT Reconnaissance Tools 2026 for Ethical Security Research

OSINT reconnaissance is the first stage of ethical security research. Before testing anything, a security…

1 day ago

Install Yarn on Ubuntu: Setup and Basic Commands

Yarn is a JavaScript package manager that works with npm. It makes it easy to install,…

1 day ago