How to install security updates in Ubuntu. Download and install “unattended-upgrades” security updates in Ubuntu, from command line (Terminal). Use apt-get to install security updates on Ubuntu Linux.
unattended-upgrades
The unattended-upgrades package can be used to automatically install updated packages, and can be configured to update all packages or just install security updates.
Automatic Updates
First, install the package by entering the following in a terminal:
sudo apt install unattended-upgrades
To enable it, do:
sudo dpkg-reconfigure --priority=low unattended-upgrades
Once installed, you can also configure unattended-upgrades. To configure, simply edit /etc/apt/apt.conf.d/50unattended-upgrades and adjust the following as per the need:
Unattended-Upgrade::Allowed-Origins
{
"Ubuntu xenial-security";
// "Ubuntu xenial-updates";
};
You can also blacklist a certain package so that it will not be automatically updated. To blacklist a package, simply add the package to the list:
Unattended-Upgrade::Package-Blacklist
{
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
Enable Automatic Updates
On Linux Ubuntu Systems, automatic updates can be enables. One can update the package list, downloads, and installs available upgrades every day. The local download archive is cleaned every week. The results of unattended-upgrades will be logged to /var/log/unattended-upgrades. To enable automatic updates, edit /etc/apt/apt.conf.d/10periodic and set the appropriate apt configuration options:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
Using the “unattended-upgrades” Package
The “unattended-upgrades” Package will create /etc/apt/apt.conf.d/20auto-upgrades with the following contents:
APT::Periodic::Update-Package-Lists “1”;
APT::Periodic::Unattended-Upgrade “1”;
Note:
- When the apt job starts, it will sleep for a random period between 0 and APT::Periodic::RandomSleep seconds. The default value is “1800” so that the script will stall for up to 30 minutes (1800 seconds) so that the mirror servers are not crushed by everyone running their updates all at the same time. Only set this to 0 if you use a local mirror and don’t mind the load spikes. Note that while the apt job is sleeping it will cause the execution of the rest of your cron.daily jobs to be delayed.
- If you want the script to generate more verbose output set APT::Periodic::Verbose “1”;
- If you want the script to automatically reboot when needed, you not only need to set Unattended-Upgrade::Automatic-Reboot “true”, but you also need to have the “update-notifier-common” package installed. On minimal installations this is not installed by default and without it the automatic updater will never reboot and will not even tell you that you need to reboot manually if you have email notifications configured!
Easies Method To Install Security Updates & Upgrades
Run the following set of commands to install all the required packages:
sudo apt-get install unattended-upgrades
sudo unattended-upgrades -d
sudo apt-get upgrade