2 minute read (251 words).

Enabling Ubuntu automatic security updates

Linux, Security

My estate of servers consisting of VM’s, LXC containers and of course Raspberry Pi’s has grown over the years, but has now grown to a point (especially over the COVID-19 lockdowns) where it takes a significant amount of time to go around and preform manual security and recommended updates to them all. This has prompted me to start running automatic security updates.

Using APT, unattended-upgrades need to be installed to your servers and the below file modified.

vi /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {

If you want security and recommended updates to be installed automatically, this additional line will need to be inserted into the argument in the above file.


The above file can also include the following to blacklist certain packages from being automatically upgraded.

Unattended-Upgrade::Package-Blacklist {


All automatic reboots, if required by upgraded packages.

vi /var/run/reboot-required
Unattended-Upgrade::Automatic-Reboot "true";

The below log files contain info about upgraded packages.

tail -f /var/log/unattended-upgrades/unattended-upgrades.log
tail -f /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
cat /var/log/unattended-upgrades/unattended-upgrades.log | grep linux-image

I also found it useful to preform a dry run to ensure my settings were configured and the correct packages were install or ignored.

unattended-upgrades --dry-run --debug

I have read further articles on the internet which describe that it is also possible to send emails with upgrade details.


Share via Twitter LinkedIn Facebook Email