Ubuntu is one of the most popular Linux-based operating systems, widely used in servers, desktops, and embedded devices. It offers a vast library of software packages and tools that users can install and configure to meet their needs. However, keeping your system up-to-date and secure can be challenging with so many packages and updates. That’s where the Unattended Upgrades Package comes in. In this article, we will explain what Unattended Upgrades Package is, its benefits, and features and guide you through setting up and configuring Unattended Upgrades on Ubuntu 22.04 Jammy Jellyfish and Ubuntu 20.04 Focal using the command line terminal.
Table of Contents
What is Unattended Upgrades Package?
Unattended Upgrades is a package that automates installing security and other updates on Ubuntu systems. It runs silently in the background and regularly checks for new updates, downloading and installing them automatically without user intervention. The Unattended Upgrades package is an essential tool that ensures the system’s security and stability by keeping it up-to-date with the latest updates and patches.
Benefits and Features of Unattended Upgrades Setup:
Here are some benefits and features of the Unattended Upgrades Package on Ubuntu:
- Automated updates: The Unattended Upgrades Package automates downloading and installing updates, saving time and effort for users.
- Improved security: The package ensures that the system is always up-to-date with the latest security updates and patches, reducing the risk of malware attacks and system vulnerabilities.
- Enhanced stability: By keeping the system up-to-date, Unattended Upgrades Package ensures the stability and reliability of the system.
- Customizable settings: Users can customize the package settings according to their needs, such as which updates to install automatically, which to ignore, and when to install them.
- Notification system: The package sends notifications to users about the updates that have been installed, providing transparency and control over the system updates.
Step 1: Update Ubuntu
Before installing and setting up the Unattended Upgrades Package, it is recommended that you update your Ubuntu system to avoid any conflicts. To update your Ubuntu system, open the terminal and enter the following command:
sudo apt update && sudo apt upgrade
This command will update all the installed packages and their dependencies to the latest versions. It may take a while, depending on the number of updates available for your system.
Step 2: Install Unattended-Upgrades Package
To install the Unattended Upgrades Package, open the terminal and enter the following command:
sudo apt install unattended-upgrades
This command will install the package and all its dependencies on your Ubuntu system. By default, the package should be installed. However, if you have removed the package, use the command above to reinstall it.
You also need to install the apt-config-auto-update package if you want your Ubuntu system to restart after applying upgrades requiring the system to restart automatically. Use the following command to install it:
sudo apt install apt-config-auto-update
For laptop users, it is also recommended to install the powermgmt-base package to use any unattended options that use battery options. To install this package, open the terminal and enter the following command:
sudo apt install powermgmt-base
Once the package is installed, you must configure it to meet your needs. For example, you may want to customize which updates to install automatically, which to ignore, and when to install them. Note that the Unattended Upgrades Package requires root privileges to run. Therefore, you need to run all the commands mentioned in this guide with the sudo command.
Verifying that the Unattended Upgrades Package is working correctly is also recommended. To do this, open the terminal and enter the following command:
sudo unattended-upgrades --dry-run --debug
It is important to be familiar with the systemctl commands for Unattended Upgrades, as you may need to check the status after making changes or restarting. To check the status of Unattended Upgrades, use the following command:
systemctl status unattended-upgrades
The following systemctl commands will allow you to start, stop, enable on boot, disable on boot, or restart the Unattended Upgrades service:
Start the unattended services:
sudo systemctl start unattended-upgrades
Stop the unattended services:
sudo systemctl stop unattended-upgrades
Enable on boot the unattended services:
sudo systemctl enabe unattended-upgrades
Disable on boot the unattended services:
sudo systemctl disable unattended-upgrades
Restart the unattended services:
sudo systemctl restart unattended-upgrades
Section 3: Configure Unattended Upgrades
This section covers the configuration of Unattended Upgrades package settings in the configuration file using terminal commands. It is important to note that these settings are optional and can be personalized according to your requirements. Each setting will be explained in detail to help you understand its purpose and functionality. This will enable you to make informed decisions when configuring the Unattended Upgrades package on your Ubuntu system.
Before going into the configuration file, first, here is a summary of all CLI options for the Unattended Upgrades package with explanations:
Option | Description |
---|---|
-h, –help | Displays the help message and exits |
-d, –debug | Enables debug messages |
–apt-debug | Makes apt/libapt print verbose debug messages |
-v, –verbose | Enables info messages |
–dry-run | Simulates upgrade process and downloads but does not install |
–download-only | Only downloads upgrades; do not attempt to install them |
–minimal-upgrade-steps | Upgrades packages in minimal steps (and allows interruption with SIGTERM) – this is the default behavior |
–no-minimal-upgrade-steps | Upgrades all packages together instead of in smaller sets |
These options can be used when running the unattended-upgrade command in the terminal to control the behavior of the automatic upgrade process. For example, the –dry-run option can be useful for testing the upgrade process without actually making any changes to the system, while the –download-only option can be used to download the upgrades without installing them.
The –minimal-upgrade-steps option is the default behavior for Unattended Upgrades, while the –no-minimal-upgrade-steps option upgrades all packages together instead of in smaller sets. Understanding these options when configuring Unattended Upgrades is important to ensure that the behavior matches your preferences and requirements.
Editing the Configuration File
To edit the configuration file, it is recommended to use a text editor with root privileges, such as nano. To open the file with nano, run the following command:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
This will open the configuration file in the nano editor. From here, you can modify the various options listed above. Remember to remove any comments (lines beginning with “//” or “#”) in the file to activate the options.
Once you have finished editing the file, save and exit by pressing “Ctrl+X”, then “Y”, and then “Enter”.
Allowed Origins
This option specifies the sources from which updates should be installed. By default, only the security and update repositories are allowed. You can add additional repositories to the list by uncommenting this option and adding the desired repositories, as shown in the example below:
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}-updates";
"${distro_id}:${distro_codename}-proposed";
"${distro_id}:${distro_codename}-backports";
};
Package Blacklist
This option lets you specify packages that should be excluded from automatic updates. To exclude packages, uncomment this option and add the desired packages as shown in the example below:
Unattended-Upgrade::Package-Blacklist {
"my-package";
"my-other-package";
};
AutoFixInterruptedDpkg
This option determines whether the system should automatically fix interrupted “dpkg” installations. To enable automatic fixing, set the value to “true” as shown in the example below:
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
DevRelease “auto”
This option specifies whether to upgrade to the development release automatically. By default, this option is disabled. To enable automatic upgrades to the development release, set the value to “auto” as shown in the example below:
Unattended-Upgrade::DevRelease "auto";
MinimalSteps “true”
This option specifies whether to perform minimal steps during upgrades. By default, this option is enabled. To disable minimal steps, set the value to “false” as shown in the example below:
Unattended-Upgrade::MinimalSteps "false";
InstallOnShutdown “false”
This option specifies whether to install upgrades on shutdown. By default, this option is disabled. To enable installation on shutdown, set the value to “true” as shown in the example below:
Unattended-Upgrade::InstallOnShutdown "true";
This option specifies the email address to which notifications should be sent. By default, notifications are not sent. To specify an email address, add it as a string value as shown in the example below:
Unattended-Upgrade::Mail "example@mail.com";
MailReport “on-change”
This option specifies when to send email notifications. By default, notifications are sent only when there is a change. To send notifications every time, set the value to “on-start” as shown in the example below:
Unattended-Upgrade::MailReport "on-start";
Remove-Unused-Kernel-Packages
This option specifies whether to remove unused kernel packages after an upgrade. By default, this option is enabled. To disable the removal of unused kernel packages, set the value to “false” as shown in the example below:
Unattended-Upgrade::Remove-Unused-Kernel-Packages "false";
Remove-New-Unused-Dependencies
This setting controls removing new dependencies that the system no longer requires after package upgrades. By default, this setting is enabled, and any new dependencies no longer needed will be automatically removed from your system. To enable this setting, use the following command:
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
If you prefer to keep these new dependencies, you can disable this setting by changing the value to “false”. However, be aware that this may result in unused dependencies accumulating on your system, taking up valuable disk space.
Remove-Unused-Dependencies
This option specifies whether to remove unused dependencies after an upgrade. By default, this option is disabled. To enable the removal of unused dependencies, set the value to “true” as shown in the example below:
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Automatic-Reboot
This option specifies whether to reboot the system after an upgrade automatically. By default, this option is disabled. To enable automatic reboot, set the value to “true” as shown in the example below:
Unattended-Upgrade::Automatic-Reboot "true";
Automatic-Reboot-WithUsers
This option specifies whether to automatically reboot the system when users are logged in. By default, this option is enabled. To disable automatic reboot when users are logged in, set the value to “false” as shown in the example below:
Unattended-Upgrade::Automatic-Reboot-WithUsers "false";
Automatic-Reboot-Time
This option specifies the time the system should automatically reboot after an upgrade. By default, this option is set to “02:00”. To change the reboot time, modify the value as shown in the example below:
Unattended-Upgrade::Automatic-Reboot-Time "03:00";
Acquire::http::Dl-Limit
This option specifies the maximum download speed for package downloads in kilobytes per second. By default, this option is disabled. To enable download speed limiting, set the value to the desired speed as shown in the example below:
Acquire::http::Dl-Limit "100";
SyslogEnable
This option specifies whether to log upgrade events to the system log. By default, this option is enabled. To disable logging, set the value to “false” as shown in the example below:
Unattended-Upgrade::SyslogEnable "false";
SyslogFacility
This option specifies the facility to which upgrade events should be logged. By default, events are logged to the “daemon” facility. To log events to a different facility, modify the value as shown in the example below:
Unattended-Upgrade::SyslogFacility "local7";
OnlyOnACPower
This option specifies whether to perform upgrades only when the system is connected to AC power. By default, this option is disabled. To enable upgrades only on AC power, set the value to “true” as shown in the example below:
Unattended-Upgrade::SyslogFacility "local7";
Skip-Updates-On-Metered-Connections
This option specifies whether to skip updates when the system is connected to a metered connection. By default, this option is enabled. To download updates on metered connections, set the value to “false” as shown in the example below:
Unattended-Upgrade::Skip-Updates-On-Metered-Connections "false";
Verbose
This option specifies whether to output verbose upgrade information. By default, this option is disabled. To enable verbose output, set the value to “true” as shown in the example below:
Unattended-Upgrade::Verbose "true";
Debug
This option specifies whether to output debug information during upgrades. By default, this option is disabled. To enable debug output, set the value to “true” as shown in the example below:
Unattended-Upgrade::Debug "true";
Allow-downgrade
This option specifies whether to allow downgrades of packages during upgrades. By default, this option is disabled. To allow downgrades, set the value to “true” as shown in the example below:
Unattended-Upgrade::Allow-downgrade "true";
Remember that allowing downgrades can be dangerous and lead to system instability or security vulnerabilities. It is recommended only to enable this option when necessary and to consider the risks involved carefully.
Testing and Applying Changes
After making any changes to the configuration file, it is important to run the following command to ensure that the changes are applied:
sudo unattended-upgrades --dry-run --debug
This command will simulate an upgrade run and display any errors or warnings that may occur due to the changes you made to the configuration file. If everything looks good, you can then run the command below to perform the actual upgrade:
sudo unattended-upgrades
This command will automatically check for available upgrades and install them based on the configuration settings.
With the above steps, you should now better understand how to configure and modify the Unattended-Upgrades package on your Ubuntu system.
Section 4: Scheduling Automatic Upgrades with a Cron Job
To schedule automatic unattended upgrades on your Ubuntu system, you can use a cron job. A cron job is a time-based task scheduler in Linux that allows you to run commands or scripts automatically at specified times or intervals.
To create a cron job for unattended upgrades, follow the steps below:
Open the crontab configuration file by running the following command:
sudo crontab -e
This will open the crontab file in the nano editor. Add the following line to the bottom of the file:
0 0 * * * /usr/bin/unattended-upgrade -d
This line specifies that the unattended-upgrade command should run daily at midnight (0 0 * * *). Save and exit the file by pressing “Ctrl+X”, then “Y”, and then “Enter”.
The above cron job will run the unattended-upgrade command every day at midnight, check for available upgrades, and install them automatically based on the configuration settings.
It is important to note that you should only schedule automatic upgrades when your system is not in use, as upgrades may require a system reboot or cause applications to restart.
Section 5: Checking Unattended Upgrade Logs
The Unattended-Upgrades package logs all upgrade activity to the syslog facility by default. The logs can be found in the /var/log/syslog file and other system logs.
To check the Unattended-Upgrades logs, you can use the following command:
sudo grep unattended-upgrades /var/log/syslog
This command will search the syslog file for entries containing the “unattended-upgrades” keyword and display them on the screen. You can also use the following command to display the last 50 entries in the syslog file:
sudo tail -n 50 /var/log/syslog | grep unattended-upgrades
This command will display the last 50 entries in the syslog file that contain the “unattended-upgrades” keyword.
In addition to the above commands, you can use various grep options to filter the logs based on specific criteria. For example, to filter the logs by date and time, you can use the following command:
sudo grep "unattended-upgrades.*YYYY-MM-DD" /var/log/syslog
Replace “YYYY-MM-DD” with the desired date in the format of year-month-day. This command will display all log entries that contain the “unattended-upgrades” keyword and match the specified date.
You can also use the following command to filter the logs by package name:
sudo grep "unattended-upgrades.*<package_name>" /var/log/syslog
Replace “<package_name>” with the package name you want to search for. This command will display all log entries that contain the “unattended-upgrades” keyword and match the specified package name.
With the above commands, you can easily check and filter the Unattended-Upgrades logs on your Ubuntu system and troubleshoot any issues that may arise during the upgrade process.
Conclusion
In conclusion, setting up and configuring Unattended-Upgrades on your Ubuntu system can greatly improve your system’s security and stability. With the ability to automatically install security updates and patches, you can ensure that your system is always up-to-date with the latest security fixes, without manually checking for updates and installing them.
Following the steps outlined in this guide, you can easily install and configure Unattended-Upgrades on your Ubuntu system and schedule automatic upgrades using a cron job. Additionally, by checking the Unattended-Upgrades logs, you can monitor upgrade activity and troubleshoot any issues that may arise. Overall, with Unattended-Upgrades, you can have peace of mind knowing that your system is secure and up-to-date.
FAQ on Unattended Upgrades with Ubuntu
Q: What are the benefits of using Unattended-Upgrades on Ubuntu?
A: Unattended-Upgrades allows for the automatic installation of security updates and patches, ensuring that your system is always up-to-date with the latest security fixes. This can greatly improve the security and stability of your Ubuntu system.
Q: How often should I schedule automatic upgrades with Unattended-Upgrades?
A: It is recommended to schedule automatic upgrades with Unattended-Upgrades at least once a week. However, the frequency can be adjusted based on your needs and preferences.
Q: How can I check if Unattended-Upgrades is properly configured on my Ubuntu system?
A: You can check if Unattended-Upgrades is properly configured on your Ubuntu system by running the command “systemctl status unattended-upgrades”. This will display the current status of the Unattended-Upgrades service.
Q: Is it possible to disable automatic upgrades with Unattended-Upgrades on Ubuntu?
A: Yes, it is possible to disable automatic upgrades with Unattended-Upgrades on Ubuntu. This can be done by editing the configuration file at /etc/apt/apt.conf.d/50unattended-upgrades and changing the value of “Unattended-Upgrade::Allowed-Origins” to an empty string.
Q: How do I troubleshoot issues with Unattended-Upgrades not installing upgrades properly?
A: You can troubleshoot issues with Unattended-Upgrades not installing upgrades properly by checking the logs at /var/log/syslog and looking for error messages. You can also try manually running the upgrade command “sudo apt upgrade” to see if any errors are displayed.
Q: Can I exclude specific packages from being upgraded automatically with Unattended-Upgrades?
A: Yes, you can exclude specific packages from being upgraded automatically with Unattended-Upgrades by editing the configuration file at /etc/apt/apt.conf.d/50unattended-upgrades and adding the package names to the “Unattended-Upgrade::Package-Blacklist” option.
Q: Is it recommended to enable automatic reboots with Unattended-Upgrades on Ubuntu?
A: Enabling automatic reboots with Unattended-Upgrades on Ubuntu is not recommended, as it can cause unexpected downtime and potential data loss. It is recommended to schedule reboots at a convenient time manually.
Q: How can I customize my email notifications from Unattended-Upgrades on Ubuntu?
A: You can customize your email notifications from Unattended-Upgrades on Ubuntu by editing the configuration file at /etc/apt/apt.conf.d/50unattended-upgrades and modifying the “Unattended-Upgrade::Mail” and “Unattended-Upgrade::MailReport” options.
Q: Are there any security risks associated with using Unattended-Upgrades on Ubuntu?
A: While Unattended-Upgrades can improve the security of your Ubuntu system by automatically installing security updates, there is a potential risk of package conflicts or broken dependencies. It is important to monitor the logs and manually check for any issues.
Q: Can I set different upgrade policies for packages with Unattended-Upgrades on Ubuntu?
A: Yes, you can set different upgrade policies for different packages with Unattended-Upgrades on Ubuntu by editing the configuration file at /etc/apt/apt.conf.d/50unattended-upgrades and adding the package names to the “Unattended-Upgrade::Allowed-Origins” option with different policies.