How to make Ubuntu automatically install security patches

Joaquín García

2 minutes

ssh

In recent months several programs and several internal projects related to Ubuntu are trying to solve the problem of security updates.

Generally, Ubuntu every few days or every few weeks releases security updates and improving the operating system. This is useful, but for home users it is a bit annoying. Annoying because there is usually nothing against installing these security patches.

In Ubuntu there is currently an application that will install all the updates that Ubuntu receives, without having to do anything about it. This package it's called unattended-upgrades, a package that updates the system for us but also allows us to indicate what type of packages we do not want to be updated.

Automatic Ubuntu Security Patch Installations Important for Home Users

This is interesting because system administrators can make use of this package without problems, since the important packages will not be updated automatically if we want it.

To install this, we first have to open a terminal and type:

sudo apt install unattended-upgrades

Then we have to open a file to configure it. For that, we have to write the following in the terminal:

sudo vi /etc/apt/apt.conf.d/50unattended-upgrades

And we try to have these lines in the document as they are:

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
<strong>"${distro_id}:${distro_codename}";</strong>
<strong> "${distro_id}:${distro_codename}-security";</strong>
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

There a list of libraries and files that will not be updated. This list can be expanded but if we want the packages in this list to be updated, we have to open the following file:

sudo nano /etc/apt/apt.conf.d/10periodic

And make the following changes:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";

With this the libraries in the list will be updated with the rest of the system. Of course, if we are system administrators, this package is dangerous because an update can screw up the entire server configuration. Keep it in mind.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.