How to Set Up Automatic Updates on Debian

How to Set Up Automatic Updates on Debian

This guide shows you how to automatically set up updates on the Debian system using the unattended-upgrades service.

One central part of keeping Linux servers secure is installing security updates on time. This is one of the critical tasks for Linux admins to make the system up-to-date. In addition, it keeps your system more stable and secure.

Related: How to Use APT with Proxy on Ubuntu and Debian

Therefore, as a system administrator, regularly updating the servers and applying security patches is one of the essential tasks to keep them stable and secure. However, if an administrator forgets it or takes this task for granted, it can lead to severe security threats.

This simple tutorial will show you to configure your Debian system to receive automatic security updates. Of course, there are many ways to automate this. However, we are going with an official method.

Install unattended-upgrades Package on Debian

Firstly, if the unattended-upgrades package is not already installed on your system, you can install it using the below commands in the console:

sudo apt update
sudo apt install unattended-upgrades
Install unattended-upgrades package on Debian

Configure Automatic Updates on Debian

The configuration file for unattended-upgrades is located at /etc/apt/apt.conf.d/ directory. Its name is 50unattended-upgrades. You can edit it using any text editor.

By default only the minimal required options were enabled for security updates. Uncomment the following lines in the file by removing // from the start of the lines:

sudo vim /etc/apt/apt.conf.d/50unattended-upgrades
"origin=Debian,codename=${distro_codename}-updates";
"origin=Debian,codename=${distro_codename}-proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
Configure automatic updates on Debian

Once done, save and exit the file.

Enable Email Notification

If you like to receive email notifications from your Debian system after every automatic security update, modify the following line (uncomment it and add your email id).

Before:

//Unattended-Upgrade::Mail "";

After:

Enable automatic updates e-mail notification

Of course, replace the email address with the current one you want to receive the notifications.

Auto Remove Unused Dependencies

Moreover, you may need to run sudo apt autoremove command after every update to remove unused dependencies from the system. Now you can automate this task by making the changes in the following line (uncomment it and change  from false to true).

Before:

//Unattended-Upgrade::Remove-Unused-Dependencies "false";

After:

Auto remove unused dependencies

Enable Automatic Updates on Debian

To enable unattended-upgrades, you will need to configure /etc/apt/apt.conf.d/20auto-upgrades file. Issue the below command in the console to do so:

sudo dpkg-reconfigure --priority=low unattended-upgrades

The following window will appear after running the above command, automatically asking whether you want to download and install stable updates automatically. Use the tab key to select the Yes option and press Enter.

Enable unattended-upgrades

The /etc/apt/apt.conf.d/20auto-upgrades file will be updated with the following content:

Enable automatic updates on Debian

To view whether the unattended-upgrades service is enabled and running, you can issue the command shown below:

sudo systemctl status unattended-upgrades.service
Check automatic updates service status

As you can see from the output, the unattended-upgrades service is enabled to install updates automatically.

If the service is not allowed and started, you can do so by typing:

sudo systemctl enable unattended-upgrades
sudo systemctl start unattended-upgrades

When the system performs the unattended upgrade, it logs this activity in the files under /var/log/unattended-upgrades/ directory.

Disable Automatic Updates on Debian

To disable the unattended upgrades, issue the command shown below:

sudo dpkg-reconfigure --priority=low unattended-upgrades

The following window will appear, asking whether you want to download and install stable updates automatically. Use the tab key to select the No option and press Enter.

Disable automatic updates on Debian
Disable automatic updates on Debian

Conclusion

By enabling the automatic updates on Debian servers, you’ve taken an important step to protect your server from vulnerabilities.

Manually updating the system and applying patches can be a very time-consuming process. So the unattended-upgrades save a lot of time.

The unattended-upgrades utility keeps your system current and secure by automatically installing the latest updates and security patches whenever they are available.

Bobby Borisov
Bobby Borisov

Bobby is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, Bobby has worked as a Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Leave a Reply

Your email address will not be published. Required fields are marked *