Methods of payment Abuse
English

How to Set Up Automatic Package Updates on an Ubuntu Server

30.05.2025, 18:29
Content:

Your server is up, your website loads, everything works. But after a couple of months—problems start creeping in: vulnerabilities pop up, errors appear, some things stop working. Why? The answer is simple: you forgot to install updates.

Ubuntu servers, especially those with SSH access, are constantly being scanned and attacked by bots looking for vulnerabilities. If you skip updates, you’re risking data leaks, downtime, or even hidden crypto miners silently hijacking your resources.

Regular updates patch security flaws, fix bugs, and improve system stability. This is especially important on VPS plans with limited resources, where a small issue can quickly escalate into a major outage.

To avoid unnecessary risk, it's best to enable automatic updates right after setting up your server. Doing everything manually is slow and unreliable—especially if you're away or simply forget. That’s where unattended-upgrades comes in.

What Is unattended-upgrades?

It’s a built-in Ubuntu tool that automatically checks for, downloads, and installs critical security updates. Super useful when you're the only one managing the server—it saves you from constantly logging in just to check for new patches.

The best part? It only installs stable, tested updates—no risky or experimental packages. That’s a great baseline for securing any server.

Step 1: Connect to Your Server

When you first launch your Ubuntu VPS, you usually get a welcome email with login details. It typically includes:

→ IP address (e.g., 123.45.67.89)
→ Username (usually root)
→ Password

To log in, use:

ssh root@123.45.67.89

Replace the IP with your actual server address. Paste your password blindly—it won’t be shown in the terminal (that’s normal).

Step 2: Install and Configure Auto-Updates

Install the package (just in case it’s not already there):

apt update && apt install unattended-upgrades -y

If it’s already installed, nothing will break.

Enable it using:

dpkg-reconfigure --priority=low unattended-upgrades

On the blue screen, choose “Yes” to allow automatic security updates.

Important: If you skip this step, the package will install—but won’t actually do anything.

What Will Be Updated?

Open the config file:

nano /etc/apt/apt.conf.d/50unattended-upgrades

Look for this block:

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
    // "${distro_id}:${distro_codename}-updates";
    // "${distro_id}:${distro_codename}-proposed";
    // "${distro_id}:${distro_codename}-backports";
};

What these mean:
→ -security: Required. Patches known vulnerabilities.
→ -updates: Optional. Enables general package updates.
→ -proposed, -backports: Best to leave commented out—they may be unstable.

To enable standard updates, just remove the // from the -updates line.

Test and Debug

You can test if everything’s working with:

unattended-upgrades --dry-run --debug

If it lists packages, that means updates are detected. If not, you might already be up to date.

Should You Enable Automatic Reboots?

By default—no. But you can turn it on for critical updates (like kernel patches):

Unattended-Upgrade::Automatic-Reboot "false";

Change to "true" to enable.

Be careful: if your server hosts a site or database, automatic reboots could interrupt services. In such cases, manual restarts are safer.

Set an Update Schedule

Edit this file:

nano /etc/apt/apt.conf.d/20auto-upgrades

Example:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

→ "1" = every day.
→ "7" = once a week.

Email Notifications About Updates

Back in 50unattended-upgrades, find this line:

//Unattended-Upgrade::Mail "root";

Change it to your email:

Unattended-Upgrade::Mail "you@example.com";

Note: to actually send mail, you’ll need a mail client like msmtp configured on the server.

Set Up msmtp for Sending Emails

Install it:

apt update && apt install msmtp msmtp-mta bsd-mailx -y

Edit config:

nano /etc/msmtprc

Paste:

defaults
auth           on
tls            on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile        /var/log/msmtp.log

account        default
host           smtp.mail.ru
port           587
from           yourlogin@mail.ru
user           yourlogin@mail.ru
password       yourpassword

Then:

chmod 600 /etc/msmtprc
chown root:root /etc/msmtprc

Test it:

echo "Mail check" | mail -s "Test" you@example.com

If the message arrives—congrats, it’s working!

In Summary

Automatic updates are a simple but crucial layer of protection. They help keep your system secure and stable without needing constant attention.

Set it up once—and your Ubuntu server will take care of itself.

Other articles of the section

21.02.2023
How to Transfer a Disk from One Virtual Machine to Another Using Redo Rescue
How to Transfer a Disk from One Virtual Machine to Another Using Redo Rescue
21.02.2023
How to Speed Up Your Website with Caching in Nginx
How to Speed Up Your Website with Caching in Nginx
21.02.2023
How to Clone an App on Android — and Why You Might Want To
How to Clone an App on Android — and Why You Might Want To
21.02.2023
5 Android Note-Taking Apps That Respect Your Privacy
5 Android Note-Taking Apps That Respect Your Privacy