Ubuntu automated security updates

Step 1: package installation

Install the unattended-upgrades package:

sudo apt install unattended-upgrades

Step 2: configure automatic updates

Edit the configuration file with your favourite text editor:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

There will be alot of other information, but the lines you want to uncomment are:

"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";

That tells Ubuntu to automatically perform security updates. Your file will look similar to this after making the changes,

Unattended-Upgrade::Allowed-Origins {
  "${distro_id}:${distro_codename}";
	"${distro_id}:${distro_codename}-security";
	// Extended Security Maintenance; doesn't necessarily exist for
	// every release and this system may not have it installed, but if
	// available, the policy for updates is such that unattended-upgrades
	// should also install from here by default.
	"${distro_id}ESM:${distro_codename}";
//	"${distro_id}:${distro_codename}-updates";
//	"${distro_id}:${distro_codename}-proposed";
//	"${distro_id}:${distro_codename}-backports";
};

Step3 - Enabling Unattended Automatic Updates

To enable automatic updated, you need to ensure that the apt configuration file /etc/apt/apt.conf.d/20auto-upgrades contains at least the following two lines. It's usually included by default.

The above configuration updates the package list, and installs available updates every day.

For bonus points and a cleaner machine, add this to to anove file to clean your download cache every 7 days.

Bonus step - You can test whether it works by doing a dry run.

Your output will look similar to this.