As a busy administrator, sometimes it’s not easy keeping up with everything. No matter how hard you try, things get missed–especially when you’re dealing with a data center full of servers. One of the last things you want to overlook is an upgrade to your server platform–be it the operating system or the software. When these updates are forgotten, that server could wind up vulnerable.

How do you avoid that?

If your server platform is Ubuntu, there are options–one of which is to enable unattended updates. Believe it or not, this isn’t remotely challenging, you just have to know what software to install and how to configure. I’m going to walk you through the process of setting up unattended updates on Ubuntu Server 16.04.

What you need

There’s a single package to be installed. Depending on what you did during OS installation, this package might already be found on the system. To either install the package, or find out if it’s already there, issue the command:

sudo apt install unattended-upgrades

If you see that it’s already listed as the newest package, you enabled it during installation. Otherwise, the package will install and you’re ready to configure.

Configure the service

Before we configure the service, let’s do a dry run and see how the software works. Issue the command:

sudo unattended-upgrades --dry-run --debug

The above command will output information pertinent to the running of the unattended-upgrades command (Figure A).

Figure A

Now let’s make some configuration changes. The configuration of unattended-upgrades is found in the file /etc/apt/apt.conf.d/50unattended-upgrades.Open that file with the command sudo nano /etc/apt/apt.conf.d/50unattended-upgrades. Chances are, you’ll find the following line:

// "${distro_id}:${distro_codename}-updates";

Uncomment that line by remove the leading // characters. Save and close the file. When we once again issue the command sudo unattended-upgrades –dry-run –debug, quite a bit more output will be found because we’ve enabled the updates option.

What about security updates?

For my Ubuntu Server, I’d already enabled automatic security updates during the server OS installation. Chances are, you did as well. The corresponding configuration line for security updates is:


If the above line doesn’t begin with //, you enabled security updates during installation. If the line does begin with //, make sure to remove them before saving the file. In my example, I’ve added regular updates, so that anything installed on the server will be automatically updated. Considering that could lead to problems, you want to choose this option carefully, as this will automatically update everything without your interaction. But considering the alternative–leaving your server vulnerable to software bugs–I believe the trade off is worth it.

Don’t forget your backup

Just remember, if you opt to enable automatic upgrades, have a solid backup solution at the ready. You never know when an upgrade could go sideways. To that end, have both a data backup and a bare metal backup in place. Always.