Security risks are discovered each and every day. How can you know that your VPS is protected against the latest threats?

One of the best methods of keeping your server safe is to implement automatic updates within Ubuntu.

At first glance, this could seem like a difficult task. If you have several virtual private servers under your supervision, the task can seem unmanageable.

As a result, we’ve created an easy to use guide for setting up unattended-upgrades and automatic updates on your Ubuntu VPS.

Getting Familiar with Unattended-Upgrades on Ubuntu

The unattended-upgrades package can be used to automatically install package updates. Administrators can choose between updating all packages on a system or they can elect to install security updates only.

To get started, install the package by entering the following in a terminal:

> sudo apt-get install unattended-upgrades

Once the installation is complete, you must enable it. Select Yes in the interactive menu then type:

> sudo dpkg-reconfigure -plow unattended-upgrades

To configure unattended-upgrades, edit /etc/apt/apt.conf.d/50unattended-upgrades and adjust the following to fit your needs:

/etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
//”${distro_id} stable”;
“${distro_id} ${distro_codename}-security”;
//”${distro_id} ${distro_codename}-updates”;
};

In the above example, we are only installing the security updates.

The “//” infront of the “${distro_id} denotes that the line is commented out. When you remove the “//” the process becomes active.

What About Blacklisting Specific Update Packages?

Certain packages can be blacklisted which prevents the automatic update process

from occurring. To blacklist a package, add it to the list:

Unattended-Upgrade::Package-Blacklist {
//  “vim”;
//  “libc6”;
//  “libc6-dev”;
//  “libc6-i686”;
};

You may need to remove the “//” from the line so that system doesn’t see the line as a comment as noted above.

Configuring Automatic Updates on your Ubuntu VPS

To enable automatic updates, you will need to edit /etc/apt/apt.conf.d/10periodic and set the appropriate apt configuration options.

The configuration below will allow your system to update the package list, downloads, and each of the installs available on your system.

The following commands will check for updates every day while cleaning out the local download archive each week.

APT::Periodic::Update-Package-Lists “1”;
APT::Periodic::Download-Upgradeable-Packages “1”;
APT::Periodic::AutocleanInterval “7”;
APT::Periodic::Unattended-Upgrade “1”;

The results of unattended-upgrades will be logged to /var/log/unattended-upgrades.

Getting VPS Update Notifications via Email

When you setup Ubuntu to automatically update, it’s a good practice to have the system dispatch an email when an update is performed.

Assuming you have PostFix or another MTA installed, you’d do the following:

Go to Unattended-Upgrade::Mail in /etc/apt/apt.conf.d/50unattended-upgrades and add the following line at the end of the file:

Unattended-Upgrade::Mail “whatever@yourdomain.com”;

Did this tutorial help you out? Please let us know in the comments sections below.

(Tutorial written by a valued contributor)