Updating the software packages is an essential part of any operating system. It’s hard to keep track of all the security on your systems. The easiest way is to keep your Ubuntu system secure by updating software packages regularly.
In this tutorial, we will discuss two methods, manual and automatic to keep packages up to date. The Ubuntu system provides unattended-upgrades option to install security updates on your systems. You can also configure your system to install security updates automatically.
Installing Security Updates Manually
Login to your Ubuntu or Debian system with Sudo privileged account. Open a terminal on your system and execute the following command to update the apt cache.
sudo apt update
Next, find all the packages upgrades available for your system.
sudo apt list --upgradable

See the above list of packages, which is going to upgrade.
Now, execute the following command to install updates all packages.
sudo apt upgrade

When prompted for the confirmation, Press ‘y’ and hit enter to complete the installation process.
The non-production users can also run the dist-upgrade
command to upgrade those packages, which are not upgraded with the above commands. We are not recommending this in the production environment as the server may face issues for version-specific applications.
sudo apt dist-upgrade
Before applying on production, make an ideal environment (Eg: copy of instance) of production and test it first.
Install Security Updates Automatically
The unattended-upgrades
package helps to keep the computer current with the latest security (and other) updates automatically.
Default unattended-upgrades package should be installed on your system. But in case it’s not installed use the following command to install.
sudo apt install unattended-upgrades apt-listchanges
You can simply execute the following command to install security updates on your system. The below command will run silently on your system and apply security updates.
sudo dpkg-reconfigure unattended-upgrades

Select “Yes” and hit enter to complete the configuration.
The above command will create /etc/apt/apt.conf.d/20auto-upgrades
configuration file with required settings.
Additionally, You can also run the unattended-upgrades command manually to perform packages upgrades.
sudo unattended-upgrades -d
The -d
command line options show verbose logs of the update process.
For the review purpose, the unattended upgrade log files can be find under /var/log/unattended-upgrades/
directory. It is good to review this file with the periodic system maintenance.
Remove Unnecessary Packages
Ubuntu keep track of all the packages, which is no longer removed. These are the packages which was installed as decencies of other packages and that package is removed from system.
Apt package manager provides you option to remove that packages from system.
sudo apt autoremove
Conclusion
In this tutorial, you have learned two methods of upgrading security updates on Ubuntu and Debian systems.
3 Comments
The update will be automatically restart the server or not?
No, it will not restart server
For automatic restart of the server after an upgrade, you can do the below settings.
go to in this file: /etc/apt/apt.conf.d/50unattended-upgrades
Here you will see these commented lines.
***********************
// Automatically reboot even if there are users currently logged in
// when Unattended-Upgrade::Automatic-Reboot is set to true
//Unattended-Upgrade::Automatic-Reboot-WithUsers “true”;
// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
// Default: “now”
//Unattended-Upgrade::Automatic-Reboot-Time “02:00”;
**********************
You can enable the below line, your server will be rebooted after upgrades when needed.
Unattended-Upgrade::Automatic-Reboot-WithUsers “true”;
or if you want to reboot the server at a specific time, then enable the below line and set the time:
Unattended-Upgrade::Automatic-Reboot-Time “02:00”;