When you installing new Ubuntu Server OS, always enable - “Install security updates automatically”. But, if you don’t know what is made by your system administrator you can make on your own.
To configure manually for install software updates and security patches automatically, first we need to install unattended-upgradespackage. To do so, run:
sudo apt install unattended-upgrades
and make the changes that fits to your needs.
// Automatically upgrade packages from these (origin:archive) pairs
As you see in the above configuration, you should configured packages from security APT source to upgrade automatically. You can uncomment the other lines if you want to configure automatic updates from other APT sources such as updates, proposed, and backports, just uncomment the respective lines. Save and exit the file.
You can also blacklist some packages from being automatically updated by adding them in the blacklist like below. Anything that comes under this list will not be updated automatically.
// List of packages to not update (regexp are supported)
As per the above configuration, the packages called vim, libc6, libc6-dev, libc6-i686 will not be automatically updated. We have configured automatic updates.
Next, we need enable automatic updates. In: edit /etc/apt/apt.conf.d/10periodic file:
sudo nano /etc/apt/apt.conf.d/10periodic
Make the changes accordingly.
As per the above configuration, the software sources will be updated, the list of available updates will automatically be downloaded and installed every day. And then, the local cache folder will be cleared every week.