Fortunately, Linux systems allow you to automatically install updates and security patches using the unattended-upgrades utility. An unattended-upgrade utility that comes installed with most of the operating systems installs the system updates and security patches automatically whenever they are available.
This article is about how to manage unattended-upgrades for automatically installing the updates and security patches. You will learn how to enable and disable the unattended-upgrades in the Debian 10 system.
Install unattended-upgrades
If unattended-upgrades is not already installed on your system, you can install using the below commands in Terminal:
$ sudo apt install unattended-upgrades
Configure unattended –upgrades
The configuration file for unattended-upgrades is located at /etc/apt/apt.conf.d. You can edit it using any text editor.
Uncomment the following lines in the file by removing // from the start of the lines:
"origin=Debian,codename=${distro_codename}-proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
Once done, save and exit the file.
Enable unattended-upgrades
To enable unattended-upgrades, you will need to configure /etc/apt/apt.conf.d/20auto-upgrades file. Issue the below command in Terminal to do so:
After running the above command, the following window will appear, asking whether you want to automatically download and install stable updates. Use the tab key to select the Yes option and press Enter.
The /etc/apt/apt.conf.d/20auto-upgrades file will be updated with the following content:
APT::Periodic::Unattended-Upgrade "1";
An alternative method to enable the unattended-upgrades is by using the manual method. Edit the /etc/apt/apt.conf.d/20auto-upgrades file:
Then add the following lines in the file:
In the above lines, the
- “Update-Package-Lists” allows us to automatically update the cached list of available packages. “1” means enable and perform update every 1 day
- “Unattended-Upgrade” allows to automatically upgrade (install the updates). “1” means enable and perform unattended-upgrade every 1 day.
To view whether the Unattended-Upgrade service is enabled and running, you can issue the below command in Terminal:
After performing the above steps, unattended-upgrades will be enabled on your system, and updates will be installed automatically on their scheduled time.
When the system performs the unattended-upgrade, it logs this activity in the files under /var/log/unattended-upgrades/ directory. To view these log files, issue the below command in Terminal:$ ls /var/log/unattended-upgrades/It will list the number of log files with the older log files in the compressed file with .gz extension.
You can view these logs file using the cat command in Terminal like this:
To view log files with .gz extension, use zcat command:
Disable unattended-upgrades
To disable the unattended-upgrades, issue the below command in Terminal:
The following window will appear, asking whether you want to automatically download and install stable updates. Use the tab key to select the No option and press Enter.
The /etc/apt/apt.conf.d/20auto-upgrades file will be updated with the following content:
You can see that the “Update-Package-Lists” and “Unattended-Upgrade” values have changed to “0,” which indicates unattended upgrades are disabled. Now the system will not check for and install the updates automatically on your system.
If you want to check for the updates but do not want to install them, you can configure them as follows:
In this article, you have learned how to install, configure, and manage the unattended-upgrades in Debian 10 Buster system. The unattended-upgrades utility keeps your system current and secure by automatically installing the latest updates and security patches whenever they are available.