I want to be sure if automatic updates are enabled on Ubuntu 12.04 server.
How exactly can I check this?
And how can I disable automatic updates if it's enabled?
Asked
Active
Viewed 8.8k times
87
6 Answers
78
There is a package that can be used to do this for you.
sudo apt-get install unattended-upgrades
or if unattended-upgrades already installed. Or you can checkout the Ubuntu docs
sudo dpkg-reconfigure -plow unattended-upgrades
That is the package you need to install. Once its installed edit the files
/etc/apt/apt.conf.d/10periodic
/etc/apt/apt.conf.d/20auto-upgrades
In that file you can set how often you want the server to update.
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
The file should look like that. The 1 means it will update every day. 7 is weekly.
/etc/apt/apt.conf.d/50unattended-upgrades
This files will let you chose what updates you want to make by choosing where apt can search for new updates and upgrades. ( My personal opinion on this is I would set it to security if this is a server )
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
};
The variables ${distro_id} and ${distro_codename} are expanded automatically. I would comment out the updates entry and just leave security.
steakunderscore
- 233
LinuxBill
- 2,067
-
5Should this be updated to mention
/etc/apt/apt.conf.d/20auto-upgradesas this is whereAPT::Periodic::Update-Package-Lists "1";andAPT::Periodic::Unattended-Upgrade "1";are kept by default on 13.10? – steakunderscore Mar 04 '14 at 00:24 -
also, on my Ubuntu Server 12.04 LTS the
50unattended-upgradesfile already has only security updates set, so that default seems correctly set there and the file should not need to be edited. – Jeff Atwood May 15 '14 at 20:14 -
In my fresh ubuntu server, there is no
/etc/apt/apt.conf.d/10periodicin there. There isunattended-upgradespackage already installed and/etc/apt/apt.conf.d/50unattended-upgradesis there too. My question is, I manually added/etc/apt/apt.conf.d/10periodicand should I reboot my server so the configuration will take effect? – foresightyj Aug 14 '15 at 08:09 -
8This appears to be a guide on how to install and setup unattended upgrades, not how to assert upgrades are applying. – ThorSummoner Oct 29 '15 at 18:43
-
Thanks, mine was outdated for some reason after upgrading to 17.04. – EODCraft Staff May 24 '17 at 14:51
-
When exactly do these updates get installed? I mean they can get installed once a day, once a week, etc, but at what time of day? Wouldn't just getting the update not be enough if that program was already running? It would just keep using the version it previously had running unless you reboot the program or the computer right? – still_dreaming_1 Jul 09 '21 at 23:49
-
Let's say I changed this this to 0: APT::Periodic::Unattended-Upgrade "0"; How do I manually check what 'unattented-upgrades' are available at the moment? – Nathan B Apr 30 '23 at 04:45
-
1@foresightyj you do not need to add
/etc/apt/apt.conf.d/10periodicif you have/etc/apt/apt.conf.d/20auto-upgradeswhose settings would override the settings made in the former one. The former file may be generated byupdate-notifier-commonpackage, if you have it installed. – jarno Apr 30 '23 at 05:41
29
Check the logs at /var/log/unattended-upgrades/ to verify that your unattended upgrades are being applied.
yanokwa
- 391
-
7While I upvoted your answer, its the closest answer to what I need (currently), can you explain what I would want to look for? What does it look like if its enabled vs disabled! Thanks – FreeSoftwareServers Jun 03 '16 at 00:00
5
(I made another answer, because my changes to LinuxBill's answer were rejected.)
There is a package that can be used to do enable automatic updates for you. It is called unattended-upgrades.
Use the following command to enable/disable automatic updates:
sudo dpkg-reconfigure -plow unattended-upgrades
That command will modify file /etc/apt/apt.conf.d/20auto-upgrades and may also modify /etc/apt/apt.conf.d/10periodic.
Alternatively you can enable automatic updates GUI way by software-properties-gtk in the Updates tab by changing setting in "When there are security updates:". That will modify files /etc/apt/apt.conf.d/10periodic and /etc/apt/apt.conf.d/20auto-upgrades.
Alternatively you can modify the aforementioned file(s) manually. EDIT: You could create a new file with greater number as name prefix (say 21auto-upgrades) to override the settings done in 20auto-upgrades.
In that file you can set how often you want update be called:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
The 1 means it will update every day. 7 is weekly. Variable APT::Periodic::AutocleanInterval determines how often "apt-get autoclean" is executed automatically. 0 means disable for these variables, so that way you can disable automatic updates and removes. EDIT: as now automatic updates and upgrades are called using Systemd timers and services rather than Cron, it is best to set the variables to "always" rather than "1". That way the changes will be get even if partly randomized timing makes the call to be done somewhat sooner than a full day after previous call.
You can check the current settings by apt-config dump APT::Periodic
You can change the way unattended upgrades work by editing file /etc/apt/apt.conf.d/50unattended-upgrades. This file will let you choose what updates you want to make by choosing where apt can search for new updates and upgrades. Actually, it is better to create a new file where you put the modifications; name it as 51unattended-upgrades-local or something else greater than the original file in the directory so that the changes will be effective; that way the original file remains unchanged which helps if upgrading unattended-upgrades implies changes to the file.
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
The variables ${distro_id} and ${distro_codename} are expanded automatically. In above only security updates are done automatically. You can extend automatic updates to any repository and do settings in Unattended-Upgrade::Origins-Pattern section. See another question.
You may want to change
//Unattended-Upgrade::Remove-Unused-Dependencies "false";
to
Unattended-Upgrade::Remove-Unused-Dependencies "true";
That will automatically remove e.g. excessive old kernels so that /boot does not become full. It is equivalent to sudo apt autoremove.
EDIT: Newer versions of unattended-upgrades include more sophisticated settings for removing unused packages so you don't need to enable the previous setting:
// Remove unused automatically installed kernel-related packages
// (kernel images, kernel headers and kernel version locked tools).
//Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
// Do automatic removal of newly unused dependencies after the upgrade
//Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
There is more information in Ubuntu docs and unattended-upgrades github
jarno
- 5,600
-
sudo dpkg-reconfigure -plow unattended-upgradesmade the20auto-upgradesfile – Ray Foss Jan 15 '18 at 22:13
4
In Ubuntu 16.04 and newer, Unattended Upgrades is already included with every stock install of Ubuntu (except Ubuntu Core, of course -- it doesn't use deb packages).
You can test for it several ways:
- Check the timer status. Unattended Upgrades uses the
apt-daily-upgrade.timer. In this example, you can see that Unattended Upgrades ran 39 minutes ago.
me@my-system:~$ systemctl status apt-daily-upgrade.timer
● apt-daily-upgrade.timer - Daily apt upgrade and clean activities
Loaded: loaded (/lib/systemd/system/apt-daily-upgrade.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Sun 2021-12-05 05:41:07 CST; 39min ago
Trigger: Sun 2021-12-05 06:20:41 CST; 1s left
Triggers: ● apt-daily-upgrade.service
Dec 05 05:41:07 my-system systemd[1]: Started Daily apt upgrade and clean activities.
- Check the completion timestamp. Unattended Upgrades timestamps a file after each successful run.
me@my-system:~$ ls -lh /var/lib/apt/periodic/
total 0
-rw-r--r-- 1 root root 0 Dec 2 17:42 download-upgradeable-stamp
-rw-r--r-- 1 root root 0 Dec 5 06:21 unattended-upgrades-stamp <----------
-rw-r--r-- 1 root root 0 Dec 2 17:42 update-stamp
-rw-r--r-- 1 root root 0 Dec 2 17:41 update-success-stamp
-rw-r--r-- 1 root root 0 Dec 5 06:21 upgrade-stamp
- Check the log. Unattended Upgrades are logged. In this example, you can see that U-U ran properly. No upgraded packages happened to be available during this run. This is the most common result -- upgraded packages don't appear every day
me@my-system:~$ tail /var/log/unattended-upgrades/unattended-upgrades.log
2021-12-03 08:30:20,578 INFO Initial whitelist (not strict):
2021-12-03 08:30:25,854 INFO No packages found that can be upgraded unattended and no pending auto-removals
2021-12-05 06:21:11,517 INFO Starting unattended upgrades script
2021-12-05 06:21:11,528 INFO Allowed origins are: o=Ubuntu,a=impish, o=Ubuntu,a=impish-security, o=UbuntuESM,a=impish, o=Ubuntu,a=impish-updates, o=Google LLC,a=stable, o=UbuntuESM,a=impish-security
2021-12-05 06:21:11,529 INFO Initial blacklist:
2021-12-05 06:21:11,530 INFO Initial whitelist (not strict):
2021-12-05 06:21:15,645 INFO No packages found that can be upgraded unattended and no pending auto-removals
user535733
- 62,253
-
Thanks, this one actually answers the question, regarding how to tell if the unattended upgrades are enabled or not. Also works on Ub 20.04 – Mendhak Feb 08 '22 at 11:23
-
APT::Periodic::Unattended-Upgradeshould still be non-zero in order to get upgrades done. I think value"always"is best now that calling unattended-upgrades is handled by Systemd timer, not by Cron. – jarno Apr 30 '23 at 17:37
2
With Ubuntu 20.04 you can use
systemctl status unattended-upgrades.service
to check if the unattended_upgrades service is running.
Reference: https://www.digitalocean.com/community/tutorials/how-to-keep-ubuntu-20-04-servers-updated
Also to check logs of the unattended-updrades service use journalctl command:
# For the current boot logs
journalctl --unit unattended-upgrades.service --boot
For all time logs
journalctl --unit unattended-upgrades.service
For more details see manual pages for the corresponding commands:
man systemctl
man journalctl
rboy
- 135
-
-
Automatic upgrades may still be disabled even if unattended_upgrades service is running. – jarno Apr 30 '23 at 17:24
-2
Automatic Updates are enabled by default. If not, to enable automatic updates, just press Ctrl+Alt+T on your keyboard to open Terminal. When it opens, run the command below.
sudo apt-get install unattended-upgrades
In server, you can also you can edit /etc/apt/apt.conf.d/50unattended-upgrades, and comment out update update you don't want to upgrade automatically. These edit must be done with root privileges.
Chris McCauley
- 173
Mitch
- 107,631
-
2I don't think that's turned ON by default, at least not on a server installation. However, it looks like the package is indeed installed automatically even on servers. – Alexis Wilke Mar 05 '15 at 22:58
-
I concur. And as another commenter notes in https://askubuntu.com/questions/172524/how-can-i-check-if-automatic-updates-are-enabled#comment1608978_732862 , the presence of and contents within
/etc/apt/apt.conf.d/20auto-upgradesis what actually enables auto-updating. Good to know! – Ben Johnson Oct 18 '18 at 00:55
apt-get updatemean different things by "update." I think this ship has sailed. There's a meta post though. – Eliah Kagan Aug 25 '17 at 15:32