There is a good probability you and your colleagues aren’t logging in every month to install the latest security patches and bug fixes on you Linux machines. There is a good change some machines haven’t been touched for months on end.

Therefore, this instructions is ideal to let the machine patch itself without having to look at it and be sure you aren’t running 6 six years behind when the machine stops working.

Make sure the unattended-upgrades packages are installed. (Probably already are)

apt install unattended-upgrades

Check the status of the unattended-upgrades, these should be running.

systemctl status unattended-upgrades

Edit the file 50unatteded-upgrades

nano /etc/apt/apt.conf.d/50unattended-upgrades

Uncomment which patches you want to install in the top section of the file.

Unattended-Upgrade::Origins-Pattern {
    // ...
};

Set below settings as you prefer them, they speak for themself.

Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";

Go to the file 20auto-upgrades, in this file you can set the times when automatic patching should be run.

nano /etc/apt/apt.conf.d/20auto-upgrades

if the file doesn’t exist use the following command to create it.

dpkg-reconfigure -plow unattended-upgrades

Change the interval of the Unattended-Upgrade when you want to install the latest patches.

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "30";

If you liked this post, learned some new things or this article helped you out please think about giving a one time donation at the Donation Page to keep the site online!