System administrators should continuously check and apply security updates. If these updates are neglected, servers end up vulnerable, which could lead to attacks and theft data.
We know that this is a task that can be ignored, especially when other problems are constantly arising. So below we will see how you can enable automatic security updates on servers running Ubuntu.
Connect to your server and install the unattended upgrade package with the command:
sudo apt-get install unattended-upgrades -y
Then install the common-notifier-update package for automatic restarts with the command:
sudo apt-get install update-notifier-common -y
Then edit the 50unattended-upgrades file with the command:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
By default, security updates are enabled, so you do not have to deal with this section. However, you may want to enable automatic restarts.
Scroll down to this section and you can set whether the automatic restarts will take place immediately or at a specific time.
To enable automatic restarts, remove the // characters from the line Unattended-Upgrade::Automatic-Reboot “false” and change false to true.
Then you can do the same in the line "Unattended-Upgrade :: Automatic-Reboot-Time" 02:00 "? and set the time you want the automatic restart to take place (so that it does not happen during a period when the server is used too much).
If you do not want to enable auto-restarts, you should at least enable auto-updates. If you now want to see if a reboot is pending on your server, give the command:
cat / var / run / reboot-required
Restart your machine, you are ready.