How to Configure Unattended Upgrades on Ubuntu 24.04

unattended-upgrades automatically downloads and installs security updates so your Ubuntu 24.04 LTS server stays protected without manual intervention.

Tested and valid on:

• Ubuntu 24.04 LTS

Prerequisites

• Ubuntu 24.04 LTS server
• A user with sudo privileges
• An email address for notifications (optional)

Step 1 – Install unattended-upgrades

Install or confirm the package is present:

sudo apt install unattended-upgrades apt-listchanges -y

Step 2 – Enable Automatic Updates

Run the interactive configuration wizard:

sudo dpkg-reconfigure --priority=low unattended-upgrades

Select Yes to enable.

Step 3 – Review the Main Configuration

Open the config file:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Confirm the security allowed-origin is enabled:

"${distro_id}:${distro_codename}-security";

Step 4 – Enable All Updates (optional)

Uncomment to also apply regular updates:

"${distro_id}:${distro_codename}";

Step 5 – Configure Email Notifications

Set up email reports:

Unattended-Upgrade::Mail "admin@example.com";
Unattended-Upgrade::MailReport "on-change";

Step 6 – Enable Automatic Reboot (optional)

Allow reboots after kernel updates:

Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "03:00";

Step 7 – Test the Configuration

Perform a dry-run:

sudo unattended-upgrades --dry-run --debug 2>&1 | head -40

Step 8 – Check Logs

View the upgrade history:

cat /var/log/unattended-upgrades/unattended-upgrades.log

Conclusion

Unattended upgrades are now configured on your Ubuntu 24.04 LTS server. Security patches will be applied automatically, significantly reducing your exposure window.