Security vulnerabilities are patched regularly in Ubuntu’s package repositories. unattended-upgrades automatically downloads and installs security updates — and optionally all updates — so your server stays protected without manual intervention. This guide configures it on Ubuntu 26.04 LTS.
Tested and valid on:
- Ubuntu 26.04 LTS
Prerequisites
- Ubuntu 26.04 LTS server
- A user with sudo privileges
- An email address for notifications (optional)
Step 1 – Install unattended-upgrades
The package is usually pre-installed. Install or confirm:
sudo apt install unattended-upgrades apt-listchanges -yStep 2 – Enable Automatic Updates
Run the interactive configuration wizard:
sudo dpkg-reconfigure --priority=low unattended-upgradesSelect Yes to enable automatic updates.
Step 3 – Review the Main Configuration
Open the unattended-upgrades config file:
sudo nano /etc/apt/apt.conf.d/50unattended-upgradesConfirm the Unattended-Upgrade::Allowed-Origins block includes security updates:
"${distro_id}:${distro_codename}-security";Step 4 – Enable All Updates (optional)
To also apply regular package updates (not just security), uncomment:
"${distro_id}:${distro_codename}";Step 5 – Configure Email Notifications
Set up email reports (requires a working mail setup):
Unattended-Upgrade::Mail "[email protected]";
Unattended-Upgrade::MailReport "on-change";Step 6 – Enable Automatic Reboot (optional)
Allow automatic reboots after kernel updates (schedule at a quiet time):
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "03:00";Step 7 – Test the Configuration
Perform a dry-run to confirm the setup is correct:
sudo unattended-upgrades --dry-run --debug 2>&1 | head -40Step 8 – Check Logs
View the upgrade history:
cat /var/log/unattended-upgrades/unattended-upgrades.logConclusion
Unattended upgrades are now configured on your Ubuntu 26.04 LTS server. Security patches will be applied automatically, significantly reducing your exposure window to known vulnerabilities.
