Security updates are designed to keep our systems secure by patching up any vulnerabilities or weak spots that can be exploited by hackers or malware. By automatically installing these updates, we can ensure that our digital devices are always up-to-date with the latest security patches, providing us with top-level protection against cyber threats.
This article will teach you how to install the latest security updates automatically by enabling unattended upgrades for ubuntu 22.04 lts. Setting up email notifications will also be covered. For some reason, the email notifications function does not work in ubuntu 18.04. You may test it on other Linux systems such as Ubuntu 20.04 by yourself.
Step 1: Update the package list and install the required packages
sudo apt update
sudo apt install unattended-upgrades apt-listchanges s-nail ssmtp -y
Step 2: Enable unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgradesStep 3 (Optional): Modify the periodic configuration — Configure unattended upgrades to perform “apt-get autoclean” every 7 days in order to free up space. 0 = disable.
sudo nano /etc/apt/apt.conf.d/10periodicAPT::Periodic::AutocleanInterval "7";Step 4: Modify the unattended-upgrades configuration. Replace your_name with your name, your_email with your email, email_recipient with the email recipient and reboot_time with a specific time you want your server to reboot.
sudo nano /etc/apt/apt.conf.d/50unattended-upgradesUnattended-Upgrade::Sender "your_name ";
Unattended-Upgrade::Mail "email_recipient";
Unattended-Upgrade::MailReport "on-change";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "reboot_time";
In my case, it is
Unattended-Upgrade::Sender "Silicon <[email protected]>";
Unattended-Upgrade::Mail "[email protected]";
Unattended-Upgrade::MailReport "on-change";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "04:00";
If you want to receive an email notification every time unattended upgrades is triggered, change
Unattended-Upgrade::MailReport "on-change";to
Unattended-Upgrade::MailReport "always";Step 5: Change SSMTP configuration
sudo nano /etc/ssmtp/ssmtp.confAdd these lines at the end. Replace root with your_name, your_emailwith your email, your_passwordwith your password (Google App password if you are using Gmail). Have a look of my article about how to generate an app password for Gmail if you don’t have an app password for your Gmail.
root=your_name
mailhub=smtp.gmail.com:465
rewriteDomain=gmail.com
AuthUser=your_email
AuthPass=your_password
FromLineOverride=YES
UseTLS=YES
In my case, it is
root=Silicon
mailhub=smtp.gmail.com:465
rewriteDomain=gmail.com
[email protected]
AuthPass=XXXXXXXX
FromLineOverride=YES
UseTLS=YES
Press Ctrl + X to save the file Step 5: Create a configuration file for Mailx with root privileges.
sudo su
cd ~
nano .mailrc
Replace your_email with your email, your_password with your email password and your_email_domain with your email domain.
#--------------------------------------------#
# Setting mailx version v14.9.15 for gmail #
#--------------------------------------------#
# Testing syntax:
# echo "Testing, Testing, Testing" | s-nail -s "My test..." [email protected]
# Use v15.0 compatibility mode
set v15-compat
# See the whole process, especially for troubleshooting:
set verbose
# Essential setting: select allowed character sets
set sendcharsets=utf-8,iso-8859-1
# and reply in the same charset used by sender:
set reply-in-same-charset
# Default directory where we act in (relative to $HOME)
set folder=mail
# My actual address obfuscated here:
set from="your_email"
# Request strict TLL transport layer security checks
set tls-verify=strict
set tls-ca-file=/etc/ssl/certs/ca-certificates.crt
set tls-ca-no-defaults
set smtp-use-starttls
set smtp-auth=login
# When sending messages, wait until the Mail-Transfer-Agent finishes.
# Only like this you will be able to see errors reported through the
# exit status of the MTA (including the built-in SMTP one)!
set sendwait
# And of course put your own gmail username and
# App Password here in the obvious places:
set mta=smtps://your_email:your_password@your_email_domain
#--------------------------------------------#
In my case, it is
set v15-compat
set verbose
set sendcharsets=utf-8,iso-8859-1
set reply-in-same-charset
set folder=mail
set from="[email protected]"
set tls-verify=strict
set tls-ca-file=/etc/ssl/certs/ca-certificates.crt
set tls-ca-no-defaults
set smtp-use-starttls
set smtp-auth=login
set sendwait
set mta=smtps://[email protected]:[email protected]:465
Press Ctrl + X to save the file. Step 6: Change .mailrc to read-only by root and exit
chmod 400 .mailrc
exit
Step 7: Since Mailx is renamed to S-nail. We must create a link from S-nail to Mailx to function properly.
sudo ln -s /usr/bin/s-nail /usr/bin/mailxStep 8: Try to send out an email with Mailx. Replace your_email with your email.
echo "Hello" | mailx -v -n -s Test "your_email"In my case, it is
echo "Hello" | mailx -v -n -s Test "[email protected]"You should receive an email entitled “Test”.
Step 9: Execute an unattended upgrade to install security updates on Ubuntu. The update process may take a few hours depending on your network speed.
sudo unattended-upgrade -v -dIf you have received an email notification after an update, congratulation, everything works correctly, and your system will patch security update automatically!