Security updates are designed to keep our systems secure by patching up any vulnerabilities or weak spots that can be exploited by hackers or malware. By automatically installing these updates, we can ensure that our digital devices are always up-to-date with the latest security patches, providing us with top-level protection against cyber threats.
This article will teach you how to install the latest security updates automatically by enabling unattended upgrades for ubuntu 22.04 lts. Setting up email notifications will also be covered. For some reason, the email notifications function does not work in ubuntu 18.04. You may test it on other Linux systems such as Ubuntu 20.04 by yourself.
Step 1: Update the package list and install the required packages
sudo apt update sudo apt install unattended-upgrades apt-listchanges s-nail ssmtp -y
Step 2: Enable unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades
Step 3 (Optional): Modify the periodic configuration — Configure unattended upgrades to perform “apt-get autoclean” every 7 days in order to free up space. 0 = disable.
sudo nano /etc/apt/apt.conf.d/10periodic
Step 4: Modify the unattended-upgrades configuration. Replace your_name with your name, your_email with your email, email_recipient with the email recipient and reboot_time with a specific time you want your server to reboot.
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Sender "your_name "; Unattended-Upgrade::Mail "email_recipient"; Unattended-Upgrade::MailReport "on-change"; Unattended-Upgrade::Automatic-Reboot "true"; Unattended-Upgrade::Automatic-Reboot-Time "reboot_time";
In my case, it is
Unattended-Upgrade::Sender "Silicon <[email protected]>"; Unattended-Upgrade::Mail "[email protected]"; Unattended-Upgrade::MailReport "on-change"; Unattended-Upgrade::Automatic-Reboot "true"; Unattended-Upgrade::Automatic-Reboot-Time "04:00";
If you want to receive an email notification every time unattended upgrades is triggered, change
Step 5: Change SSMTP configuration
sudo nano /etc/ssmtp/ssmtp.conf
Add these lines at the end. Replace root with your_name, your_emailwith your email, your_passwordwith your password (Google App password if you are using Gmail). Have a look of my article about how to generate an app password for Gmail if you don’t have an app password for your Gmail.
root=your_name mailhub=smtp.gmail.com:465 rewriteDomain=gmail.com AuthUser=your_email AuthPass=your_password FromLineOverride=YES UseTLS=YES
In my case, it is
root=Silicon mailhub=smtp.gmail.com:465 rewriteDomain=gmail.com [email protected] AuthPass=XXXXXXXX FromLineOverride=YES UseTLS=YES
Press Ctrl + X to save the file Step 5: Create a configuration file for Mailx with root privileges.
sudo su cd ~ nano .mailrc
Replace your_email with your email, your_password with your email password and your_email_domain with your email domain.
#--------------------------------------------# # Setting mailx version v14.9.15 for gmail # #--------------------------------------------# # Testing syntax: # echo "Testing, Testing, Testing" | s-nail -s "My test..." [email protected] # Use v15.0 compatibility mode set v15-compat # See the whole process, especially for troubleshooting: set verbose # Essential setting: select allowed character sets set sendcharsets=utf-8,iso-8859-1 # and reply in the same charset used by sender: set reply-in-same-charset # Default directory where we act in (relative to $HOME) set folder=mail # My actual address obfuscated here: set from="your_email" # Request strict TLL transport layer security checks set tls-verify=strict set tls-ca-file=/etc/ssl/certs/ca-certificates.crt set tls-ca-no-defaults set smtp-use-starttls set smtp-auth=login # When sending messages, wait until the Mail-Transfer-Agent finishes. # Only like this you will be able to see errors reported through the # exit status of the MTA (including the built-in SMTP one)! set sendwait # And of course put your own gmail username and # App Password here in the obvious places: set mta=smtps://your_email:your_password@your_email_domain #--------------------------------------------#
In my case, it is
set v15-compat set verbose set sendcharsets=utf-8,iso-8859-1 set reply-in-same-charset set folder=mail set from="[email protected]" set tls-verify=strict set tls-ca-file=/etc/ssl/certs/ca-certificates.crt set tls-ca-no-defaults set smtp-use-starttls set smtp-auth=login set sendwait set mta=smtps://[email protected]:[email protected]:465
Press Ctrl + X to save the file. Step 6: Change .mailrc to read-only by root and exit
chmod 400 .mailrc exit
Step 7: Since Mailx is renamed to S-nail. We must create a link from S-nail to Mailx to function properly.
sudo ln -s /usr/bin/s-nail /usr/bin/mailx
Step 8: Try to send out an email with Mailx. Replace your_email with your email.
echo "Hello" | mailx -v -n -s Test "your_email"
In my case, it is
echo "Hello" | mailx -v -n -s Test "[email protected]"
You should receive an email entitled “Test”.
Step 9: Execute an unattended upgrade to install security updates on Ubuntu. The update process may take a few hours depending on your network speed.
sudo unattended-upgrade -v -d
If you have received an email notification after an update, congratulation, everything works correctly, and your system will patch security update automatically!