How can I check if automatic updates are enabled?

There is a package that can be used to do this for you.

sudo apt-get install unattended-upgrades

or if unattended-upgrades already installed. Or you can checkout the Ubuntu docs

sudo dpkg-reconfigure -plow unattended-upgrades

That is the package you need to install. Once its installed edit the files

/etc/apt/apt.conf.d/10periodic
/etc/apt/apt.conf.d/20auto-upgrades

In that file you can set how often you want the server to update.

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

The file should look like that. The 1 means it will update every day. 7 is weekly.

/etc/apt/apt.conf.d/50unattended-upgrades

This files will let you chose what updates you want to make by choosing where apt can search for new updates and upgrades. ( My personal opinion on this is I would set it to security if this is a server )

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}-security";
//      "${distro_id}:${distro_codename}-updates";

};

The variables ${distro_id} and ${distro_codename} are expanded automatically. I would comment out the updates entry and just leave security.


Check the logs at /var/log/unattended-upgrades/ to verify that your unattended upgrades are being applied.


(I made another answer, because my changes to LinuxBill's answer were rejected.)

There is a package that can be used to do enable automatic updates for you. It is called unattended-upgrades.

Use the following command to enable/disable automatic updates:

sudo dpkg-reconfigure -plow unattended-upgrades

That command will modify file /etc/apt/apt.conf.d/20auto-upgrades and may also modify /etc/apt/apt.conf.d/10periodic.

Alternatively you can enable automatic updates GUI way by software-properties-gtk in the Updates tab by changing setting in "When there are security updates:". That will modify files /etc/apt/apt.conf.d/10periodic and /etc/apt/apt.conf.d/20auto-upgrades.

Alternatively you can modify the aforementioned file(s) manually. In that file you can set how often you want update be called:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

The file should look like that. The 1 means it will update every day. 7 is weekly. Variable APT::Periodic::AutocleanInterval determines how often "apt-get autoclean" is executed automatically. 0 means disable for these variables.

You can change the way unattended upgrades work by editing file /etc/apt/apt.conf.d/50unattended-upgrades. This file will let you choose what updates you want to make by choosing where apt can search for new updates and upgrades.

Unattended-Upgrade::Allowed-Origins {
      "${distro_id}:${distro_codename}-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

The variables ${distro_id} and ${distro_codename} are expanded automatically. In above only security updates are done automatically. You can extend automatic updates to any repository, see another question.

You may want to change

//Unattended-Upgrade::Remove-Unused-Dependencies "false";

to

Unattended-Upgrade::Remove-Unused-Dependencies "true";

That will automatically remove e.g. excessive old kernels so that /boot does not become full.

There is more information in Ubuntu docs.


In Ubuntu 16.04 and newer, Unattended Upgrades is already included with every stock install of Ubuntu (except Ubuntu Core, of course -- it doesn't use deb packages).

You can test for it several ways:

  1. Check the timer status. Unattended Upgrades uses the apt-daily-upgrade.timer. In this example, you can see that Unattended Upgrades ran 39 minutes ago.
me@my-system:~$ systemctl status apt-daily-upgrade.timer 
● apt-daily-upgrade.timer - Daily apt upgrade and clean activities
     Loaded: loaded (/lib/systemd/system/apt-daily-upgrade.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Sun 2021-12-05 05:41:07 CST; 39min ago
    Trigger: Sun 2021-12-05 06:20:41 CST; 1s left
   Triggers: ● apt-daily-upgrade.service

Dec 05 05:41:07 my-system systemd[1]: Started Daily apt upgrade and clean activities.
  1. Check the completion timestamp. Unattended Upgrades timestamps a file after each successful run.
me@my-system:~$ ls -lh /var/lib/apt/periodic/
total 0
-rw-r--r-- 1 root root 0 Dec  2 17:42 download-upgradeable-stamp
-rw-r--r-- 1 root root 0 Dec  5 06:21 unattended-upgrades-stamp    <----------
-rw-r--r-- 1 root root 0 Dec  2 17:42 update-stamp
-rw-r--r-- 1 root root 0 Dec  2 17:41 update-success-stamp
-rw-r--r-- 1 root root 0 Dec  5 06:21 upgrade-stamp

  1. Check the log. Unattended Upgrades are logged. In this example, you can see that U-U ran properly. No upgraded packages happened to be available during this run. This is the most common result -- upgraded packages don't appear every day
me@my-system:~$ tail /var/log/unattended-upgrades/unattended-upgrades.log

2021-12-03 08:30:20,578 INFO Initial whitelist (not strict): 
2021-12-03 08:30:25,854 INFO No packages found that can be upgraded unattended and no pending auto-removals
2021-12-05 06:21:11,517 INFO Starting unattended upgrades script
2021-12-05 06:21:11,528 INFO Allowed origins are: o=Ubuntu,a=impish, o=Ubuntu,a=impish-security, o=UbuntuESM,a=impish, o=Ubuntu,a=impish-updates, o=Google LLC,a=stable, o=UbuntuESM,a=impish-security
2021-12-05 06:21:11,529 INFO Initial blacklist: 
2021-12-05 06:21:11,530 INFO Initial whitelist (not strict): 
2021-12-05 06:21:15,645 INFO No packages found that can be upgraded unattended and no pending auto-removals