How to Enable Automatic Security Updates on Linux Ubuntu Server
Linux Ubuntu Server Hardening
In this series we will cover how to harden your Linux Debian based distros. We are going to follow best practice to make your network more secure, as well as get your machines ready to face the public internet.
Introduction
We will cover the following topics over the next 6 videos/articles
-
Enable automatic security updates (live updates, no downtime to services, maintenance).
-
SSH Key authentication (security).
-
Enable the firewall (UFW) (security)
-
Install Fail2Ban (security, protect against brute force attacks)
-
Remove unnecessary packages (maintenance/security).
-
Upload Public SSH Keys to Github (this allows you to auto-download your SSH keys during fresh server installs).
Updating Linux
The first thing we want to do is make sure our system has the latest updates.
1. Enable Automatic Security Updates
When we have services/software hosted for extremely long periods of time, we need to ensure we have consistent updates, new-found vulnerabilities come out daily, and we want to ensure our systems are as secure as possible.
The first command we want to run ensures that unattended upgrades are installed. You may get a response that it is already installed. We still need to make sure it is set to automatic updates.
Let’s ensure it is running properly with:
To enable automatic security updates, we will edit the following file:
You should see the following parameters set to “1”:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
OPTIONAL
If you would like to dive deeper into automatic updates, you can edit the following file, you will have to do your own research on the options found within that folder which are past the scope of this article: