Linux systems are known for their security and stability, but like any operating system, Linux requires regular updates to ensure protection against the latest threats and vulnerabilities. Security automatic updates are a key tool in ensuring that your system remains secure and up-to-date without the need for manual intervention. In this article, you will learn how to set up and configure security automatic updates on your Linux system.

Prerequisites

Before you begin, make sure you have the package manager specific to your distribution installed (e.g., APT for Debian/Ubuntu, YUM for CentOS/RHEL, DNF for Fedora, etc.) and that you have administrator privileges to make changes.

Setting Up Automatic Updates on Debian and Ubuntu

For Debian-based systems such as Debian itself or Ubuntu, you can use the unattended-upgrades tool to set up automatic updates.

1. Install unattended-upgrades

   Run the following command to install unattended-upgrades:

   sudo apt update
   sudo apt install unattended-upgrades apt-listchanges
   

2. Configure unattended-upgrades

   After installation, open the configuration file 50unattended-upgrades in an editor:

   sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
   

   In this file, you can specify which update packages you want to automatically install. To ensure that only security updates are installed, make sure the section for security updates is uncommented (without // at the beginning of the line).

3. Next, open the 20auto-upgrades file:

   sudo nano /etc/apt/apt.conf.d/20auto-upgrades
   

   And make sure it contains the following lines to enable automatic updates:

   APT::Periodic::Update-Package-Lists "1";
   APT::Periodic::Unattended-Upgrade "1";
   

   This sets the package lists to be updated daily and enables automatic updates to be performed daily as well.

4. Restart the service

   While a restart is usually not necessary to apply changes, you can restart the service to ensure the changes take effect immediately:

   sudo systemctl restart unattended-upgrades
   

Setting Up Automatic Updates on CentOS/RHEL and Fedora

On Red Hat-based distributions such as CentOS, RHEL, or Fedora, you can use the dnf-automatic tool for automatic updates.

1. Install dnf-automatic

   To install dnf-automatic, use the following command:

   sudo dnf install dnf-automatic
   

2. Configure dnf-automatic

   Edit the dnf-automatic.conf configuration file:

   sudo nano /etc/dnf/automatic.conf
   

   Here, you can specify the types of updates you want to automatically install. Set upgrade_type = security for security updates.

3. Set up and enable the service

   After configuration, enable and start the dnf-automatic service:

   sudo systemctl enable --now dnf-automatic.timer
   

With these steps, you have set up and configured security automatic updates on your Linux system. It is important to regularly check system logs to ensure that updates are being applied successfully, ensuring the security of your system.