Enable automatic security updates on an Ubuntu/Debian VPS (unattended-upgrades)

Keeping your VPS updated is one of the most important security tasks. On Ubuntu and Debian, you can enable automatic installation of security updates with unattended-upgrades.

This guide is intended for GARMTECH VPS customers who manage their own Linux server.

Important notes

• Automatic updates reduce risk, but they do not replace monitoring and backups.
• Kernel updates may require a reboot. Plan a maintenance window for reboots.

Step 1 — Update package lists

sudo apt update

Step 2 — Install unattended-upgrades (if not installed)

sudo apt install unattended-upgrades

On some systems you may also want:

sudo apt install apt-listchanges

Step 3 — Enable automatic security updates

Ubuntu/Debian provide a simple configuration wizard:

sudo dpkg-reconfigure --priority=low unattended-upgrades

Choose Yes when asked to enable unattended upgrades.

Step 4 — Review the configuration

Main config file:

/etc/apt/apt.conf.d/50unattended-upgrades

Auto-update schedule file:

/etc/apt/apt.conf.d/20auto-upgrades

Common options you may adjust in 50unattended-upgrades:

• Which origins are allowed (security updates only vs more repositories).
• Automatic reboot behavior after kernel updates.

Step 5 — Test (dry run)

sudo unattended-upgrade --dry-run --debug

Step 6 — Check logs

Unattended-upgrades logs are usually here:

/var/log/unattended-upgrades/

To view the latest log entries:

sudo tail -n 100 /var/log/unattended-upgrades/unattended-upgrades.log

Recommended practice

• Enable unattended upgrades for security repositories.
• Reboot the VPS regularly (for example monthly) to apply kernel updates.
• Before major upgrades, take a snapshot/backup if your setup supports it.