Unattended updates in Ubuntu Linux

A key measure to keep our IT boxes in a healthy state is to regularly update the operating system and applications. This simple measure could save us from the "low-hanging hacks". Let's take this statement and link it with the fact that automation in IT is worth-considering. The following lines provide some tips on how to automate the software upgrade process that, otherwise, would require typical manual steps such as these ones:

- For a complete update:
$ sudo apt-get update
$ sudo apt-get upgrade

- For a specific update
$ sudo apt-get install package-names

There is a nifty package in Ubuntu Linux called unattended-upgrades that would do the magic for us, as mentioned in this Ubuntu Help page. The command line I would highlight from that page is:


$ sudo dpkg-reconfigure -plow unattended-upgrades

The AskUbuntu community also provides juicy input for this. In this case, I highlight the following steps I extracted from the AskUbuntu page:

- Uncomment the Ubuntu packages to be installed silently, mainly security patches and updates. This is also the place to prevent any package from being silently upgraded by using the Package-Blacklist section:

$ sudo gedit /etc/apt/apt.conf.d/50unattended-upgrades

- The command line to check whether things are OK is this one:

$ sudo unattended-upgrades --dry-run and --debug.

- The line to check whether the upgrades are really taking place:

$ tail /var/log/unattended-upgrades/unattended-upgrades.log

Finally, for those using Google Chrome, it can also be included in this silent process with the info provided by this AskUbuntu page:

$ sudo gedit /etc/apt/apt.conf.d/50unattended-upgrades

and adding

 "Google\, Inc.:stable";

 in the Unattended-Upgrade::Allowed-Origins section of the

etc/apt/apt.conf.d/50unattended-upgrades file.


Nothing to do with Ubuntu, however, the way to silently update Java in Windows 7 using Powershell and VisualBasic is explained in this Superuser page. The security catch with this one is that the Task Scheduler would need to save the admin password in order to run the silent update.



Good to keep the house updated!


 Happy silent updating!