Debian Setup automatic-updates

The purpose of unattended-upgrades is to keep the computer current with the latest security (and other) updates automatically.

Install the required package:

sudo apt install unattended-upgrades

Edit:

sudo vim /etc/apt/apt.conf.d/50unattended-upgrades

With the following content:

Unattended-Upgrade::Origins-Pattern {
        "origin=Debian,codename=${distro_codename}-updates";
        "origin=Debian,codename=${distro_codename}-proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
        "o=Debian,a=stable";
        "o=Debian,a=stable-updates";
        "o=Debian,a=proposed-updates";
        "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};
Unattended-Upgrade::Package-Blacklist {
};
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";

To enable add/edit the following file as well:

sud ovim /etc/apt/apt.conf.d/20auto-upgrades

With the following content:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";

Enable and/or restart the service:

sudo systemctl enable unattended-upgrades
sudo systemctl restart unattended-upgrades

Test your setup

sudo unattended-upgrades --dry-run --debug

Sources:

• https://wiki.debian.org/UnattendedUpgrades
• https://www.linode.com/docs/guides/how-to-configure-automated-security-updates-debian/