unattended-upgrade

unattended-upgrade [options]

-d, --debug
    Enable debug mode; provides more verbose output.

-v, --verbose
    Be more verbose.

-V, --version
    Show the program's version number and exit.

-h, --help
    Show the program's help message and exit.

--dry-run
    Simulate an unattended-upgrade run without actually installing any updates. Useful for testing configurations.

--only-on-error
    Only log errors.

The unattended-upgrade command provides a way to automatically install security updates on Debian and Ubuntu systems. It reads a configuration file (/etc/apt/apt.conf.d/50unattended-upgrades) to determine which packages to update. This is typically configured to only install security updates, ensuring system stability while addressing critical vulnerabilities.
It's designed to run as a cron job or systemd timer, regularly checking for and installing available updates without manual intervention. The command relies on APT's dependency resolution capabilities, ensuring a smooth update process. Logs are typically stored in /var/log/unattended-upgrades/ to monitor the update process and troubleshoot any issues. Using unattended-upgrade is a recommended practice for maintaining system security, especially on servers where manual updates might be easily overlooked. The command offers options to control the update behavior, such as sending email notifications upon completion or rebooting the system automatically after an update.

Incorrect configuration can lead to unintended updates or system instability. Ensure that the /etc/apt/apt.conf.d/50unattended-upgrades file is properly configured. Major version upgrades are typically not handled by unattended-upgrades, requiring manual intervention.

The primary configuration file is /etc/apt/apt.conf.d/50unattended-upgrades. It defines which packages and origins are allowed to be automatically updated. Also, options for email notifications, automatic reboot, and other settings can be configured here.

Log files are written to /var/log/unattended-upgrades/.
The unattended-upgrades.log file contains detailed information about the update process, including packages installed, errors encountered, and other relevant details.
The unattended-upgrades-dpkg.log contains the dpkg log

The unattended-upgrade command was developed as a means to automate security updates for Debian and Ubuntu systems. It evolved as a solution to the problem of consistently patching servers with security fixes, especially in environments with a large number of machines. It has become a standard part of the Debian/Ubuntu ecosystem and is widely used to ensure system security.

apt(8), apt-get(8), dpkg(1), cron(8)