Unattended-Upgrade

The unattended-upgrade tool is a great way to keep your system automatically updated. While you might not always want to do that for all packages, it definitely can be a great way to assist in your security efforts. In that case, tell it to track security updates and install the related packages.

If you are using third-party packages (e.g. via PPAs), the system has no idea about security updates for those packages. So you need to take an additional step and get them included manually.

To counter the biggest threat to software packages, they should be updated on a regular basis. Vulnerabilities are discovered on a daily basis, which also requires we monitor daily. Software patching takes time, especially when testing and reboots are needed. Fortunately, systems running Debian and Ubuntu can use unattended-upgrades to achieve automated patch management for security updates.

Installation

With most software packages, unattended-upgrades has to be installed.

apt install unattended-upgrades