This blog post explains how to keep a server's packages automatically up-to-date (also called "Auto-update"). To achieve this goal we are going to use the service "unattended-upgrades".

The commands in this page are valid for Debian, Ubuntu and other Debian based distros on systemD.

Install "unattended-upgrades"

Let's install it:

sudo apt install unattended-upgrades -y
                    

Check the service is running:

sudo systemctl status unattended-upgrades
                    

Output example:

unattended-upgrades.service
  Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; enabled; vendor preset: enabled)
  Active: active (running) since ...
                    

Enable auto-updates

Open the file:

sudo vi /etc/apt/apt.conf.d/50unattended-upgrades
                    

To enable the automatic updates of the packages, uncomment the line below and save it:

“origin =Debian,codename=${distro_codename}-updates”;
                    

"Auto-update" is now enabled.

Additional knowledge

This file allows to configure the frequency of auto updates. By default it is once a day.

sudo vi /etc/apt/apt.conf.d/20auto-upgrades
                    

The logs about the status of auto updates is located in this folder:

sudo ls -al /var/log/unattended-upgrades
                    

For example:

sudo less /var/log/unattended-upgrades/unattended-upgrades.log
                    

sudo less /var/log/unattended-upgrades/unattended-upgrades.log | grep "Packages that will be upgraded"
                    

Additional readings

Official Debian's doc about auto-updates

Good Article about auto-update on Ubuntu