How to Make Debian Automatically Update Security Updates

If you’re running a Debian server, keeping up with security updates is non-negotiable. But manually updating every time a patch drops? That’s a time sink — and a risk if you forget. Thankfully, you can configure Debian to handle security updates automatically.

Here’s how to do it, step-by-step.

Step 1: Install the Unattended Upgrades Package

First, make sure the unattended-upgrades package is installed. This is the tool Debian uses to automatically apply updates.

Open a terminal and run:

sudo apt update
sudo apt install unattended-upgrades

Step 2: Enable Automatic Updates

Next, configure Debian to use the tool.

Run:

sudo dpkg-reconfigure --priority=low unattended-upgrades

This will open a simple prompt. Choose Yes when asked if you want to automatically download and install stable updates.

This creates or modifies the config file at:

/etc/apt/apt.conf.d/20auto-upgrades

It should look like this:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

Step 3: Limit to Security Updates Only (Optional but Recommended)

If you only want security updates (and not all updates), check the config file at:

/etc/apt/apt.conf.d/50unattended-upgrades

Look for a section like this:

Unattended-Upgrade::Allowed-Origins {
        "Debian stable-security";
        // "Debian stable";
        // "Debian stable-updates";
};

Make sure only the stable-security line is uncommented. That keeps your system focused strictly on security patches.

Step 4: Test It

To verify it’s working, run a dry-run:

sudo unattended-upgrade --dry-run --debug

This will show what would be installed without actually installing anything. It’s a good sanity check.

Extra Tip: Log Files

Logs for automatic updates are stored in:

/var/log/unattended-upgrades/

Check these occasionally to confirm that updates are running as expected.

Final Thoughts

Automating security updates on Debian is one of the simplest ways to harden your system. It won’t replace active monitoring or smart system administration, but it covers you when you’re not looking. Set it and forget it — but check the logs now and then.

Want help automating more sysadmin tasks? Drop a comment or check out our other Linux tips.

Step 1: Install the Unattended Upgrades Package

Step 2: Enable Automatic Updates

Step 3: Limit to Security Updates Only (Optional but Recommended)

Step 4: Test It

Extra Tip: Log Files

Final Thoughts

Comments

Leave a Reply Cancel reply

More posts

How to Change Root Password on a VPS via SolusVM

How to SSH into your VPS from a Windows or Linux Computer

How to Install KDE Plasma on Ubuntu 24.04

How to Make Debian Automatically Update Security Updates

Step 1: Install the Unattended Upgrades Package

Step 2: Enable Automatic Updates

Step 3: Limit to Security Updates Only (Optional but Recommended)

Step 4: Test It

Extra Tip: Log Files

Final Thoughts

Comments

Leave a Reply Cancel reply

More posts

How to Change Root Password on a VPS via SolusVM

How to enable two factor authentication (2FA) on RackNerd account

How to SSH into your VPS from a Windows or Linux Computer

How to Install KDE Plasma on Ubuntu 24.04