Automating Linux Package Updates
Automated updates keep your systems safe and secure, allowing you to spend more time on other duties. This guide shows how to configure automatic package updates (including optional email notifications) for RHEL-like systems and Ubuntu.
By default, RHEL’s dnf-automatic applies all available updates. Ubuntu’s unattended-upgrades, on the other hand, only handles security updates unless configured otherwise.
This was tested with RHEL 9 and 8, and Ubuntu 22.04 systems.
RHEL 9 with DNF Automatic
RHEL uses dnf-automatic for automated updates.
sudo dnf install -y dnf-automatic
sudo systemctl enable --now dnf-automatic.timer
systemctl status dnf-automatic.timerEdit /etc/dnf/automatic.conf to enable updates
[commands]
upgrade_type = default # all available updates
download_updates = yes
apply_updates = yes
reboot = "when-needed" # for kernel updates, etc.Configuring Mail Notifications
# For RHEL 9
sudo dnf install s-nail postfix
# For RHEL 8
sudo dnf install mailx postfixEnable postfix service
sudo systemctl enable --now postfix.service
systemctl status postfixConfigure /etc/dnf/automatic.conf
[emitters]
emit_via = stdio,motd,email
[email]
email_from = [email protected]
email_to = [email protected]
email_host = localhost # or point to your local mail/exchange serverIf using a local mail/exchange server edit /etc/postfix/main.cf
# If using a local mail/exchange server, set the relayhost
relayhost = [mail.example.com]:25Restart postfix service to apply changes
sudo systemctl restart postfix.serviceVerify that emails can be received from this system
echo "Hello from $(hostname)" | mail -s "Test Email" [email protected]If you have issues with emails not sending, check /var/log/maillog.
Ubuntu 24.04 with Unattended-Upgrades
Ubuntu uses unattended-upgrades for automated updates. This comes pre-installed and configured on Ubuntu 24.04.
sudo systemctl status unattended-upgradesTo enable updates beyond security (like general package updates and backports), edit /etc/apt/apt.conf.d/50unattended-upgrades and uncomment or add the following lines under Allowed-Origins:
⚠️ Warning: Do not uncomment
"${distro_id}:${distro_codename}-proposed"unless you want experimental proposed changes. This is not suitable for production systems!
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
// Optional: uncomment the next two lines if you are entitled to Ubuntu Pro.
// Run `pro status` to check if esm-infra and esm-apps are available.
// You may need to run `sudo pro attach` to activate them.
// "${distro_id}:${distro_codename}-apps-security";
// "${distro_id}:${distro_codename}-infra-security";
"${distro_id}:${distro_codename}-updates";
"${distro_id}:${distro_codename}-backports";
};For automatic reboots after updates set the following
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";Restart the service to apply changes
sudo systemctl restart unattended-upgradesFinally, ensure the update timer is active:
sudo systemctl enable --now apt-daily-upgrade.timerConfigure Email Notifications
sudo apt install -y bsd-mailx postfixWhen prompted, select the default option Internet Site.
When prompted, set the system mail name to the FQDN e.g. server.example.com
Configure /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Mail "[email protected]";
// Set MailOnlyOnError to "true" if you only want to receive emails when a failure occurs.
Unattended-Upgrade::MailOnlyOnError "false";Restart the service to apply changes
sudo systemctl restart unattended-upgradesIf using a local mail/exchange server edit /etc/postfix/main.cf
# If using a local mail/exchange server, set the relayhost
relayhost = [mail.example.com]:25Restart postfix service
sudo systemctl restart postfix.serviceSend a test email
echo "Test from $(hostname)" | mail -s "Ubuntu Test Email" [email protected]On Ubuntu, check /var/log/mail.log if email fails to send.