In Lesson 17 of our Ubuntu server series, we explore two critical tools for maintaining system security without manual intervention: unattended-upgrades and Ubuntu Pro Livepatch.
Unattended-Upgrades automatically installs security patches as they become available. To enable it, install the package:
sudo apt install unattended-upgrades
Then configure /etc/apt/apt.conf.d/50unattended-upgrades to specify which updates to apply (e.g., security updates). By default, it's already set to handle security updates. To enable automatic updates, run:
sudo dpkg-reconfigure --priority=low unattended-upgrades
Ubuntu Pro Livepatch provides kernel security patches without rebooting. This is available for free on up to 5 machines with an Ubuntu Pro subscription. To set it up:
- Register at ubuntu.com/pro to get a token.
- Install the Livepatch daemon:
sudo snap install canonical-livepatch
- Attach your token:
sudo canonical-livepatch enable YOUR_TOKEN
Verify Livepatch is active:
sudo canonical-livepatch status
These tools together ensure your system stays secure with minimal manual effort, making them essential for production servers.