The guide walks you through installing the unattended‑upgrades package on Ubuntu 22.04 LTS, then enabling its daily execution by running dpkg-reconfigure to create the 20auto-upgrades file. It shows how to customize /etc/apt/apt.conf.d/50unattended-upgrades to select which origins are upgraded, configure automatic reboots and their timing, and set email notifications for reports. A dry‑run command ( sudo unattended-upgrade --dry-run --debug ) lets you verify the settings before they take effect. Finally, it advises checking the logs in /var/log/unattended-upgrades/ to confirm upgrades are applied correctly and troubleshoot any issues.

Install/Configure Unattended Upgrades on Ubuntu 22.04 LTS

You’ll get security patches applied automatically without having to remember to run apt update && apt upgrade every week. This guide shows how to pull in the package, turn it on, and tweak the settings so you only get what you actually want.

Grab the unattended‑upgrades package

sudo apt update
sudo apt install unattended-upgrades

The first command refreshes your local package list; without a fresh index the installer might miss the newest version of unattended-upgrades. Installing the package also pulls in apt-listchanges, which warns you when a reboot‑required kernel lands.

Turn on automatic execution

sudo dpkg-reconfigure --priority=low unattended-upgrades

Running dpkg-reconfigure writes /etc/apt/apt.conf.d/20auto-upgrades. I’ve seen systems where the file never gets created, and updates sit in the queue until you finally notice a security alert. This step guarantees that the daemon runs daily.

Edit the main config to suit your taste

Open /etc/apt/apt.conf.d/50unattended-upgrades with your favorite editor:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Key bits to consider:

• Allowed‑origins – By default it upgrades all security repos. If you want regular updates too, uncomment the line that mentions ${distro_id}:${distro_codename}-updates. I keep this off on my production box because a stray library update once broke a Docker image.
• Automatic‑reboot – Set "${distro_id}:${distro_codename}-security"; and then add

  Unattended-Upgrade::Automatic-Reboot "true";
  Unattended-Upgrade::Automatic-Reboot-Time "02:30";
  

  This saves me the nightly “kernel upgrade, reboot later” dance. If you run a headless server that can’t afford an unexpected restart, flip it to false.
• Mail notifications – Point "Unattended-Upgrade::Mail" at your admin address so you get a quick summary instead of digging through logs.

Save and exit; the daemon picks up changes on its next run.

Test the setup

Force a dry‑run to see what would happen:

sudo unattended-upgrade --dry-run --debug

The output lists packages that match your criteria. If something looks off, adjust 50unattended-upgrades and rerun the dry‑run until you’re happy.

Keep an eye on logs

Unattended upgrades write to /var/log/unattended-upgrades/. A quick glance after a reboot shows whether anything went sideways:

less /var/log/unattended-upgrades/unattended-upgrades.log

I’ve caught a mis‑configured third‑party repo this way—nothing worse than a silent failure that leaves your box exposed.

That’s it. Your Ubuntu 22.04 LTS machine should now stay patched without you having to think about it.