Manage unattended upgrades on Linux servers

Some Linux distributions, such as Ubuntu, enable unattended‑upgrades by default. This setting can install updates automatically from the server, outside your defined patching process.

To ensure your system manages all patching, disable unattended‑upgrades.

To manage unattended upgrades:

1. Check whether unattended‑upgrades is enabled. Run the following command:

   systemctl status unattended-upgrades

   • Active (running): Unattended upgrades are enabled.

   • Inactive (dead): Unattended upgrades are disabled.

   Check the configuration file:

   APT::Periodic::Update-Package-Lists "1";
   APT::Periodic::Unattended-Upgrade "1";

   If both values are "1", unattended upgrades are enabled.

2. Disable unattended-upgrades. Remove the package:

   sudo apt remove unattended-upgrades

3. Confirm that unattended-upgrades is disabled. Run the following command:

   systemctl status unattended-upgrades

   You should see Inactive (dead) or a unit not found message.