Configuring automatic package upgrades in Ubuntu and Red Hat Enterprise Linux

Automatic updates on your OS are required so that system and security patches are applied promptly. This reduces the risk of security vulnerabilities being used for exploitation. To avoid manual intervention, automatic updates should be enabled.

Here we look at how automatic updates are enabled on Ubuntu and Red Hat Enterprise Linux (RHEL) distributions. Ubuntu uses unattended-upgrades package whereas RHEL uses dnf-automatic package for this purpose.

Ubuntu-

(Assuming all commands are being run by the root user)

• First update the package list using this command-
  apt update
• Then install the unattended-upgrades package-
  apt install unattended-upgrades
• Ensure that the service is up and running-
  systemctl status unattended-upgrades
• To configure the unattended-upgrades file, open it using some editor-
  vim /etc/apt/apt.conf.d/50unattended-upgrades
• Comment the following two lines in the above config file-
  "${distro_id}:${distro_codename}" - This line specifies the main repository for fetching updates for the specified distribution and codename
  "${distro_id}:${distro_codename}-security" - This line determines the security repository for fetching critical security updates
  ${distro_id} and ${distro_codename} are automatically replaced with the corresponding values of the distribution and codename of the Ubuntu system where the configuration is applied
• Save the changes and exit the file
• Edit the auto-upgrades file with the following command to enable Automatic Upgrades
  vim /etc/apt/apt.conf.d/20auto-upgrades
• Define the frequency for auto updates using the following lines in the above file- Update-Package-Lists - Use 1 to enable auto-update
  Unattended-Upgrade - Use 1 to enable auto-upgrade
  AutocleanInterval - Enable auto-clean packages for a specific number of days
• Save the changes and exit the file
• Restart the unattended-upgrades service to apply the changes-
  systemctl restart unattended-upgrades.service
• You can do a dry run for the automatic upgrade using this command-
  unattended-upgrades --dry-run --debug

RHEL-

(Assuming all commands are being run by the root user)

• Install the dnf-automatic package-
  dnf install dnf-automatic
• Verify that the dnf-automatic package is successfully installed-
  rpm -qi dnf-automatic
• To configure dnf-automation, open its configuration file using some editor-
  vi /etc/dnf/automatic.conf
• The default settings of the /etc/dnf/automatic.conf file should be sufficient for starters. It will check for available updates, download them, and report the results to standard output
• To run dnf-automatic once, a systemd timer unit must be started and to run it periodically, the timer unit must be enabled
• To enable and execute a systemd timer unit immediately-
  systemctl enable --now <timer_name>
• The timer can also be enabled without executing it immediately, by omitting the --now option
• The following timers can be used-
  dnf-automatic-download.timer: Downloads available updates
  dnf-automatic-install.timer: Downloads and installs available updates
  dnf-automatic-notifyonly.timer: Reports available updates
  dnf-automatic.timer: Downloads, downloads and installs, or reports available updates
• To verify that the timer is enabled-
  systemctl status <systemd timer unit>

As you can see, there's quite a bit of similarity in how automatic updates are enabled on Ubuntu and RHEL, though the packages and commands are a bit different. For more details, you can visit the following links-
Ubuntu- Link
RHEL- Link