As we run quite a few machines with Ubuntu installed and we don't want to update each one ourselves, we installed the package unattended-upgrades which updates the package lists and upgrades the installed packages periodically.
To enable unattended-upgrades, add the following lines to /etc/apt/apt.conf.d/10periodic:
APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "15";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::RandomSleep "1800";
and change the beginning of /etc/apt/apt.conf.d/50unattended-upgrades to:
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}-updates";
"${distro_id}:${distro_codename}-proposed";
"${distro_id}:${distro_codename}-backports";
"Canonical:${distro_codename}";
};
The last line is required if you use software from Canonical's partner program (e.g., adobe-flash) and want it to be updated automatically as well.
Please note: if you are using an unreleased version of Ubuntu, you might need to add "${distro_id}:${distro_codename}"; in order to receive all updates.
However, this list does not automatically include other custom repositories like PPAs. You can use this script to generate a complete list for all your enabled APT sources.