Disabling Unattended Upgrades on an Azure Ubuntu Linux server

This post was originally published by myself in Diversus’ internal knowledge base.

Ubuntu IaaS instances that have been spun up in Azure may have an Unattended Upgrades package configured that automatically updates software on the server and checks security permissions, among other things.

This can break third party software that relies on specific versions of installed software to run properly (e.g. SOLR requires a specific version of Java to function correctly).

Fix From Microsoft:

To disable auto updates on Ubuntu VM in the future we suggest you to make following changes in below configuration files:

#vi /etc/apt/apt.conf.d/50unattended-upgrades Unattended-Upgrade::Allowed-Origins {
// “${distro_id}:${distro_codename}-security”;
// “${distro_id}:${distro_codename}-updates”;
// “${distro_id}:${distro_codename}-proposed”;
// “${distro_id}:${distro_codename}-backports”;

Certain packages can also be blacklisted and therefore will not be automatically updated. To blacklist a package, add it to the list:

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
// “vim”;
// “libc6”;
// “libc6-dev”;
// “libc6-i686”;
};

Note: The double “//” serve as comments, so whatever follows “//” will not be evaluated.

Please edit below file if exists:

#vi /etc/apt/apt.conf.d/10periodic
APT::Periodic::Update-Package-Lists “0”;
APT::Periodic::Download-Upgradeable-Packages “0”;
APT::Periodic::AutocleanInterval “0”;
APT::Periodic::Unattended-Upgrade “0”;

And this file if exists:

#vi /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists “0”;
APT::Periodic::Unattended-Upgrade “0”;

Please check the /var/log/unattended-upgrades file to see if any auto updates happen from now on.