Does ubuntu server (18.04) attempts any automatic update by default?

Question

Background:
I am looking for installing an Ubuntu server in a closed industrial network to monitor some stuff. I would like the Ubuntu server to NOT to attempt any automatic update. Do I need to install unattended-upgrades just to turn automatic upgrade off?

I don't want to block any ports on the server just yet. I am fairly new to linux, I would like to keep all other options like remote access, serving a simple web interface etc. open

Further question: Since we are here, does Ubuntu server (by default) send out any other "queries" onto the network automatically?

Answer 1

Yes, Ubuntu Server will attempt to upgrade by default.

There are two elements you must disable.

1) Apt will attempt to update it's package database daily using apt-daily.timer (provided by the apt package)

2) Apt will attempt to upgrade new packages in the database using apt-daily-upgrade.timer (provided by the unattended-upgrades package)

Simply disable both:

sudo systemctl disable apt-daily.timer
sudo systemctl disable apt-daily-upgrade.timer

Note to future readers: This is a good idea for some closed networks. This is a Very Bad Idea for any machine connected, directly or indirectly, to the internet. Those upgrades include security patches to protect your system from newly-reported vulnerabilities.