quick-docs/modules/ROOT/pages/securing-the-system-by-keeping-it-up-to-date.adoc

155 lines
5 KiB
Text
Raw Normal View History

2017-12-14 13:02:04 +00:00
:experimental:
2019-03-25 13:02:19 +00:00
include::{partialsdir}/attributes.adoc[]
2017-12-14 13:02:04 +00:00
2017-12-14 09:06:15 +00:00
= Securing the system by keeping it up-to-date
Petr Bokoc; Mirek Jahoda; Gregory Lee Bartholomew
2023-08-17 18:52:56 +00:00
:revnumber: unspecified
:revdate: 2023-12-23
2023-08-17 18:52:56 +00:00
:category: Administration
2023-08-28 20:44:35 +00:00
:tags: How-to, Security, Update
2023-08-17 18:52:56 +00:00
//:page-aliases:
2017-12-14 09:06:15 +00:00
This section explains:
2017-12-14 09:06:15 +00:00
2023-08-18 06:41:39 +00:00
* xref:securing-the-system-by-keeping-it-up-to-date.adoc#_why_it_is_important_to_keep_your_system_up_to_date[Why it is important to update your system regularly]
* How to apply updates manually by using the xref:securing-the-system-by-keeping-it-up-to-date.adoc#_manual_updating_using_gui[GUI] or xref:securing-the-system-by-keeping-it-up-to-date.adoc#_manual_updating_using_cli[CLI]
* How to xref:securing-the-system-by-keeping-it-up-to-date.adoc#_setting_automatic_updates[enable automatic updates]
2017-12-14 09:06:15 +00:00
2023-08-17 18:52:56 +00:00
== Why it is important to keep your system up-to-date
// Bara: This section is based on https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-keeping_your_system_up-to-date
This section briefly explains the importance of updating your system on a regular basis.
All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Packages that have not been updated are a common cause of computer intrusions. Implement a plan for installing security patches in a timely manner to quickly eliminate discovered vulnerabilities, so they cannot be exploited.
== Manual updating using GUI
This section describes how to manually download and install new updates by using GUI.
[discrete]
=== Procedure
. Hover the cursor over the upper-left corner of the screen and type "Software" and select the Software application to open it.
. Click the btn:[Updates] button to view the available updates.
. Click the btn:[Download] button to download new updates.
. After the updates are downloaded click the btn:[Restart & Update] button. Your system will restart to perform the upgrade.
image::software-updates.png[Updating by using the Software application]
== Manual updating using CLI
This section describes how to manually download and install new updates by using the DNF
package manager.
[discrete]
=== Procedure
. Upgrade the system:
2023-08-17 18:52:56 +00:00
+
----
sudo dnf upgrade
----
+
Confirm to download the available packages.
. Ideally (but it is usually not required), use the `rpmconf` command to merge any config file changes you may have made with any new settings that might have been introduced by the package updates. You should do this before you reboot your system:
+
----
sudo rpmconf -a
----
+
To use the advanced merge option, you will need to set the `MERGE` environment variable to an editor that is capable of performing that function (e.g., `export MERGE="vimdiff"`). See the man page for details.
2023-08-17 18:52:56 +00:00
[discrete]
=== Additional Resources
* The `dnf(8)` manual page
* The `rpmconf(8)` manual page
2023-08-17 18:52:56 +00:00
== Setting automatic updates
This section describes how to use the DNF Automatic application to automatically:
* Download and install any new updates
* Only download the updates
* Get notified about the updates
[discrete]
=== Procedure
. Install the [package]_dnf-automatic_ package:
+
----
sudo dnf install dnf-automatic
----
. Edit the [filename]`/etc/dnf/automatic.conf` configuration file as needed. See the https://dnf.readthedocs.io/en/latest/automatic.html[DNF Automatic] documentation for details.
. Enable and start the `systemd` timer:
+
[literal,subs="+quotes,attributes"]
----
sudo systemctl enable --now _timer_
----
+
Replace `_timer_` with one of following ones depending on what action you want to do:
+
--
* `dnf-automatic-install.timer` to download and install packages
* `dnf-automatic-download.timer` to only download packages
* `dnf-automatic-notifyonly.timer` to only get a notification using configured emitters in the [filename]`/etc/dnf/automatic.conf` file.
--
+
For example:
+
----
sudo systemctl enable --now dnf-automatic-install.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic-install.timer → /usr/lib/systemd/system/dnf-automatic-install.timer.
----
. Ensure that the timer has been successfully enabled and started:
+
[literal,subs="+quotes,attributes"]
----
sudo systemctl status _timer_
----
+
Replace `_timer_` with the timer from the previous step, for example:
+
----
sudo systemctl status dnf-automatic-install.timer
● dnf-automatic-install.timer - dnf-automatic-install timer
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic-install.timer; enabled; vendor preset: disabled)
Active: active (waiting) since Fri 2021-01-29 14:50:22 +08; 1s ago
Trigger: Sat 2021-01-30 06:05:57 +08; 15h left
Triggers: ● dnf-automatic-install.service
Jan 29 14:50:22 localhost.localdomain systemd[1]: Started dnf-automatic-install timer.
----
[discrete]
=== Additional Resources
2017-12-14 09:06:15 +00:00
2023-08-17 18:52:56 +00:00
* The https://dnf.readthedocs.io/en/latest/automatic.html[DNF Automatic] documentation
2017-12-14 09:06:15 +00:00
2018-01-21 13:48:48 +00:00
[discrete]
2017-12-14 09:06:15 +00:00
== Additional Resources
2019-03-28 21:13:22 +00:00
* The xref:f{MAJOROSVER}@fedora:system-administrators-guide:package-management/DNF.adoc[DNF] chapter in the Fedora System Administrator's Guide
2018-09-10 18:30:01 +00:00