quick-docs/modules/ROOT/pages/securing-the-system-by-keeping-it-up-to-date.adoc
2023-08-28 22:44:35 +02:00

147 lines
4.5 KiB
Text

:experimental:
include::{partialsdir}/attributes.adoc[]
= Securing the system by keeping it up-to-date
Connor Lim; Petr Bokoc; Mirek Jahoda
:revnumber: unspecified
:revdate: 2021-01-29
:category: Administration
:tags: How-to, Security, Update
//:page-aliases:
This section explains:
* xref:securing-the-system-by-keeping-it-up-to-date.adoc#_why_it_is_important_to_keep_your_system_up_to_date[Why it is important to update your system regularly]
* How to apply updates manually by using the xref:securing-the-system-by-keeping-it-up-to-date.adoc#_manual_updating_using_gui[GUI] or xref:securing-the-system-by-keeping-it-up-to-date.adoc#_manual_updating_using_cli[CLI]
* How to xref:securing-the-system-by-keeping-it-up-to-date.adoc#_setting_automatic_updates[enable automatic updates]
== Why it is important to keep your system up-to-date
// Bara: This section is based on https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-keeping_your_system_up-to-date
This section briefly explains the importance of updating your system on a regular basis.
All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Packages that have not been updated are a common cause of computer intrusions. Implement a plan for installing security patches in a timely manner to quickly eliminate discovered vulnerabilities, so they cannot be exploited.
== Manual updating using GUI
This section describes how to manually download and install new updates by using GUI.
[discrete]
=== Procedure
. Hover the cursor over the upper-left corner of the screen and type "Software" and select the Software application to open it.
. Click the btn:[Updates] button to view the available updates.
. Click the btn:[Download] button to download new updates.
. After the updates are downloaded click the btn:[Restart & Update] button. Your system will restart to perform the upgrade.
image::software-updates.png[Updating by using the Software application]
== Manual updating using CLI
This section describes how to manually download and install new updates by using the DNF
package manager.
[discrete]
=== Procedure
* Upgrade the system:
+
----
sudo dnf upgrade
----
+
Confirm to download the available packages.
[discrete]
=== Additional Resources
* The `dnf(8)` manual page
== Setting automatic updates
This section describes how to use the DNF Automatic application to automatically:
* Download and install any new updates
* Only download the updates
* Get notified about the updates
[discrete]
=== Procedure
. Install the [package]_dnf-automatic_ package:
+
----
sudo dnf install dnf-automatic
----
. Edit the [filename]`/etc/dnf/automatic.conf` configuration file as needed. See the https://dnf.readthedocs.io/en/latest/automatic.html[DNF Automatic] documentation for details.
. Enable and start the `systemd` timer:
+
[literal,subs="+quotes,attributes"]
----
sudo systemctl enable --now _timer_
----
+
Replace `_timer_` with one of following ones depending on what action you want to do:
+
--
* `dnf-automatic-install.timer` to download and install packages
* `dnf-automatic-download.timer` to only download packages
* `dnf-automatic-notifyonly.timer` to only get a notification using configured emitters in the [filename]`/etc/dnf/automatic.conf` file.
--
+
For example:
+
----
sudo systemctl enable --now dnf-automatic-install.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic-install.timer → /usr/lib/systemd/system/dnf-automatic-install.timer.
----
. Ensure that the timer has been successfully enabled and started:
+
[literal,subs="+quotes,attributes"]
----
sudo systemctl status _timer_
----
+
Replace `_timer_` with the timer from the previous step, for example:
+
----
sudo systemctl status dnf-automatic-install.timer
● dnf-automatic-install.timer - dnf-automatic-install timer
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic-install.timer; enabled; vendor preset: disabled)
Active: active (waiting) since Fri 2021-01-29 14:50:22 +08; 1s ago
Trigger: Sat 2021-01-30 06:05:57 +08; 15h left
Triggers: ● dnf-automatic-install.service
Jan 29 14:50:22 localhost.localdomain systemd[1]: Started dnf-automatic-install timer.
----
[discrete]
=== Additional Resources
* The https://dnf.readthedocs.io/en/latest/automatic.html[DNF Automatic] documentation
[discrete]
== Additional Resources
* The xref:f{MAJOROSVER}@fedora:system-administrators-guide:package-management/DNF.adoc[DNF] chapter in the Fedora System Administrator's Guide