mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-12-01 07:39:48 +00:00
184 lines
5.2 KiB
Text
184 lines
5.2 KiB
Text
:experimental:
|
|
include::{partialsdir}/attributes.adoc[]
|
|
|
|
= Securing the system by keeping it up-to-date
|
|
Petr Bokoc; Mirek Jahoda; Gregory Lee Bartholomew
|
|
:revnumber: unspecified
|
|
:revdate: 2023-12-23
|
|
:category: Administration
|
|
:tags: How-to, Security, Update
|
|
//:page-aliases:
|
|
|
|
|
|
|
|
This section explains:
|
|
|
|
* xref:securing-the-system-by-keeping-it-up-to-date.adoc#_why_it_is_important_to_keep_your_system_up_to_date[Why it is important to update your system regularly]
|
|
* How to apply updates manually by using the xref:securing-the-system-by-keeping-it-up-to-date.adoc#_manual_updating_using_gui[GUI] or xref:securing-the-system-by-keeping-it-up-to-date.adoc#_manual_updating_using_cli[CLI]
|
|
* How to xref:securing-the-system-by-keeping-it-up-to-date.adoc#_setting_automatic_updates[enable automatic updates]
|
|
|
|
|
|
|
|
== Why it is important to keep your system up-to-date
|
|
|
|
// Bara: This section is based on https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-keeping_your_system_up-to-date
|
|
|
|
This section briefly explains the importance of updating your system on a regular basis.
|
|
|
|
All software contains bugs.
|
|
Often, these bugs can result in a vulnerability
|
|
that can expose your system to malicious users.
|
|
Packages that have not been updated are a common cause of computer intrusions.
|
|
Implement a plan for installing security patches in a timely manner
|
|
to quickly eliminate discovered vulnerabilities,
|
|
so they cannot be exploited.
|
|
|
|
|
|
|
|
== Manual updating using GUI
|
|
|
|
This section describes how to manually download and install new updates by using GUI.
|
|
|
|
[discrete]
|
|
=== Procedure
|
|
|
|
. Hover the cursor over the upper-left corner of the screen
|
|
and type "Software" and select the Software application to open it.
|
|
|
|
. Click the btn:[Updates] button to view the available updates.
|
|
|
|
. Click the btn:[Download] button to download new updates.
|
|
|
|
. After the updates are downloaded click the btn:[Restart & Update] button.
|
|
Your system will restart to perform the upgrade.
|
|
|
|
image::software-updates.png[Updating by using the Software application]
|
|
|
|
|
|
|
|
== Manual updating using CLI
|
|
|
|
This section describes how to manually download and install new updates
|
|
by using the DNF package manager.
|
|
|
|
|
|
[discrete]
|
|
=== Procedure
|
|
|
|
. Upgrade the system:
|
|
+
|
|
----
|
|
sudo dnf upgrade
|
|
----
|
|
+
|
|
Confirm to download the available packages.
|
|
|
|
. Ideally (but it is usually not required),
|
|
use the `rpmconf` command to merge any config file changes you may have made
|
|
with any new settings that might have been introduced by the package updates.
|
|
You should do this before you reboot your system:
|
|
+
|
|
----
|
|
sudo rpmconf -a
|
|
----
|
|
+
|
|
To use the advanced merge option,
|
|
you will need to set the `MERGE` environment variable
|
|
to an editor that is capable of performing that function
|
|
(e.g., `export MERGE="vimdiff"`).
|
|
See the man page for details.
|
|
+
|
|
[TIP]
|
|
====
|
|
If you install the rpmconf DNF plugin,
|
|
`rpmconf` will run automatically at the end of each upgrade.
|
|
Install it using the command:
|
|
|
|
----
|
|
sudo dnf install python3-dnf-plugin-rpmconf
|
|
----
|
|
====
|
|
|
|
[discrete]
|
|
=== Additional Resources
|
|
|
|
* The `dnf(8)` manual page
|
|
* The `rpmconf(8)` manual page
|
|
|
|
|
|
== Setting automatic updates
|
|
|
|
This section describes how to use the DNF Automatic application to automatically:
|
|
|
|
* Download and install any new updates
|
|
* Only download the updates
|
|
* Get notified about the updates
|
|
|
|
[discrete]
|
|
=== Procedure
|
|
|
|
. Install the [package]_dnf-automatic_ package:
|
|
+
|
|
----
|
|
sudo dnf install dnf-automatic
|
|
----
|
|
|
|
. Edit the [filename]`/etc/dnf/automatic.conf` configuration file as needed.
|
|
See the https://dnf.readthedocs.io/en/latest/automatic.html[DNF Automatic]
|
|
documentation for details.
|
|
|
|
. Enable and start the `systemd` timer:
|
|
+
|
|
[literal,subs="+quotes,attributes"]
|
|
----
|
|
sudo systemctl enable --now _timer_
|
|
----
|
|
+
|
|
Replace `_timer_` with one of following ones depending on what action you want to do:
|
|
+
|
|
--
|
|
* `dnf-automatic-install.timer` to download and install packages
|
|
* `dnf-automatic-download.timer` to only download packages
|
|
* `dnf-automatic-notifyonly.timer`
|
|
to only get a notification using configured emitters in the
|
|
[filename]`/etc/dnf/automatic.conf` file.
|
|
--
|
|
+
|
|
For example:
|
|
+
|
|
----
|
|
sudo systemctl enable --now dnf-automatic-install.timer
|
|
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic-install.timer → /usr/lib/systemd/system/dnf-automatic-install.timer.
|
|
----
|
|
|
|
. Ensure that the timer has been successfully enabled and started:
|
|
+
|
|
[literal,subs="+quotes,attributes"]
|
|
----
|
|
sudo systemctl status _timer_
|
|
----
|
|
+
|
|
Replace `_timer_` with the timer from the previous step, for example:
|
|
+
|
|
----
|
|
sudo systemctl status dnf-automatic-install.timer
|
|
● dnf-automatic-install.timer - dnf-automatic-install timer
|
|
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic-install.timer; enabled; vendor preset: disabled)
|
|
Active: active (waiting) since Fri 2021-01-29 14:50:22 +08; 1s ago
|
|
Trigger: Sat 2021-01-30 06:05:57 +08; 15h left
|
|
Triggers: ● dnf-automatic-install.service
|
|
|
|
Jan 29 14:50:22 localhost.localdomain systemd[1]: Started dnf-automatic-install timer.
|
|
----
|
|
|
|
[discrete]
|
|
=== Additional Resources
|
|
|
|
* The https://dnf.readthedocs.io/en/latest/automatic.html[DNF Automatic] documentation
|
|
|
|
|
|
[discrete]
|
|
== Additional Resources
|
|
|
|
* The xref:f{MAJOROSVER}@fedora:system-administrators-guide:package-management/DNF.adoc[DNF]
|
|
chapter in the Fedora System Administrator's Guide
|