Applying security updates promptly after they are released is critically important for us Linux admins, as this practice helps protect against vulnerabilities that malicious actors could exploit. Failing to update could expose your Linux systems to cyberattacks, data breaches, and other severe security risks.
In this article, I'll guide you through checking installed versions of packages and performing security updates on popular Linux distributions, including Ubuntu, Fedora, Debian, Arch Linux, and openSUSE, thus reducing potential risks that could threaten the security and availability of your systems and your critical data. This is precisely the type of resource I was seeking as a junior sysadmin, and I hope these instructions will help make your Linux administration journey simpler and safer. Let’s get started!
What Are the Implications of Continuing to Use a Linux Distro Beyond Its Supported Date?
Running a Linux distro beyond its supported date is risky for any admin. Once a distribution has reached its end of life (EOL), it no longer receives security updates, patches, or bug fixes. This leaves your system vulnerable to new security threats that won't be addressed. Over time, this lack of updates can lead to compatibility issues with newer software, which might require dependencies that won't be updated on EOL systems. In practice, it also means that if you encounter any problems, getting help from the community or official support channels will be much harder as the focus shifts to newer, supported versions.
Running outdated software can also have compliance implications, especially in regulated industries where maintaining updated and secure systems is required. As a sysadmin, planning and scheduling regular upgrades is crucial to avoid downtime and ensure your systems remain safe and supported. This involves staying aware of your distro’s release and support schedules, testing new versions in staging environments, and having a clear upgrade path so you’re never caught off guard by an expired support window.
Updates vs. Upgrades: Understanding the Difference
While seemingly similar, updating and upgrading a Linux distribution refer to different operations within the context of system maintenance.
Updating a Linux distribution typically involves fetching and installing the latest versions of the installed software packages from the repositories. When you run an update command (such as apt-get update or apt update), the package manager syncs the local list of available packages with the remote repositories. After running apt-get upgrade or apt upgrade, the system retrieves and installs the updated versions of the packages without changing any major versions of the operating system itself.
In contrast, upgrading a Linux distribution usually means moving to a newer version of the distribution itself. This involves more significant changes and can include new features, new kernel versions, and more up-to-date software stacks. In Debian-based systems, this is often performed using commands like apt-get dist-upgrade or do-release-upgrade, which handle complexities beyond simple package updates like handling dependencies and potential system configuration changes.
Benefits of Updating Packages Manually vs. Relying on Automatic Updates
Manual updates offer several advantages, such as selective control, allowing admins to prioritize critical security patches while avoiding updates that could disrupt existing configurations. They also enhance change management by letting updates be scheduled during maintenance windows, minimizing downtime, and enabling testing in staging environments before deployment. This ensures smoother operation and reduced risk.
Additionally, manual updates provide customization options tailored to the system's specific needs, ensuring optimal performance. They also foster increased security awareness, as staying hands-on with updates keeps admins informed about the latest vulnerabilities and mitigations. Collectively, these benefits enable us admins to maintain a robust, secure, and well-managed environment suited to our operational requirements.
How To Enable Automatic Updates for Your Linux Distro
Should you choose to enable automatic updates for your Linux distro, here's a practical guide for doing so. This will ensure your systems are consistently updated with the latest security patches and improvements. Follow these steps for Ubuntu, Fedora, Debian, Arch Linux, and openSUSE to streamline your update process.
Ubuntu
First, install Unattended-Upgrades with sudo apt install unattended-upgrades. Then, run sudo dpkg-reconfigure --priority=low unattended-upgrades to enable it. You'll want to tweak the configuration by editing /etc/apt/apt.conf.d/50unattended-upgrades and ensure the necessary lines like "origin=Debian,codename=${distro_codename}-security"; are uncommented. If you want to auto-remove unused packages, add Unattended-Upgrade::Remove-Unused-Dependencies "true";. Finally, configure the periodic updates by editing /etc/apt/apt.conf.d/20auto-upgrades to include APT::Periodic::Update-Package-Lists "1"; and APT::Periodic::Unattended-Upgrade "1";.
Fedora
Start by installing DNF-Automatic using sudo dnf install dnf-automatic. Modify the config file /etc/dnf/automatic.conf to set apply_updates = yes. To activate it, enable the timer with sudo systemctl enable --now dnf-automatic.timer.
Debian
The process for enabling automatic updates on Debian is quite similar to Ubuntu. First, install Unattended-Upgrades with sudo apt install unattended-upgrades and enable it using sudo dpkg-reconfigure --priority=low unattended-upgrades. Edit the /etc/apt/apt.conf.d/50unattended-upgrades file to ensure proper configuration, and set up your update schedule in /etc/apt/apt.conf.d/20auto-upgrades with the lines APT::Periodic::Update-Package-Lists "1"; and APT::Periodic::Unattended-Upgrade "1";.
Arch Linux
Arch Linux users will need to take a different approach since the distro doesn't have a built-in tool for automatic updates. Start by installing cron with sudo pacman -S cronie, then enable and start it using sudo systemctl enable --now cronie. Add a cron job by editing your crontab with crontab -e and add 0 3 * * * sudo pacman -Syu --noconfirm for daily updates. Alternatively, you can set up a systemd timer. To do this, create the timer unit file /etc/systemd/system/pacman-update.timer with the appropriate content. Then create the service unit file /etc/systemd/system/pacman-update.service, and enable it with sudo systemctl enable --now pacman-update.timer.
openSUSE
Install zypper-automatic by running sudo zypper install zypper-automatic, then edit /etc/zypp/zypp.conf to set autoupdater=true. Finally, enable the timer with sudo systemctl enable --now zypper-automatic.timer.
These steps will ensure your Linux systems regularly handle updates automatically, keeping them secured and up-to-date with minimal manual intervention.
How Can I Upgrade Ubuntu & Update Packages?
Check the Installed Version of a Package:
You can use the dpkg command to check the installed version:
dpkg -s | grep Version Replace
To update individual packages:
First, update the package list:
sudo apt updateUpgrade an individual package (replace package_name with the actual package name):
sudo apt install --only-upgrade package_nameTo upgrade your current version of Ubuntu:
Update all packages and prepare the system:
sudo apt update && sudo apt upgrade -y && sudo apt dist-upgradeClean up unnecessary packages:
sudo apt autoremove && sudo apt cleanUse the do-release-upgrade command:
sudo do-release-upgradeUbuntu Release Schedule
Ubuntu has a two-year release cycle, and LTS, or 'Long Term Support, ' releases are published in April. Ubuntu has both Long-Term Support (LTS) releases and interim releases. For desktop and server versions, LTS versions are supported for 5 years, while interim releases are supported for 9 months.
How Can I Upgrade Fedora & Update Packages?
Check the Installed Version of a Package:
You can use the rpm command to check the installed version:
rpm -q Replace
To update individual packages:
Update an individual package (replace package_name with the actual package name):
sudo dnf update package_nameTo Upgrade your current version of Fedora:
Install the dnf-plugin-system-upgrade:
sudo dnf install dnf-plugin-system-upgradeDownload the upgraded packages (replace XX with the Fedora version number you want to upgrade to):
sudo dnf system-upgrade download --releasever=XXReboot and apply the upgrade:
sudo dnf system-upgrade rebootFedora Release Schedule
Fedora creates two major OS releases every year, aiming for the fourth Tuesday in April and October. Each release is supported for approximately 13 months
How Can I Upgrade Debian & Update Packages?
Check the Installed Version of a Package:
Similar to Ubuntu, you can use the dpkg command:
dpkg -s | grep Version Replace
To update individual packages:
Update the package list:
sudo apt updateUpgrade an individual package (replace package_name with the actual package name):
sudo apt install --only-upgrade package_nameTo upgrade your current version of Debian:
Update the package list and upgrade current packages:
sudo apt update && sudo apt upgrade -y && sudo apt full-upgradeChange the sources.list file to point to the new Debian release:
Open the /etc/apt/sources.list file and replace instances of the old release (e.g., buster) with the new release name (e.g., bullseye).
Update the package list and perform the upgrade:
sudo apt updatesudo apt upgradesudo apt full-upgradeReboot the system:
sudo rebootDebian Release Schedule:
Debian releases do not follow a fixed schedule. The Debian Project has released recent versions roughly every two years. Regular Debian releases are supported for about 3 years after the initial release, while LTS releases are supported for 5 years through the Long-Term Support project.
How Can I Upgrade Arch Linux & Update Packages?
Check the Installed Version of a Package:
You can use the pacman command to check the installed version:
pacman -Qi | grep Version Replace
To update individual packages:
Install or update an individual package (replace package_name with the actual package name):
sudo pacman -S package_nameArch Linux is a rolling release and does not require a full system upgrade for new versions. All packages, including the system itself, are updated with a single command:
sudo pacman -SyuArchLinux Release Schedule
Arch Linux does not have a formal release schedule or a predetermined support timeline. Instead, the distro uses a "rolling release" system where new packages are released throughout the day. Its package management allows users to easily keep systems updated. There is no fixed support period as new packages and updates are regularly provided.
How Can I Upgrade openSUSE & Update Packages?
Check the Installed Version of a Package:
You can use the rpm command to check the installed version:
rpm -q Replace
To update individual packages:
Update an individual package (replace package_name with the actual package name):
sudo zypper update package_nameTo upgrade your current version of openSUSE:
Refresh repositories and upgrade all packages:
sudo zypper refreshsudo zypper updateUpgrade the distribution:
sudo zypper dist-upgradeopenSUSE Release Schedule
openSUSE Leap Micro is released twice a year and receives maintenance updates approximately every 12 months. openSUSE Leap is supported for about 18 months per minor release or until the next minor release. openSUSE Tumbleweed is a rolling release and is continuously updated without a fixed support period.
These steps will help you upgrade each of the listed Linux distributions to their latest versions. Always ensure you have backups of your important data before performing an upgrade.
Our Final Thoughts on the Importance of Timely Linux Security Updates
Maintaining up-to-date Linux distributions
with security patches and software upgrades is not only a best practice but a necessary measure to protect against potential threats to your systems. We’ve provided detailed instructions on how to check and update existing packages on popular distributions such as Ubuntu, Fedora, Debian Arch Linux, and openSUSE. Follow these steps to ensure your system remains robust and less susceptible to attacks. Regular updates on systems and a disciplinary approach towards cybersecurity will go a long way toward protecting data and maintaining operational integrity. Remember: when undertaking significant upgrades, always back up important files first to avoid unexpected complications during the upgrade process!
