Securing the system by keeping it up-to-date
This section explains:
-
How to enable automatic updates
Why it is important to keep your system up-to-date
This section briefly explains the importance of updating your system on a regular basis.
All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Packages that have not been updated are a common cause of computer intrusions. Implement a plan for installing security patches in a timely manner to quickly eliminate discovered vulnerabilities, so they cannot be exploited.
Manual updating using GUI
This section describes how to manually download and install new updates by using GUI.
Procedure
-
Hover the cursor over the upper-left corner of the screen and type "Software" and select the Software application to open it.
-
Click the Updates button to view the available updates.
-
Click the Download button to download new updates.
-
After the updates are downloaded click the Restart & Update button. Your system will restart to perform the upgrade.
Manual updating using CLI
This section describes how to manually download and install new updates by using the DNF package manager.
Procedure
-
Upgrade the system:
sudo dnf upgrade
Confirm to download the available packages.
-
Ideally (but it is usually not required), use the
rpmconf
command to merge any config file changes you may have made with any new settings that might have been introduced by the package updates. You should do this before you reboot your system:sudo rpmconf -a
To use the advanced merge option, you will need to set the
MERGE
environment variable to an editor that is capable of performing that function (e.g.,export MERGE="vimdiff"
). See the man page for details.If you install the rpmconf DNF plugin,
rpmconf
will run automatically at the end of each upgrade. Install it using the command:sudo dnf install python3-dnf-plugin-rpmconf
其他资源
-
The
dnf(8)
manual page -
The
rpmconf(8)
manual page
Setting automatic updates
This section describes how to use the DNF Automatic application to automatically:
-
Download and install any new updates
-
Only download the updates
-
Get notified about the updates
Procedure
-
Install the dnf-automatic package:
sudo dnf install dnf-automatic
-
Edit the
/etc/dnf/automatic.conf
configuration file as needed. See the DNF Automatic documentation for details. -
Enable and start the
systemd
timer:sudo systemctl enable --now timer
Replace
timer
with one of following ones depending on what action you want to do:-
dnf-automatic-install.timer
to download and install packages -
dnf-automatic-download.timer
to only download packages -
dnf-automatic-notifyonly.timer
to only get a notification using configured emitters in the/etc/dnf/automatic.conf
file.
For example:
sudo systemctl enable --now dnf-automatic-install.timer Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic-install.timer → /usr/lib/systemd/system/dnf-automatic-install.timer.
-
-
Ensure that the timer has been successfully enabled and started:
sudo systemctl status timer
Replace
timer
with the timer from the previous step, for example:sudo systemctl status dnf-automatic-install.timer ● dnf-automatic-install.timer - dnf-automatic-install timer Loaded: loaded (/usr/lib/systemd/system/dnf-automatic-install.timer; enabled; vendor preset: disabled) Active: active (waiting) since Fri 2021-01-29 14:50:22 +08; 1s ago Trigger: Sat 2021-01-30 06:05:57 +08; 15h left Triggers: ● dnf-automatic-install.service Jan 29 14:50:22 localhost.localdomain systemd[1]: Started dnf-automatic-install timer.
其他资源
-
The DNF Automatic documentation
其他资源
-
The DNF chapter in the Fedora System Administrator’s Guide
Want to help? Learn how to contribute to Fedora Docs ›