Securing the system by keeping it up-to-date

Petr Bokoc, Mirek Jahoda, Gregory Lee Bartholomew Version unspecified Last review: 2023-12-23

This section explains:

Why it is important to keep your system up-to-date

This section briefly explains the importance of updating your system on a regular basis.

All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Packages that have not been updated are a common cause of computer intrusions. Implement a plan for installing security patches in a timely manner to quickly eliminate discovered vulnerabilities, so they cannot be exploited.

Manual updating using GUI

This section describes how to manually download and install new updates by using GUI.

Procedure

  1. Hover the cursor over the upper-left corner of the screen and type "Software" and select the Software application to open it.

  2. Click the Updates button to view the available updates.

  3. Click the Download button to download new updates.

  4. After the updates are downloaded click the Restart & Update button. Your system will restart to perform the upgrade.

Updating by using the Software application

Manual updating using CLI

This section describes how to manually download and install new updates by using the DNF package manager.

Procedure

  1. Upgrade the system:

    sudo dnf upgrade

    Confirm to download the available packages.

  2. Ideally (but it is usually not required), use the rpmconf command to merge any config file changes you may have made with any new settings that might have been introduced by the package updates. You should do this before you reboot your system:

    sudo rpmconf -a

    To use the advanced merge option, you will need to set the MERGE environment variable to an editor that is capable of performing that function (e.g., export MERGE="vimdiff"). See the man page for details.

    If you install the rpmconf DNF plugin, rpmconf will run automatically at the end of each upgrade. Install it using the command:

    sudo dnf install python3-dnf-plugin-rpmconf

其他资源

  • The dnf(8) manual page

  • The rpmconf(8) manual page

Setting automatic updates

This section describes how to use the DNF Automatic application to automatically:

  • Download and install any new updates

  • Only download the updates

  • Get notified about the updates

Procedure

  1. Install the dnf-automatic package:

    sudo dnf install dnf-automatic
  2. Edit the /etc/dnf/automatic.conf configuration file as needed. See the DNF Automatic documentation for details.

  3. Enable and start the systemd timer:

    sudo systemctl enable --now timer

    Replace timer with one of following ones depending on what action you want to do:

    • dnf-automatic-install.timer to download and install packages

    • dnf-automatic-download.timer to only download packages

    • dnf-automatic-notifyonly.timer to only get a notification using configured emitters in the /etc/dnf/automatic.conf file.

    For example:

    sudo systemctl enable --now dnf-automatic-install.timer
    Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic-install.timer → /usr/lib/systemd/system/dnf-automatic-install.timer.
  4. Ensure that the timer has been successfully enabled and started:

    sudo systemctl status timer

    Replace timer with the timer from the previous step, for example:

    sudo systemctl status dnf-automatic-install.timer
    ● dnf-automatic-install.timer - dnf-automatic-install timer
         Loaded: loaded (/usr/lib/systemd/system/dnf-automatic-install.timer; enabled; vendor preset: disabled)
         Active: active (waiting) since Fri 2021-01-29 14:50:22 +08; 1s ago
        Trigger: Sat 2021-01-30 06:05:57 +08; 15h left
       Triggers: ● dnf-automatic-install.service
    
    Jan 29 14:50:22 localhost.localdomain systemd[1]: Started dnf-automatic-install timer.

其他资源

其他资源

  • The DNF chapter in the Fedora System Administrator’s Guide