Security

Importance of software updates

UpdatesIn this article, I am discussing the importance of software updates in your server or with web applications. We all know that software update is required, but we skip that to avoid sitting in front of it to update the same. All the applications have the option to schedule these updates automatically without our intervention. We all see a message from your operating system in your local system or in your mobile, or your web applications asking for software updates. Most of the case, we all just skip it and postpone the update. You should have to enable it unless you don’t have time to do it in a manual way.

Security Vulnerabilities

Malicious activities and hacking are occurred due to the systems with vulnerabilities. Normally the hackers will find the version of the software installed in your web application/server or local system and using the present vulnerabilities in that specific version to intrude into the system for doing malicious activities.

If the software is properly managed by the developers, then they should release the patch for the vulnerabilities detected. So make sure to update your software to the latest available version. You can check the release notes from the developers to confirm the vulnerabilities are resolved or not.

Improved Functionality

In some cases, there should be some feature added to the software and have some optimizations to enhancing the functionalities.

Fixing bugs

Not all software are full proof, there should have some bugs in the software. Which may have critical or non-critical. The detected bug fix will add to the latest updates.

Software Updates in your server

Like in any application, updating the software packages installed in your server is important. There are lots of tools available for footprinting (collect available details of your system like software versions, open ports, known vulnerabilities etc.) the details of your system. So the software should be updated to latest version to avoid access to the intruders.

Linux Kernel Updates

Software Updates will update the kernel of your server too. In order to update the new kernel, your server needs a reboot. So need to schedule a reboot at off-peak hours to reduce the impact of the downtime.

If your server is mission critical and will not afford frequent reboots, you can use some software to update the kernel updates at runtime to avoid reboots. In my opinion, rebooting the server once in a month is good idea. It will help in updating the kernel packages and run file system checks at the reboot time. As a system administrator, I am scared to reboot a system with more than 1000 days of uptime. Most of the case it should go for file system check and may take some time for it to back online. In order to avoid the long downtime, it is good to distribute the downtime by rebooting the server at least once in a month.

Update software list in server

It resynchronizes the packages from the repositories. Normally the apt-get use the local xml file contains the list of packages, in order to update the list, we need to run update command.

For ubuntu, we need to run the following command to update.

apt-get update

For centos, you clear the yum cache to clear the repository xml files. Once you clear the cache, it will download the latest package lists ( xml files ) from the repositories, while we run yum command next time. So the lists will be latest.

yum clean all

The above command will clean all cached files while we running yum commands from the directory “/var/cache/yum/”. Sometimes we need to run this command to clear the space.  You can schedule this command to clear yum cache regularly.

Update all packages with available updates

Following are the respective commands to update the available updates for the packages in centos and ubuntu variant servers.

sudo apt-get upgrade # For Ubuntu
yum update # For Centos

Overall running the following commands together to update all the packages installed in the linux system or sever.

For Ubuntu

sudo apt-get update # Fetches the list of available updates,
sudo apt-get upgrade # Strictly upgrades the current packages
sudo apt-get dist-upgrade # Installs updates (new ones)

be careful while using dist-upgrade as it might also remove packages to satisfy dependencies.

For Centos

yum clean all
yum update

Once updated you can check the following command to verify any more updates available or not.

For Centos

yum check-update

For Ubuntu

apt list --upgradable

Or

apt-get -u upgrade --assume-no

We can make a script using the above update commands and schedule it based on the off-peak hours to update the software regularly to keep your system up to date.

About the author

Suhesh K.S.

Suhesh K.S.

Mr. Suhesh KS is Linux System Administrator by profession with 10 Years of work experience in Linux system administration in web hosting, data center and data warehousing industry and have worked with reputed support companies. His wide range of skills include team management, system administration ( Linux ), programming ( bash, perl, php, java ,python), web hosting, data center support, cPanel Plugin development, website optimisation, Social media marketing.