In this article, I am discussing the importance of software updates in your server or with web applications. We all know that software update is required, but we skip that to avoid sitting in front of it to update the same. All the applications have the option to schedule these updates automatically without our intervention. We all see a message from your operating system in your local system or in your mobile, or your web applications asking for software updates. Most of the case, we all just skip it and postpone the update. You should have to enable it unless you don’t have time to do it in a manual way.
Malicious activities and hacking are occurred due to the systems with vulnerabilities. Normally the hackers will find the version of the software installed in your web application/server or local system and using the present vulnerabilities in that specific version to intrude into the system for doing malicious activities.
If the software is properly managed by the developers, then they should release the patch for the vulnerabilities detected. So make sure to update your software to the latest available version. You can check the release notes from the developers to confirm the vulnerabilities are resolved or not.
In some cases, there should be some feature added to the software and have some optimizations to enhancing the functionalities.
Not all software are full proof, there should have some bugs in the software. Which may have critical or non-critical. The detected bug fix will add to the latest updates.
Software Updates in your server
Like in any application, updating the software packages installed in your server is important. There are lots of tools available for footprinting (collect available details of your system like software versions, open ports, known vulnerabilities etc.) the details of your system. So the software should be updated to latest version to avoid access to the intruders.
Linux Kernel Updates
Software Updates will update the kernel of your server too. In order to update the new kernel, your server needs a reboot. So need to schedule a reboot at off-peak hours to reduce the impact of the downtime.
If your server is mission critical and will not afford frequent reboots, you can use some software to update the kernel updates at runtime to avoid reboots. In my opinion, rebooting the server once in a month is good idea. It will help in updating the kernel packages and run file system checks at the reboot time. As a system administrator, I am scared to reboot a system with more than 1000 days of uptime. Most of the case it should go for file system check and may take some time for it to back online. In order to avoid the long downtime, it is good to distribute the downtime by rebooting the server at least once in a month.
Update software list in server
It resynchronizes the packages from the repositories. Normally the apt-get use the local xml file contains the list of packages, in order to update the list, we need to run update command.
For ubuntu, we need to run the following command to update.
For centos, you clear the yum cache to clear the repository xml files. Once you clear the cache, it will download the latest package lists ( xml files ) from the repositories, while we run yum command next time. So the lists will be latest.
The above command will clean all cached files while we running yum commands from the directory “/var/cache/yum/”. Sometimes we need to run this command to clear the space. You can schedule this command to clear yum cache regularly.
Update all packages with available updates
Following are the respective commands to update the available updates for the packages in centos and ubuntu variant servers.
yum update # For Centos
Overall running the following commands together to update all the packages installed in the linux system or sever.
sudo apt-get upgrade # Strictly upgrades the current packages
sudo apt-get dist-upgrade # Installs updates (new ones)
be careful while using dist-upgrade as it might also remove packages to satisfy dependencies.
Once updated you can check the following command to verify any more updates available or not.
We can make a script using the above update commands and schedule it based on the off-peak hours to update the software regularly to keep your system up to date.