System Update
As with all operating systems, updates are critical to both bug-free operation and security. Linux is no exception. One thing I’ll promise you; if you don’t apply updates regularly you’ll eventually get hacked and lose your server through some vulnerability. Fortunately there is a free automated process available to update CentOS Linux packages for us. To invoke the update routine, use PuTTY to login as root and issue the following command.
# yum –y update
Hint: The –y parameter tells yum to answer yes to all conditional questions and continue the install automatically. You can leave it out and answer those conditional questions manually.
Don’t be surprised to find that there are 100 or more packages in need of updating. Be patient, it may take 10 minutes or more. When it’s finished you should reboot your server, since a reboot will be necessary if there was a Linux kernel update. Otherwise the kernel update can’t take effect.
You should now setup a “cron job” to automatically update Linux in the future automatically. Cron is a Linux application that will execute commands at designated times. We will use cron to execute an update command similar to the one we issued above. You can set that up in webmin.
Click the System icon at the top of webmin, then click the Scheduled Cron Jobs icon. Click the text link “Create a new scheduled cron job.” Fill it out like this. You will need to execute the update command as root, as I specified above, in order for the command to have the necessary permissions.
Under “When to execute”, select “Simple schedule”. In the drop-down menu, I selected “Daily (at midnight)”. Weekly updates would probably be satisfactory, but it doesn’t hurt anything to do it daily. By the way, note that midnight to the server will most likely be midnight Greenwich time, not local time, so keep that in mind if you are watching the cron log to verify that the command is running.
Click the Create button at the bottom. You should see the new cron job in the list, and also see that it’s active.
You should start a SSH session perhaps once a month to run “yum update”, just to verify that it’s running on cron okay. Problems can arise. Checking yum activity in the /var/log/yum.log file isn’t enough, since it only tracks packages that were installed or updated. You really need to test yum yourself from time to time. Don’t turn your back on it for 6 months or a year assuming that everything is fine. You don’t want to risk accumulating vulnerabilities in your system.
# yum –y update
Hint: The –y parameter tells yum to answer yes to all conditional questions and continue the install automatically. You can leave it out and answer those conditional questions manually.
Don’t be surprised to find that there are 100 or more packages in need of updating. Be patient, it may take 10 minutes or more. When it’s finished you should reboot your server, since a reboot will be necessary if there was a Linux kernel update. Otherwise the kernel update can’t take effect.
You should now setup a “cron job” to automatically update Linux in the future automatically. Cron is a Linux application that will execute commands at designated times. We will use cron to execute an update command similar to the one we issued above. You can set that up in webmin.
Click the System icon at the top of webmin, then click the Scheduled Cron Jobs icon. Click the text link “Create a new scheduled cron job.” Fill it out like this. You will need to execute the update command as root, as I specified above, in order for the command to have the necessary permissions.
Under “When to execute”, select “Simple schedule”. In the drop-down menu, I selected “Daily (at midnight)”. Weekly updates would probably be satisfactory, but it doesn’t hurt anything to do it daily. By the way, note that midnight to the server will most likely be midnight Greenwich time, not local time, so keep that in mind if you are watching the cron log to verify that the command is running.
Click the Create button at the bottom. You should see the new cron job in the list, and also see that it’s active.
You should start a SSH session perhaps once a month to run “yum update”, just to verify that it’s running on cron okay. Problems can arise. Checking yum activity in the /var/log/yum.log file isn’t enough, since it only tracks packages that were installed or updated. You really need to test yum yourself from time to time. Don’t turn your back on it for 6 months or a year assuming that everything is fine. You don’t want to risk accumulating vulnerabilities in your system.
No comments:
Post a Comment