Securing the system by keeping it up-to-date

Securing the system by keeping it up-to-date

This section explains:

Why it is important to update your system regularly
How to apply updates manually by using the GUI or CLI
How to enable automatic updates

Why it is important to keep your system up-to-date

This section briefly explains the importance of updating your system on a regular basis.

All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Packages that have not been updated are a common cause of computer intrusions. Implement a plan for installing security patches in a timely manner to quickly eliminate discovered vulnerabilities, so they cannot be exploited.

Manual updating using GUI

This section describes how to manually download and install new updates by using GUI.

Procedure

Hover the cursor over the upper-left corner of the screen and type “Software” and select the Software application to open it.
Click the Updates button to view the available updates.
Click the Download button to download new updates.
After the updates are downloaded click the Restart & Update button. Your system will restart to perform the upgrade.

Manual updating using CLI

This section describes how to manually download and install new updates by using the DNF package manager.

Procedure

Upgrade the system:
```
sudo dnf upgrade
```
Confirm to download the available packages.

Additional Resources

The dnf(8) manual page

Setting automatic updates

This section describes how to use the DNF Automatic application to automatically:

Download and install any new updates
Only download the updates
Get notified about the updates

Procedure

Install the dnf-automatic package:
```
sudo dnf install dnf-automatic
```
Edit the /etc/dnf/automatic.conf configuration file as needed. See the DNF Automatic documentation for details.
Enable and start the systemd timer:
```
sudo systemctl enable --now timer
```
Replace *timer* with one of following ones depending on what action you want to do:
- dnf-automatic-install.timer to download and install packages
- dnf-automatic-download.timer to only download packages
- dnf-automatic-notifyonly.timer to only get a notification using configured emitters in the /etc/dnf/automatic.conf file.
For example:
```
sudo systemctl enable --now dnf-automatic-install.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic-install.timer → /usr/lib/systemd/system/dnf-automatic-install.timer.
```

Ensure that the timer has been successfully enabled and started:

sudo systemctl status timer

Replace *timer* with the timer from the previous step, for example:

sudo systemctl status dnf-automatic-install.timer
● dnf-automatic-install.timer - dnf-automatic-install timer
     Loaded: loaded (/usr/lib/systemd/system/dnf-automatic-install.timer; enabled; vendor preset: disabled)
     Active: active (waiting) since Fri 2021-01-29 14:50:22 +08; 1s ago
    Trigger: Sat 2021-01-30 06:05:57 +08; 15h left
   Triggers: ● dnf-automatic-install.service
Jan 29 14:50:22 localhost.localdomain systemd[1]: Started dnf-automatic-install timer.

Additional Resources

The DNF Automatic documentation

Additional Resources

The DNF chapter in the Fedora System Administrator’s Guide