Why Update the Linux System?¶

Imagine if the locks on your house were found to have vulnerabilities, thieves might take advantage of them to break in. Similarly, software in the Linux system can have security vulnerabilities that hackers could exploit to breach your server. System updates are like replacing your door locks with a more secure one, while also making the system run faster and more powerful.

The benefits of updating include:
- Fixing security vulnerabilities: Patching security issues that hackers could exploit.
- Improving performance: Optimizing program running speed and reducing lag.
- Adding new features: Such as new system tools, interface improvements, etc.
- Enhanced compatibility: Supporting new hardware or software to prevent older versions of software from failing.

Preparations Before Updating¶

Newcomers often worry, “What if the update fails?” Thus, preparing in advance is crucial:

1. Backup Important Data¶

Although system updates are generally safe, data loss may occur in case of accidents (e.g., power outages). It is recommended to back up the following:
- User files: Personal data in the /home directory (e.g., documents, photos).
- Configuration files: If you have modified system configurations (e.g., Nginx, MySQL), first copy key configurations.
- Using simple tools for backup:

  # Backup user documents to external storage (assuming external storage is mounted at /mnt/backup)
  tar -czvf /mnt/backup/system_backup.tar.gz /home/your_username/documents

2. Stop Unnecessary Services¶

If your server runs services like websites or databases, you can temporarily stop non-essential services before updating to avoid conflicts during the update:

# Stop Nginx service (example)
sudo systemctl stop nginx

# After updating, start the service again
sudo systemctl start nginx

Steps for Secure Updates (Taking Common Distributions as Examples)¶

Different Linux distributions (e.g., Ubuntu, CentOS) have slightly different update commands, but the core logic is consistent. Here are the three most common methods:

Ubuntu/Debian Systems (Using the apt Tool)¶

1. Update Package Index
   First, tell the system “which software can be updated”:

   sudo apt update

(If prompted for a password, enter your user password; note that the password won’t be displayed on the screen when typing, just press Enter after inputting.)

2. Upgrade Packages
   This step downloads and installs updated packages:

   sudo apt upgrade

• upgrade only updates installed software, not adding/removing software.
• If the system prompts about “upgradable kernel,” kernel updates require special attention (see “Kernel Update” below).

3. Handle Dependency Changes (Optional)
   If the system suggests “dist-upgrade” is available, it indicates a need to handle changes in dependencies between packages (e.g., new software requiring new libraries):

   sudo apt dist-upgrade

• Newcomer suggestion: First run upgrade. If dependency issues arise, then try dist-upgrade.

4. Update Kernel (Critical)
   The kernel is the “skeleton” of the system. Updating the kernel fixes underlying vulnerabilities:

   sudo apt list --upgradable | grep linux-image  # Check available kernel versions
   sudo apt install linux-image-5.15.0-xx-generic  # Replace with the specific version number (e.g., 5.15.0-76-generic)

• After installing the kernel, you must reboot for changes to take effect: sudo reboot.

5. Clean Up Cache (Free Up Space)
   Old package versions are cached after updates. Use the following commands to clean them:

   sudo apt autoremove  # Remove dependencies no longer needed
   sudo apt clean       # Clear cached downloaded package files

CentOS/RHEL Systems (Using yum/dnf Tools)¶

1. Update Package Index

   sudo yum check-update  # Check for updates (yum tool)
   # Or for dnf (supported in newer CentOS 8+):
   sudo dnf check-update

2. Upgrade Packages

   sudo yum update -y  # -y automatically confirms updates (newcomers: try without -y first to confirm manually)
   # Or for dnf:
   sudo dnf update -y

3. Update Kernel
   Similar to Ubuntu steps, first check the kernel version:

   uname -r  # View current kernel version
   sudo yum install kernel  # Install the latest kernel (or specify a version)
   sudo reboot  # Reboot to apply changes

3 Must-Do Things After Updating¶

1. Check if the System is Normal
   - After rebooting, log in to check for error messages (e.g., “Service not started”).
   - Use dmesg | tail to view system startup logs and confirm no critical errors.

2. Verify Status of Critical Services
   If it’s a web server (e.g., Nginx), check with:

   sudo systemctl status nginx  # Check Nginx status (green "active" indicates normal operation)

If it shows “inactive” (not running), start it with sudo systemctl start nginx.

3. Confirm the Update Took Effect
   - Check kernel version: uname -r (should show the updated kernel).
   - Check software version: nginx -v or python3 --version to confirm the updated version.

Common Issues and Solutions¶

Q1: What if the update gets stuck?¶

• Cause: Network interruptions, invalid software sources (e.g., unstable domestic mirror sources).
• Solution: Press Ctrl + C to interrupt the current operation, switch software sources (e.g., temporarily use Aliyun mirror), and then restart the update.

Q2: System won’t boot after update (black screen/ stuck at startup)?¶

• Cause: The kernel was not rebooted after update, or driver incompatibility.
• Solution:
  1. Restart the server, press arrow keys to select “Advanced Options” (CentOS/RHEL) or “Ubuntu Advanced Mode” to boot back to the pre-update kernel.
  2. If it still won’t boot, use a Linux installation USB/ISO to boot and repair the system (requires some experience; newcomers can contact your service provider for assistance).

Q3: Software fails to open after update?¶

• Cause: Mismatched dependency library versions.
• Solution: Reinstall the software (e.g., sudo apt reinstall <software-name>) or check if a newer version of the software is available.

Beginner’s Security Tips¶

1. Don’t Update Too Frequently: Choose a fixed time (e.g., early Sunday morning) to update to avoid disrupting work.
2. Prioritize Backups: Even if you don’t do a full backup, at least save key configuration files (e.g., ~/.bashrc or /etc/ssh/sshd_config).
3. Use Official Repositories: Domestic mirror sources (e.g., Aliyun, NetEase) may update slower but are more stable. Avoid third-party sources (may contain malicious software).
4. Don’t Easily Try “Test Versions”: Newcomers should start with stable updates; test versions may have unknown bugs.

Summary¶

Updating the Linux system is like “renovating and upgrading” your house. As long as you prepare well and follow the steps, you can complete the update safely. Remember: Updating is not a “risky” activity but a necessary step to protect your system’s security. If issues arise, troubleshoot using the methods above, and you’ll gradually gain more confidence in system maintenance.

For new server users, it is recommended to start by updating small software (e.g., editors, tool packages) to accumulate experience before attempting updates to core components like the kernel.