Security Tip # 4 – Software updates

This post is part of a series on the top 10 things I look for when securing my home Linux installations. You can find the other posts here.

Before we begin: The commands below are based on Fedora Workstation, releases 34 & 35. That is because Fedora, RHEL and variants are my personal Linux comfort zone. I have a working knowledge of Ubuntu and its variants too, so feel free to pop a question into the comments below if you want some pointers in the Ubuntu space.

Apply software updates automatically or often

Applying software updates (a.k.a patching) is necessary to get fixes for the software packages on our home Linux systems. This keeps systems up to date with security fixes, and makes new functionality available as developers and vendors roll these out.

DNF is Fedora’s default package manager, replacing YUM several releases ago. Apt is Ubuntu’s default package manager.

To check for available patches and software updates on a Fedora system:

sudo dnf check-update

You can patch your Fedora system by running:

sudo dnf update

To automate some of DNF’s functions, install dnf-automatic and configure it to your needs. This will be the subject of a future blog post. Be aware of internet data costs if you have a metered connection!

I run GNOME (Fedora’s default desktop manager), therefore much of my system’s software management happens through GNOME Software. Updates can be set to apply automatically through Preferences in the GNOME Software interface. Again be aware of internet data costs.

To keep costs down on metered connection, you can label your network connection as metered under GNOME’s Wi-Fi settings, and then configure GNOME Software to only automatically download on unmetered connections. See below.

Find out more

A final word on Tip # 4: Do the same on all devices in your home network.

Recap of my top 10 things to look for when security Linux @home

  1. Enable and use an OS-level firewall
  2. Enable SELinux or another Mandatory Access Control mechanism
  3. Use sudo
  4. Apply software updates automatically or often
  5. Use encryption
  6. Use multi-factor authentication
  7. Enable threat-detection
  8. Browse securely
  9. Limit running services
  10. Backup securely

That’s it! ‘Like’ or comment to let me know what you think of these tips so far. And check back in on Monday for Tip # 5. Until then, have a great weekend!

A glossary of terms is available here.

Once again, ensure you’re familiar with the disclaimer here!


The post references documentation and articles on Sources are linked to within the post’s content above.

Wave image from by DLKR

2 thoughts on “Security Tip # 4 – Software updates

  1. It’s true. Software updates are an essential part of a secure OS. However, incidentally, DNF also stands for Did Not Finish, in racing. So, calling Fedora’s package manager DNF doesn’t sound too reassuring.

    Liked by 2 people

    1. Thanks for your comment! Not being a racing gal, I’d never heard of that before. Can imagine that it’s not the most helpful acronym for someone who is into racing!

      Incidentally (and you probably already know this), DNF in a Linux context stands for ‘Dandified YUM.’ Anecdotally, the acronym wasn’t given an official definition when news of it was first released. So it might have, unofficially, stood for something else! 😉

      Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: