How Often Should I Update our Linux Server?How do you handle updates on a server?Mirror two production servers onto two dev serversHow to update a live webserver?How often to upgrade PHP & MySQLHow can I test apt-get updates on a test box before deploying to production?Automating enabling and disabling specific services for brief maintenance windowsDebian // synchronize packages/version between multiple serversHow quickly should I action the update announcements on the CentOS mailing lists?Enforcing apt-get version continuity on UbuntuWhat is correct for security updates on Ubuntu apt-get upgrade -s | grep security or unattended upgrades?

Why was this character made Grand Maester?

Is keeping the forking link on a true fork necessary (Github/GPL)?

Did this character show any indication of wanting to rule before S8E6?

Does an eye for an eye mean monetary compensation?

Finding all files with a given extension whose base name is the name of the parent directory

Is there a simple example that empirical evidence is misleading?

Variable declaraton with extra in C

Why is the Eisenstein ideal paper so great?

Can we assume that a hash function with high collision resistance also means highly uniform distribution?

Why A=2 and B=1 in the call signs for Spirit and Opportunity?

What is the recommended procedure to land a taildragger in a crosswind?

Are cells guaranteed to get at least one mitochondrion when they divide?

Low voltage shutdown with regulator using microcontroller

Which European Languages are not Indo-European?

Why did Jon Snow admit his fault in S08E06?

What are nvme namespaces? How do they work?

What were the Ethiopians doing in Xerxes' army?

Cardio work for Muay Thai fighters

Heat lost in ideal capacitor charging

How to determine if a hyphen (-) exists inside a column

Would Buddhists help non-Buddhists continuing their attachments?

Can a ring of spell storing and access to Find spells produce an endless menagerie?

Why isn't Tyrion mentioned in the in-universe book "A Song of Ice and Fire"?

USPS Back Room - Trespassing?



How Often Should I Update our Linux Server?


How do you handle updates on a server?Mirror two production servers onto two dev serversHow to update a live webserver?How often to upgrade PHP & MySQLHow can I test apt-get updates on a test box before deploying to production?Automating enabling and disabling specific services for brief maintenance windowsDebian // synchronize packages/version between multiple serversHow quickly should I action the update announcements on the CentOS mailing lists?Enforcing apt-get version continuity on UbuntuWhat is correct for security updates on Ubuntu apt-get upgrade -s | grep security or unattended upgrades?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








55















I am responsible for managing both our production server (mail, web, database are all on one server) and our test server. Both are built on Debian. However as I am very new to system administration, I have only been installing updates as I come across things that have to be updated so that I can have newer features and get bug fixes. Its a pretty ad hoc process right now, and I'd like to make it less so.



So I am wondering how people who know what they're doing handle this? How often do you perform upgrades on your servers? Is the upgrade process different between test and production? Do you always upgrade any test servers first? And do you do a full update of all software, or do you just install selected updates?










share|improve this question




























    55















    I am responsible for managing both our production server (mail, web, database are all on one server) and our test server. Both are built on Debian. However as I am very new to system administration, I have only been installing updates as I come across things that have to be updated so that I can have newer features and get bug fixes. Its a pretty ad hoc process right now, and I'd like to make it less so.



    So I am wondering how people who know what they're doing handle this? How often do you perform upgrades on your servers? Is the upgrade process different between test and production? Do you always upgrade any test servers first? And do you do a full update of all software, or do you just install selected updates?










    share|improve this question
























      55












      55








      55


      23






      I am responsible for managing both our production server (mail, web, database are all on one server) and our test server. Both are built on Debian. However as I am very new to system administration, I have only been installing updates as I come across things that have to be updated so that I can have newer features and get bug fixes. Its a pretty ad hoc process right now, and I'd like to make it less so.



      So I am wondering how people who know what they're doing handle this? How often do you perform upgrades on your servers? Is the upgrade process different between test and production? Do you always upgrade any test servers first? And do you do a full update of all software, or do you just install selected updates?










      share|improve this question














      I am responsible for managing both our production server (mail, web, database are all on one server) and our test server. Both are built on Debian. However as I am very new to system administration, I have only been installing updates as I come across things that have to be updated so that I can have newer features and get bug fixes. Its a pretty ad hoc process right now, and I'd like to make it less so.



      So I am wondering how people who know what they're doing handle this? How often do you perform upgrades on your servers? Is the upgrade process different between test and production? Do you always upgrade any test servers first? And do you do a full update of all software, or do you just install selected updates?







      linux debian update apt






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked May 18 '09 at 15:33









      Noah GoodrichNoah Goodrich

      7,04462016




      7,04462016




















          11 Answers
          11






          active

          oldest

          votes


















          32














          I run apt-get update -qq; apt-get upgrade -duyq daily. This will check for updates, but not do them automatically.



          Then I can run the upgrades manually while I am watching, and can correct anything that might go wrong.



          Besides the security concerns of maintaining a patched system, I find that if I leave it too long between patches, I end up with a whole bunch of packages that want to be upgraded, and that scares me a-lot more than just upgrading one or two every week or so. Therefore I tend to run my upgrades weekly, or if they are high priority, daily. This has the added advantage of knowing which package broke your system (ie. if you're only upgrading a couple at a time)



          I always upgrade less critical systems first. I also have a "rollback plan" in place in case I can't fix the system. (since most of our servers are virtual, this rollback plan usually consists of taking a snapshot before the upgrade that I can revert to if necessary)



          That being said, I think an upgrade has broken something only once or twice in the past 4 years, and that was on a highly customized system - so you don't have to be TOO paranoid :)






          share|improve this answer


















          • 4





            I work very hard to touch each server every 30 days. I have 80+ servers at this point. I do them in batches by functional group or by operating system.

            – Thomas Denton
            May 18 '09 at 17:13






          • 2





            We have a cron script that runs the equivalent for our SLES/OpenSuSE boxes nightly; when it finds that it needs packages, it submits a ticket to the system administration queue in our trouble ticket system. (It keeps track of which ones it's submitted before in a file in /tmp so that it doesn't spam the queue.)

            – Karl Katzke
            Jun 6 '09 at 22:23






          • 4





            Debian has two packages, apticron and cron-apt, which do a similar thing and email you if there are any updates available. IME, apticron has the edge by emailing you the changelog so you can see what has changed.

            – David Pashley
            Jun 6 '09 at 22:28


















          11














          On top of previous answers - a couple more specifically Debian things: you should Subscribe to debian-security-announce and debian-announce and / or check out the Debian Security page.






          share|improve this answer






























            6














            Assuming you are running the stable release of Debian, most patches will be security or bug related which should mean that there won't be too many major changes between versions of any given package. According to the debian patch policy patches should also have been in testing for some time before being moved to the stable branch by the maintainer. Obviously This won't stop breakages when patching but should prevent them in most cases.



            It would be prudent to ensure that your testing sever is kept upto date and any packages that have bugs affecting you and your servers should be kept up to date. All packages that have security advisories against them should be updated as soon as you know the patch is stable.



            Debian is usually a very stable OS and not one you should be overly concerned with breakages on however always read what is going to be updated before it get updated and keep an eye out for anything that seems strange. I use VCS on my /etc/ dir as well to ensure that any config file changes can be seen with a 'git diff' command.






            share|improve this answer






























              3














              I do a dry run (first) to see what is going to be updated. Sometimes, libraries (lets call it libfoo for this example) change their API, which breaks programs that we wrote / installed ourselves. If some critical library is updated, I grab the source and try rebuilding our stuff against it prior to updating.



              I also check to see that we're not jumping to an intermediate version of some public service, ie apache, etc. I'd rather stay a year behind and not encounter random breakage, unless the update is critical.



              If you are a system administrator, you should be pulling RSS feeds from sites like Secunia, which should let you know way ahead of time if your distro is going to be pushing some patches.



              Do not ever, ever just blindly upgrade / update. Unfortunately, the task of knowing what is broken falls on you, not your distro package manager, especially if your systems support programmers.






              share|improve this answer






























                2














                Where I work we have a pretty extensive process that involves using software called PatchLink to notify us of the most important security related updates, and we apply them after testing, on a package by package basis. We have thousands of servers though.



                If you only have two servers the process should be much simpler. Although I do not think doing an "apt-get update/upgrade" is your best bet.



                I would monitor patches for the software you are running, and make decisions based on the fixes in those releases on when to upgrade.



                Since you have a test server, obviously, always test the update before applying them.






                share|improve this answer






























                  2














                  Manual updates are best as mentioned here in the sense that you can see what's happening. However, for very large numbers of servers that might become impractical. Dry run is a standard practice, in fact, most package managers will ask you before proceeding.



                  Updating regularly tends to be best though it can be a bit of a balancing act. Frequent updates means less in one go and less to go wrong at once. If things do go wrong there are fewer candidates to inspect. Packages are also slightly better at updating in smaller steps, as generally when the programmer updates they're looking at going from the last version to the next, whether they'll give any attention beyond the last version can vary, though this tends to matter mostly for software that's rapidly evolving.



                  Not all updates are non-disruptive. You'll want to watch out for this. Some will restart services leading to down time.



                  In an ideal setup you might have the following:



                  • A means of seemlesly switching servers (A/B or tick tock). This means you update one while it's on the bench, then simply swap the traffic from the current one to the new one. This may be more complicated for services such as databases.

                  • The ability to test updates. You should have test servers that are practically clones of production (but without connecting to any production services). These would allow you to test updates first.

                  • A good backup strategy, incremental is ideal. You never know. It's always better to be safe than sorry.

                  • Be aware of which times have the most activity and what level of downtime is tolerable.

                  • Know how to rollback an update or a specific package.

                  • Have your own package mirrors so updates are consistent and predictable across servers. This is the first step towards a decent unattended system that you can trust. It means you can update the mirror, run update on one or more test machine then if that's good let it go out automatically. I had an excellent time with aptly managing around 800 EPOS machines.

                  • A good level of consistency so that you can know that if something will work here, it'll work there.

                  Some of these can be overkill to varying degrees for small setups but should be kept in mind.



                  Generally speaking, updates are usually relatively painless for server distros. This is because they nearly always only stick to bug fixes and security updates. You may however have problems if people have done odd things to the system or you add additional package sources.



                  Although it's moderately rare, they do occasionally make mistakes and break compatibility between minor package versions.






                  share|improve this answer






























                    1














                    I like cron-apt to automate this process, but as @dinomite pointed out on another question regarding updates, configuring it specifically to automate security-related updates is a very smart idea -- you can then manually update what you need. I had been using cron-apt for all updates but actually changed this based on his answer. If you like it, you should probably vote his answer up rather than this one.






                    share|improve this answer
































                      1














                      On debian i install cron-apt and edit its configuration file to mail me if ther are any changes. this way i get notified if there are updates for my systems and do the updates by hand






                      share|improve this answer






























                        1














                        Along the same lines as cron-apt you should take a look at the unattended-upgrades package http://packages.debian.org/lenny/unattended-upgrades.



                        Its very easy to configure and will enable you to have security updates downloaded and applied automatically but leave other updates for manual upgrading (or at your discretion upgrade everything!).



                        The Official Ubuntu Server Guide, has a reasonably detailed section covering the use of the unattended-upgrades package https://help.ubuntu.com/9.04/serverguide/C/automatic-updates.html



                        Note: depending on your level of caution/paranoia you can do a rolling upgrade on a group of test servers first, then if there are not issues, allow your production boxes to update, although I personally have not come across any trouble with security updates wrecking havoc so far (knock on wood)...



                        There is also a config option to mail you the results of each security update as well, once its applied. Also, if there were any dialog or interactive prompts that were presented during the update, ones that will need manual tweaking by a sysadmin, it will mention these as well.






                        share|improve this answer
































                          1














                          I personally turn off automatic updates and do not regularly perform any sort of updating of packages on servers in my environments, unless: (a) there is an important CERT advisory for one of packages on my system; (b) I need to upgrade individual packages for specific reasons; (c) OS or packages are reaching end-of-cycle, they won't be supported any more and we need to continue having support. My reasoning is that upgrading without knowing what's being changed or why leaves too much room for something breaking. I've been doing things like this for going on 14 years and it works well.






                          share|improve this answer






























                            0














                            Besides the stuff that is mentioned you should use some kind of monitoring tool (Nagios or whatever floats your boat) to alert you of updates.



                            As far as how often goes: As soon as there's an update available!






                            share|improve this answer























                              Your Answer








                              StackExchange.ready(function()
                              var channelOptions =
                              tags: "".split(" "),
                              id: "2"
                              ;
                              initTagRenderer("".split(" "), "".split(" "), channelOptions);

                              StackExchange.using("externalEditor", function()
                              // Have to fire editor after snippets, if snippets enabled
                              if (StackExchange.settings.snippets.snippetsEnabled)
                              StackExchange.using("snippets", function()
                              createEditor();
                              );

                              else
                              createEditor();

                              );

                              function createEditor()
                              StackExchange.prepareEditor(
                              heartbeatType: 'answer',
                              autoActivateHeartbeat: false,
                              convertImagesToLinks: true,
                              noModals: true,
                              showLowRepImageUploadWarning: true,
                              reputationToPostImages: 10,
                              bindNavPrevention: true,
                              postfix: "",
                              imageUploader:
                              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
                              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
                              allowUrls: true
                              ,
                              onDemand: true,
                              discardSelector: ".discard-answer"
                              ,immediatelyShowMarkdownHelp:true
                              );



                              );













                              draft saved

                              draft discarded


















                              StackExchange.ready(
                              function ()
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f9490%2fhow-often-should-i-update-our-linux-server%23new-answer', 'question_page');

                              );

                              Post as a guest















                              Required, but never shown

























                              11 Answers
                              11






                              active

                              oldest

                              votes








                              11 Answers
                              11






                              active

                              oldest

                              votes









                              active

                              oldest

                              votes






                              active

                              oldest

                              votes









                              32














                              I run apt-get update -qq; apt-get upgrade -duyq daily. This will check for updates, but not do them automatically.



                              Then I can run the upgrades manually while I am watching, and can correct anything that might go wrong.



                              Besides the security concerns of maintaining a patched system, I find that if I leave it too long between patches, I end up with a whole bunch of packages that want to be upgraded, and that scares me a-lot more than just upgrading one or two every week or so. Therefore I tend to run my upgrades weekly, or if they are high priority, daily. This has the added advantage of knowing which package broke your system (ie. if you're only upgrading a couple at a time)



                              I always upgrade less critical systems first. I also have a "rollback plan" in place in case I can't fix the system. (since most of our servers are virtual, this rollback plan usually consists of taking a snapshot before the upgrade that I can revert to if necessary)



                              That being said, I think an upgrade has broken something only once or twice in the past 4 years, and that was on a highly customized system - so you don't have to be TOO paranoid :)






                              share|improve this answer


















                              • 4





                                I work very hard to touch each server every 30 days. I have 80+ servers at this point. I do them in batches by functional group or by operating system.

                                – Thomas Denton
                                May 18 '09 at 17:13






                              • 2





                                We have a cron script that runs the equivalent for our SLES/OpenSuSE boxes nightly; when it finds that it needs packages, it submits a ticket to the system administration queue in our trouble ticket system. (It keeps track of which ones it's submitted before in a file in /tmp so that it doesn't spam the queue.)

                                – Karl Katzke
                                Jun 6 '09 at 22:23






                              • 4





                                Debian has two packages, apticron and cron-apt, which do a similar thing and email you if there are any updates available. IME, apticron has the edge by emailing you the changelog so you can see what has changed.

                                – David Pashley
                                Jun 6 '09 at 22:28















                              32














                              I run apt-get update -qq; apt-get upgrade -duyq daily. This will check for updates, but not do them automatically.



                              Then I can run the upgrades manually while I am watching, and can correct anything that might go wrong.



                              Besides the security concerns of maintaining a patched system, I find that if I leave it too long between patches, I end up with a whole bunch of packages that want to be upgraded, and that scares me a-lot more than just upgrading one or two every week or so. Therefore I tend to run my upgrades weekly, or if they are high priority, daily. This has the added advantage of knowing which package broke your system (ie. if you're only upgrading a couple at a time)



                              I always upgrade less critical systems first. I also have a "rollback plan" in place in case I can't fix the system. (since most of our servers are virtual, this rollback plan usually consists of taking a snapshot before the upgrade that I can revert to if necessary)



                              That being said, I think an upgrade has broken something only once or twice in the past 4 years, and that was on a highly customized system - so you don't have to be TOO paranoid :)






                              share|improve this answer


















                              • 4





                                I work very hard to touch each server every 30 days. I have 80+ servers at this point. I do them in batches by functional group or by operating system.

                                – Thomas Denton
                                May 18 '09 at 17:13






                              • 2





                                We have a cron script that runs the equivalent for our SLES/OpenSuSE boxes nightly; when it finds that it needs packages, it submits a ticket to the system administration queue in our trouble ticket system. (It keeps track of which ones it's submitted before in a file in /tmp so that it doesn't spam the queue.)

                                – Karl Katzke
                                Jun 6 '09 at 22:23






                              • 4





                                Debian has two packages, apticron and cron-apt, which do a similar thing and email you if there are any updates available. IME, apticron has the edge by emailing you the changelog so you can see what has changed.

                                – David Pashley
                                Jun 6 '09 at 22:28













                              32












                              32








                              32







                              I run apt-get update -qq; apt-get upgrade -duyq daily. This will check for updates, but not do them automatically.



                              Then I can run the upgrades manually while I am watching, and can correct anything that might go wrong.



                              Besides the security concerns of maintaining a patched system, I find that if I leave it too long between patches, I end up with a whole bunch of packages that want to be upgraded, and that scares me a-lot more than just upgrading one or two every week or so. Therefore I tend to run my upgrades weekly, or if they are high priority, daily. This has the added advantage of knowing which package broke your system (ie. if you're only upgrading a couple at a time)



                              I always upgrade less critical systems first. I also have a "rollback plan" in place in case I can't fix the system. (since most of our servers are virtual, this rollback plan usually consists of taking a snapshot before the upgrade that I can revert to if necessary)



                              That being said, I think an upgrade has broken something only once or twice in the past 4 years, and that was on a highly customized system - so you don't have to be TOO paranoid :)






                              share|improve this answer













                              I run apt-get update -qq; apt-get upgrade -duyq daily. This will check for updates, but not do them automatically.



                              Then I can run the upgrades manually while I am watching, and can correct anything that might go wrong.



                              Besides the security concerns of maintaining a patched system, I find that if I leave it too long between patches, I end up with a whole bunch of packages that want to be upgraded, and that scares me a-lot more than just upgrading one or two every week or so. Therefore I tend to run my upgrades weekly, or if they are high priority, daily. This has the added advantage of knowing which package broke your system (ie. if you're only upgrading a couple at a time)



                              I always upgrade less critical systems first. I also have a "rollback plan" in place in case I can't fix the system. (since most of our servers are virtual, this rollback plan usually consists of taking a snapshot before the upgrade that I can revert to if necessary)



                              That being said, I think an upgrade has broken something only once or twice in the past 4 years, and that was on a highly customized system - so you don't have to be TOO paranoid :)







                              share|improve this answer












                              share|improve this answer



                              share|improve this answer










                              answered May 18 '09 at 16:01









                              Brent Brent

                              14.6k166195




                              14.6k166195







                              • 4





                                I work very hard to touch each server every 30 days. I have 80+ servers at this point. I do them in batches by functional group or by operating system.

                                – Thomas Denton
                                May 18 '09 at 17:13






                              • 2





                                We have a cron script that runs the equivalent for our SLES/OpenSuSE boxes nightly; when it finds that it needs packages, it submits a ticket to the system administration queue in our trouble ticket system. (It keeps track of which ones it's submitted before in a file in /tmp so that it doesn't spam the queue.)

                                – Karl Katzke
                                Jun 6 '09 at 22:23






                              • 4





                                Debian has two packages, apticron and cron-apt, which do a similar thing and email you if there are any updates available. IME, apticron has the edge by emailing you the changelog so you can see what has changed.

                                – David Pashley
                                Jun 6 '09 at 22:28












                              • 4





                                I work very hard to touch each server every 30 days. I have 80+ servers at this point. I do them in batches by functional group or by operating system.

                                – Thomas Denton
                                May 18 '09 at 17:13






                              • 2





                                We have a cron script that runs the equivalent for our SLES/OpenSuSE boxes nightly; when it finds that it needs packages, it submits a ticket to the system administration queue in our trouble ticket system. (It keeps track of which ones it's submitted before in a file in /tmp so that it doesn't spam the queue.)

                                – Karl Katzke
                                Jun 6 '09 at 22:23






                              • 4





                                Debian has two packages, apticron and cron-apt, which do a similar thing and email you if there are any updates available. IME, apticron has the edge by emailing you the changelog so you can see what has changed.

                                – David Pashley
                                Jun 6 '09 at 22:28







                              4




                              4





                              I work very hard to touch each server every 30 days. I have 80+ servers at this point. I do them in batches by functional group or by operating system.

                              – Thomas Denton
                              May 18 '09 at 17:13





                              I work very hard to touch each server every 30 days. I have 80+ servers at this point. I do them in batches by functional group or by operating system.

                              – Thomas Denton
                              May 18 '09 at 17:13




                              2




                              2





                              We have a cron script that runs the equivalent for our SLES/OpenSuSE boxes nightly; when it finds that it needs packages, it submits a ticket to the system administration queue in our trouble ticket system. (It keeps track of which ones it's submitted before in a file in /tmp so that it doesn't spam the queue.)

                              – Karl Katzke
                              Jun 6 '09 at 22:23





                              We have a cron script that runs the equivalent for our SLES/OpenSuSE boxes nightly; when it finds that it needs packages, it submits a ticket to the system administration queue in our trouble ticket system. (It keeps track of which ones it's submitted before in a file in /tmp so that it doesn't spam the queue.)

                              – Karl Katzke
                              Jun 6 '09 at 22:23




                              4




                              4





                              Debian has two packages, apticron and cron-apt, which do a similar thing and email you if there are any updates available. IME, apticron has the edge by emailing you the changelog so you can see what has changed.

                              – David Pashley
                              Jun 6 '09 at 22:28





                              Debian has two packages, apticron and cron-apt, which do a similar thing and email you if there are any updates available. IME, apticron has the edge by emailing you the changelog so you can see what has changed.

                              – David Pashley
                              Jun 6 '09 at 22:28













                              11














                              On top of previous answers - a couple more specifically Debian things: you should Subscribe to debian-security-announce and debian-announce and / or check out the Debian Security page.






                              share|improve this answer



























                                11














                                On top of previous answers - a couple more specifically Debian things: you should Subscribe to debian-security-announce and debian-announce and / or check out the Debian Security page.






                                share|improve this answer

























                                  11












                                  11








                                  11







                                  On top of previous answers - a couple more specifically Debian things: you should Subscribe to debian-security-announce and debian-announce and / or check out the Debian Security page.






                                  share|improve this answer













                                  On top of previous answers - a couple more specifically Debian things: you should Subscribe to debian-security-announce and debian-announce and / or check out the Debian Security page.







                                  share|improve this answer












                                  share|improve this answer



                                  share|improve this answer










                                  answered May 18 '09 at 16:12









                                  x3jax3ja

                                  27328




                                  27328





















                                      6














                                      Assuming you are running the stable release of Debian, most patches will be security or bug related which should mean that there won't be too many major changes between versions of any given package. According to the debian patch policy patches should also have been in testing for some time before being moved to the stable branch by the maintainer. Obviously This won't stop breakages when patching but should prevent them in most cases.



                                      It would be prudent to ensure that your testing sever is kept upto date and any packages that have bugs affecting you and your servers should be kept up to date. All packages that have security advisories against them should be updated as soon as you know the patch is stable.



                                      Debian is usually a very stable OS and not one you should be overly concerned with breakages on however always read what is going to be updated before it get updated and keep an eye out for anything that seems strange. I use VCS on my /etc/ dir as well to ensure that any config file changes can be seen with a 'git diff' command.






                                      share|improve this answer



























                                        6














                                        Assuming you are running the stable release of Debian, most patches will be security or bug related which should mean that there won't be too many major changes between versions of any given package. According to the debian patch policy patches should also have been in testing for some time before being moved to the stable branch by the maintainer. Obviously This won't stop breakages when patching but should prevent them in most cases.



                                        It would be prudent to ensure that your testing sever is kept upto date and any packages that have bugs affecting you and your servers should be kept up to date. All packages that have security advisories against them should be updated as soon as you know the patch is stable.



                                        Debian is usually a very stable OS and not one you should be overly concerned with breakages on however always read what is going to be updated before it get updated and keep an eye out for anything that seems strange. I use VCS on my /etc/ dir as well to ensure that any config file changes can be seen with a 'git diff' command.






                                        share|improve this answer

























                                          6












                                          6








                                          6







                                          Assuming you are running the stable release of Debian, most patches will be security or bug related which should mean that there won't be too many major changes between versions of any given package. According to the debian patch policy patches should also have been in testing for some time before being moved to the stable branch by the maintainer. Obviously This won't stop breakages when patching but should prevent them in most cases.



                                          It would be prudent to ensure that your testing sever is kept upto date and any packages that have bugs affecting you and your servers should be kept up to date. All packages that have security advisories against them should be updated as soon as you know the patch is stable.



                                          Debian is usually a very stable OS and not one you should be overly concerned with breakages on however always read what is going to be updated before it get updated and keep an eye out for anything that seems strange. I use VCS on my /etc/ dir as well to ensure that any config file changes can be seen with a 'git diff' command.






                                          share|improve this answer













                                          Assuming you are running the stable release of Debian, most patches will be security or bug related which should mean that there won't be too many major changes between versions of any given package. According to the debian patch policy patches should also have been in testing for some time before being moved to the stable branch by the maintainer. Obviously This won't stop breakages when patching but should prevent them in most cases.



                                          It would be prudent to ensure that your testing sever is kept upto date and any packages that have bugs affecting you and your servers should be kept up to date. All packages that have security advisories against them should be updated as soon as you know the patch is stable.



                                          Debian is usually a very stable OS and not one you should be overly concerned with breakages on however always read what is going to be updated before it get updated and keep an eye out for anything that seems strange. I use VCS on my /etc/ dir as well to ensure that any config file changes can be seen with a 'git diff' command.







                                          share|improve this answer












                                          share|improve this answer



                                          share|improve this answer










                                          answered May 18 '09 at 16:11









                                          PixelSmackPixelSmack

                                          48548




                                          48548





















                                              3














                                              I do a dry run (first) to see what is going to be updated. Sometimes, libraries (lets call it libfoo for this example) change their API, which breaks programs that we wrote / installed ourselves. If some critical library is updated, I grab the source and try rebuilding our stuff against it prior to updating.



                                              I also check to see that we're not jumping to an intermediate version of some public service, ie apache, etc. I'd rather stay a year behind and not encounter random breakage, unless the update is critical.



                                              If you are a system administrator, you should be pulling RSS feeds from sites like Secunia, which should let you know way ahead of time if your distro is going to be pushing some patches.



                                              Do not ever, ever just blindly upgrade / update. Unfortunately, the task of knowing what is broken falls on you, not your distro package manager, especially if your systems support programmers.






                                              share|improve this answer



























                                                3














                                                I do a dry run (first) to see what is going to be updated. Sometimes, libraries (lets call it libfoo for this example) change their API, which breaks programs that we wrote / installed ourselves. If some critical library is updated, I grab the source and try rebuilding our stuff against it prior to updating.



                                                I also check to see that we're not jumping to an intermediate version of some public service, ie apache, etc. I'd rather stay a year behind and not encounter random breakage, unless the update is critical.



                                                If you are a system administrator, you should be pulling RSS feeds from sites like Secunia, which should let you know way ahead of time if your distro is going to be pushing some patches.



                                                Do not ever, ever just blindly upgrade / update. Unfortunately, the task of knowing what is broken falls on you, not your distro package manager, especially if your systems support programmers.






                                                share|improve this answer

























                                                  3












                                                  3








                                                  3







                                                  I do a dry run (first) to see what is going to be updated. Sometimes, libraries (lets call it libfoo for this example) change their API, which breaks programs that we wrote / installed ourselves. If some critical library is updated, I grab the source and try rebuilding our stuff against it prior to updating.



                                                  I also check to see that we're not jumping to an intermediate version of some public service, ie apache, etc. I'd rather stay a year behind and not encounter random breakage, unless the update is critical.



                                                  If you are a system administrator, you should be pulling RSS feeds from sites like Secunia, which should let you know way ahead of time if your distro is going to be pushing some patches.



                                                  Do not ever, ever just blindly upgrade / update. Unfortunately, the task of knowing what is broken falls on you, not your distro package manager, especially if your systems support programmers.






                                                  share|improve this answer













                                                  I do a dry run (first) to see what is going to be updated. Sometimes, libraries (lets call it libfoo for this example) change their API, which breaks programs that we wrote / installed ourselves. If some critical library is updated, I grab the source and try rebuilding our stuff against it prior to updating.



                                                  I also check to see that we're not jumping to an intermediate version of some public service, ie apache, etc. I'd rather stay a year behind and not encounter random breakage, unless the update is critical.



                                                  If you are a system administrator, you should be pulling RSS feeds from sites like Secunia, which should let you know way ahead of time if your distro is going to be pushing some patches.



                                                  Do not ever, ever just blindly upgrade / update. Unfortunately, the task of knowing what is broken falls on you, not your distro package manager, especially if your systems support programmers.







                                                  share|improve this answer












                                                  share|improve this answer



                                                  share|improve this answer










                                                  answered May 18 '09 at 15:46









                                                  Tim PostTim Post

                                                  1,4051224




                                                  1,4051224





















                                                      2














                                                      Where I work we have a pretty extensive process that involves using software called PatchLink to notify us of the most important security related updates, and we apply them after testing, on a package by package basis. We have thousands of servers though.



                                                      If you only have two servers the process should be much simpler. Although I do not think doing an "apt-get update/upgrade" is your best bet.



                                                      I would monitor patches for the software you are running, and make decisions based on the fixes in those releases on when to upgrade.



                                                      Since you have a test server, obviously, always test the update before applying them.






                                                      share|improve this answer



























                                                        2














                                                        Where I work we have a pretty extensive process that involves using software called PatchLink to notify us of the most important security related updates, and we apply them after testing, on a package by package basis. We have thousands of servers though.



                                                        If you only have two servers the process should be much simpler. Although I do not think doing an "apt-get update/upgrade" is your best bet.



                                                        I would monitor patches for the software you are running, and make decisions based on the fixes in those releases on when to upgrade.



                                                        Since you have a test server, obviously, always test the update before applying them.






                                                        share|improve this answer

























                                                          2












                                                          2








                                                          2







                                                          Where I work we have a pretty extensive process that involves using software called PatchLink to notify us of the most important security related updates, and we apply them after testing, on a package by package basis. We have thousands of servers though.



                                                          If you only have two servers the process should be much simpler. Although I do not think doing an "apt-get update/upgrade" is your best bet.



                                                          I would monitor patches for the software you are running, and make decisions based on the fixes in those releases on when to upgrade.



                                                          Since you have a test server, obviously, always test the update before applying them.






                                                          share|improve this answer













                                                          Where I work we have a pretty extensive process that involves using software called PatchLink to notify us of the most important security related updates, and we apply them after testing, on a package by package basis. We have thousands of servers though.



                                                          If you only have two servers the process should be much simpler. Although I do not think doing an "apt-get update/upgrade" is your best bet.



                                                          I would monitor patches for the software you are running, and make decisions based on the fixes in those releases on when to upgrade.



                                                          Since you have a test server, obviously, always test the update before applying them.







                                                          share|improve this answer












                                                          share|improve this answer



                                                          share|improve this answer










                                                          answered May 18 '09 at 15:40









                                                          WerkkreWWerkkreW

                                                          5,18631931




                                                          5,18631931





















                                                              2














                                                              Manual updates are best as mentioned here in the sense that you can see what's happening. However, for very large numbers of servers that might become impractical. Dry run is a standard practice, in fact, most package managers will ask you before proceeding.



                                                              Updating regularly tends to be best though it can be a bit of a balancing act. Frequent updates means less in one go and less to go wrong at once. If things do go wrong there are fewer candidates to inspect. Packages are also slightly better at updating in smaller steps, as generally when the programmer updates they're looking at going from the last version to the next, whether they'll give any attention beyond the last version can vary, though this tends to matter mostly for software that's rapidly evolving.



                                                              Not all updates are non-disruptive. You'll want to watch out for this. Some will restart services leading to down time.



                                                              In an ideal setup you might have the following:



                                                              • A means of seemlesly switching servers (A/B or tick tock). This means you update one while it's on the bench, then simply swap the traffic from the current one to the new one. This may be more complicated for services such as databases.

                                                              • The ability to test updates. You should have test servers that are practically clones of production (but without connecting to any production services). These would allow you to test updates first.

                                                              • A good backup strategy, incremental is ideal. You never know. It's always better to be safe than sorry.

                                                              • Be aware of which times have the most activity and what level of downtime is tolerable.

                                                              • Know how to rollback an update or a specific package.

                                                              • Have your own package mirrors so updates are consistent and predictable across servers. This is the first step towards a decent unattended system that you can trust. It means you can update the mirror, run update on one or more test machine then if that's good let it go out automatically. I had an excellent time with aptly managing around 800 EPOS machines.

                                                              • A good level of consistency so that you can know that if something will work here, it'll work there.

                                                              Some of these can be overkill to varying degrees for small setups but should be kept in mind.



                                                              Generally speaking, updates are usually relatively painless for server distros. This is because they nearly always only stick to bug fixes and security updates. You may however have problems if people have done odd things to the system or you add additional package sources.



                                                              Although it's moderately rare, they do occasionally make mistakes and break compatibility between minor package versions.






                                                              share|improve this answer



























                                                                2














                                                                Manual updates are best as mentioned here in the sense that you can see what's happening. However, for very large numbers of servers that might become impractical. Dry run is a standard practice, in fact, most package managers will ask you before proceeding.



                                                                Updating regularly tends to be best though it can be a bit of a balancing act. Frequent updates means less in one go and less to go wrong at once. If things do go wrong there are fewer candidates to inspect. Packages are also slightly better at updating in smaller steps, as generally when the programmer updates they're looking at going from the last version to the next, whether they'll give any attention beyond the last version can vary, though this tends to matter mostly for software that's rapidly evolving.



                                                                Not all updates are non-disruptive. You'll want to watch out for this. Some will restart services leading to down time.



                                                                In an ideal setup you might have the following:



                                                                • A means of seemlesly switching servers (A/B or tick tock). This means you update one while it's on the bench, then simply swap the traffic from the current one to the new one. This may be more complicated for services such as databases.

                                                                • The ability to test updates. You should have test servers that are practically clones of production (but without connecting to any production services). These would allow you to test updates first.

                                                                • A good backup strategy, incremental is ideal. You never know. It's always better to be safe than sorry.

                                                                • Be aware of which times have the most activity and what level of downtime is tolerable.

                                                                • Know how to rollback an update or a specific package.

                                                                • Have your own package mirrors so updates are consistent and predictable across servers. This is the first step towards a decent unattended system that you can trust. It means you can update the mirror, run update on one or more test machine then if that's good let it go out automatically. I had an excellent time with aptly managing around 800 EPOS machines.

                                                                • A good level of consistency so that you can know that if something will work here, it'll work there.

                                                                Some of these can be overkill to varying degrees for small setups but should be kept in mind.



                                                                Generally speaking, updates are usually relatively painless for server distros. This is because they nearly always only stick to bug fixes and security updates. You may however have problems if people have done odd things to the system or you add additional package sources.



                                                                Although it's moderately rare, they do occasionally make mistakes and break compatibility between minor package versions.






                                                                share|improve this answer

























                                                                  2












                                                                  2








                                                                  2







                                                                  Manual updates are best as mentioned here in the sense that you can see what's happening. However, for very large numbers of servers that might become impractical. Dry run is a standard practice, in fact, most package managers will ask you before proceeding.



                                                                  Updating regularly tends to be best though it can be a bit of a balancing act. Frequent updates means less in one go and less to go wrong at once. If things do go wrong there are fewer candidates to inspect. Packages are also slightly better at updating in smaller steps, as generally when the programmer updates they're looking at going from the last version to the next, whether they'll give any attention beyond the last version can vary, though this tends to matter mostly for software that's rapidly evolving.



                                                                  Not all updates are non-disruptive. You'll want to watch out for this. Some will restart services leading to down time.



                                                                  In an ideal setup you might have the following:



                                                                  • A means of seemlesly switching servers (A/B or tick tock). This means you update one while it's on the bench, then simply swap the traffic from the current one to the new one. This may be more complicated for services such as databases.

                                                                  • The ability to test updates. You should have test servers that are practically clones of production (but without connecting to any production services). These would allow you to test updates first.

                                                                  • A good backup strategy, incremental is ideal. You never know. It's always better to be safe than sorry.

                                                                  • Be aware of which times have the most activity and what level of downtime is tolerable.

                                                                  • Know how to rollback an update or a specific package.

                                                                  • Have your own package mirrors so updates are consistent and predictable across servers. This is the first step towards a decent unattended system that you can trust. It means you can update the mirror, run update on one or more test machine then if that's good let it go out automatically. I had an excellent time with aptly managing around 800 EPOS machines.

                                                                  • A good level of consistency so that you can know that if something will work here, it'll work there.

                                                                  Some of these can be overkill to varying degrees for small setups but should be kept in mind.



                                                                  Generally speaking, updates are usually relatively painless for server distros. This is because they nearly always only stick to bug fixes and security updates. You may however have problems if people have done odd things to the system or you add additional package sources.



                                                                  Although it's moderately rare, they do occasionally make mistakes and break compatibility between minor package versions.






                                                                  share|improve this answer













                                                                  Manual updates are best as mentioned here in the sense that you can see what's happening. However, for very large numbers of servers that might become impractical. Dry run is a standard practice, in fact, most package managers will ask you before proceeding.



                                                                  Updating regularly tends to be best though it can be a bit of a balancing act. Frequent updates means less in one go and less to go wrong at once. If things do go wrong there are fewer candidates to inspect. Packages are also slightly better at updating in smaller steps, as generally when the programmer updates they're looking at going from the last version to the next, whether they'll give any attention beyond the last version can vary, though this tends to matter mostly for software that's rapidly evolving.



                                                                  Not all updates are non-disruptive. You'll want to watch out for this. Some will restart services leading to down time.



                                                                  In an ideal setup you might have the following:



                                                                  • A means of seemlesly switching servers (A/B or tick tock). This means you update one while it's on the bench, then simply swap the traffic from the current one to the new one. This may be more complicated for services such as databases.

                                                                  • The ability to test updates. You should have test servers that are practically clones of production (but without connecting to any production services). These would allow you to test updates first.

                                                                  • A good backup strategy, incremental is ideal. You never know. It's always better to be safe than sorry.

                                                                  • Be aware of which times have the most activity and what level of downtime is tolerable.

                                                                  • Know how to rollback an update or a specific package.

                                                                  • Have your own package mirrors so updates are consistent and predictable across servers. This is the first step towards a decent unattended system that you can trust. It means you can update the mirror, run update on one or more test machine then if that's good let it go out automatically. I had an excellent time with aptly managing around 800 EPOS machines.

                                                                  • A good level of consistency so that you can know that if something will work here, it'll work there.

                                                                  Some of these can be overkill to varying degrees for small setups but should be kept in mind.



                                                                  Generally speaking, updates are usually relatively painless for server distros. This is because they nearly always only stick to bug fixes and security updates. You may however have problems if people have done odd things to the system or you add additional package sources.



                                                                  Although it's moderately rare, they do occasionally make mistakes and break compatibility between minor package versions.







                                                                  share|improve this answer












                                                                  share|improve this answer



                                                                  share|improve this answer










                                                                  answered May 10 at 1:59









                                                                  jgmjgmjgmjgm

                                                                  1313




                                                                  1313





















                                                                      1














                                                                      I like cron-apt to automate this process, but as @dinomite pointed out on another question regarding updates, configuring it specifically to automate security-related updates is a very smart idea -- you can then manually update what you need. I had been using cron-apt for all updates but actually changed this based on his answer. If you like it, you should probably vote his answer up rather than this one.






                                                                      share|improve this answer





























                                                                        1














                                                                        I like cron-apt to automate this process, but as @dinomite pointed out on another question regarding updates, configuring it specifically to automate security-related updates is a very smart idea -- you can then manually update what you need. I had been using cron-apt for all updates but actually changed this based on his answer. If you like it, you should probably vote his answer up rather than this one.






                                                                        share|improve this answer



























                                                                          1












                                                                          1








                                                                          1







                                                                          I like cron-apt to automate this process, but as @dinomite pointed out on another question regarding updates, configuring it specifically to automate security-related updates is a very smart idea -- you can then manually update what you need. I had been using cron-apt for all updates but actually changed this based on his answer. If you like it, you should probably vote his answer up rather than this one.






                                                                          share|improve this answer















                                                                          I like cron-apt to automate this process, but as @dinomite pointed out on another question regarding updates, configuring it specifically to automate security-related updates is a very smart idea -- you can then manually update what you need. I had been using cron-apt for all updates but actually changed this based on his answer. If you like it, you should probably vote his answer up rather than this one.







                                                                          share|improve this answer














                                                                          share|improve this answer



                                                                          share|improve this answer








                                                                          edited Apr 13 '17 at 12:14









                                                                          Community

                                                                          1




                                                                          1










                                                                          answered May 18 '09 at 16:21









                                                                          nedmnedm

                                                                          4,95052648




                                                                          4,95052648





















                                                                              1














                                                                              On debian i install cron-apt and edit its configuration file to mail me if ther are any changes. this way i get notified if there are updates for my systems and do the updates by hand






                                                                              share|improve this answer



























                                                                                1














                                                                                On debian i install cron-apt and edit its configuration file to mail me if ther are any changes. this way i get notified if there are updates for my systems and do the updates by hand






                                                                                share|improve this answer

























                                                                                  1












                                                                                  1








                                                                                  1







                                                                                  On debian i install cron-apt and edit its configuration file to mail me if ther are any changes. this way i get notified if there are updates for my systems and do the updates by hand






                                                                                  share|improve this answer













                                                                                  On debian i install cron-apt and edit its configuration file to mail me if ther are any changes. this way i get notified if there are updates for my systems and do the updates by hand







                                                                                  share|improve this answer












                                                                                  share|improve this answer



                                                                                  share|improve this answer










                                                                                  answered May 30 '09 at 19:50









                                                                                  lepolelepole

                                                                                  1,64311017




                                                                                  1,64311017





















                                                                                      1














                                                                                      Along the same lines as cron-apt you should take a look at the unattended-upgrades package http://packages.debian.org/lenny/unattended-upgrades.



                                                                                      Its very easy to configure and will enable you to have security updates downloaded and applied automatically but leave other updates for manual upgrading (or at your discretion upgrade everything!).



                                                                                      The Official Ubuntu Server Guide, has a reasonably detailed section covering the use of the unattended-upgrades package https://help.ubuntu.com/9.04/serverguide/C/automatic-updates.html



                                                                                      Note: depending on your level of caution/paranoia you can do a rolling upgrade on a group of test servers first, then if there are not issues, allow your production boxes to update, although I personally have not come across any trouble with security updates wrecking havoc so far (knock on wood)...



                                                                                      There is also a config option to mail you the results of each security update as well, once its applied. Also, if there were any dialog or interactive prompts that were presented during the update, ones that will need manual tweaking by a sysadmin, it will mention these as well.






                                                                                      share|improve this answer





























                                                                                        1














                                                                                        Along the same lines as cron-apt you should take a look at the unattended-upgrades package http://packages.debian.org/lenny/unattended-upgrades.



                                                                                        Its very easy to configure and will enable you to have security updates downloaded and applied automatically but leave other updates for manual upgrading (or at your discretion upgrade everything!).



                                                                                        The Official Ubuntu Server Guide, has a reasonably detailed section covering the use of the unattended-upgrades package https://help.ubuntu.com/9.04/serverguide/C/automatic-updates.html



                                                                                        Note: depending on your level of caution/paranoia you can do a rolling upgrade on a group of test servers first, then if there are not issues, allow your production boxes to update, although I personally have not come across any trouble with security updates wrecking havoc so far (knock on wood)...



                                                                                        There is also a config option to mail you the results of each security update as well, once its applied. Also, if there were any dialog or interactive prompts that were presented during the update, ones that will need manual tweaking by a sysadmin, it will mention these as well.






                                                                                        share|improve this answer



























                                                                                          1












                                                                                          1








                                                                                          1







                                                                                          Along the same lines as cron-apt you should take a look at the unattended-upgrades package http://packages.debian.org/lenny/unattended-upgrades.



                                                                                          Its very easy to configure and will enable you to have security updates downloaded and applied automatically but leave other updates for manual upgrading (or at your discretion upgrade everything!).



                                                                                          The Official Ubuntu Server Guide, has a reasonably detailed section covering the use of the unattended-upgrades package https://help.ubuntu.com/9.04/serverguide/C/automatic-updates.html



                                                                                          Note: depending on your level of caution/paranoia you can do a rolling upgrade on a group of test servers first, then if there are not issues, allow your production boxes to update, although I personally have not come across any trouble with security updates wrecking havoc so far (knock on wood)...



                                                                                          There is also a config option to mail you the results of each security update as well, once its applied. Also, if there were any dialog or interactive prompts that were presented during the update, ones that will need manual tweaking by a sysadmin, it will mention these as well.






                                                                                          share|improve this answer















                                                                                          Along the same lines as cron-apt you should take a look at the unattended-upgrades package http://packages.debian.org/lenny/unattended-upgrades.



                                                                                          Its very easy to configure and will enable you to have security updates downloaded and applied automatically but leave other updates for manual upgrading (or at your discretion upgrade everything!).



                                                                                          The Official Ubuntu Server Guide, has a reasonably detailed section covering the use of the unattended-upgrades package https://help.ubuntu.com/9.04/serverguide/C/automatic-updates.html



                                                                                          Note: depending on your level of caution/paranoia you can do a rolling upgrade on a group of test servers first, then if there are not issues, allow your production boxes to update, although I personally have not come across any trouble with security updates wrecking havoc so far (knock on wood)...



                                                                                          There is also a config option to mail you the results of each security update as well, once its applied. Also, if there were any dialog or interactive prompts that were presented during the update, ones that will need manual tweaking by a sysadmin, it will mention these as well.







                                                                                          share|improve this answer














                                                                                          share|improve this answer



                                                                                          share|improve this answer








                                                                                          edited Jun 6 '09 at 22:21

























                                                                                          answered Jun 6 '09 at 22:15









                                                                                          faultyserverfaultyserver

                                                                                          1,62911520




                                                                                          1,62911520





















                                                                                              1














                                                                                              I personally turn off automatic updates and do not regularly perform any sort of updating of packages on servers in my environments, unless: (a) there is an important CERT advisory for one of packages on my system; (b) I need to upgrade individual packages for specific reasons; (c) OS or packages are reaching end-of-cycle, they won't be supported any more and we need to continue having support. My reasoning is that upgrading without knowing what's being changed or why leaves too much room for something breaking. I've been doing things like this for going on 14 years and it works well.






                                                                                              share|improve this answer



























                                                                                                1














                                                                                                I personally turn off automatic updates and do not regularly perform any sort of updating of packages on servers in my environments, unless: (a) there is an important CERT advisory for one of packages on my system; (b) I need to upgrade individual packages for specific reasons; (c) OS or packages are reaching end-of-cycle, they won't be supported any more and we need to continue having support. My reasoning is that upgrading without knowing what's being changed or why leaves too much room for something breaking. I've been doing things like this for going on 14 years and it works well.






                                                                                                share|improve this answer

























                                                                                                  1












                                                                                                  1








                                                                                                  1







                                                                                                  I personally turn off automatic updates and do not regularly perform any sort of updating of packages on servers in my environments, unless: (a) there is an important CERT advisory for one of packages on my system; (b) I need to upgrade individual packages for specific reasons; (c) OS or packages are reaching end-of-cycle, they won't be supported any more and we need to continue having support. My reasoning is that upgrading without knowing what's being changed or why leaves too much room for something breaking. I've been doing things like this for going on 14 years and it works well.






                                                                                                  share|improve this answer













                                                                                                  I personally turn off automatic updates and do not regularly perform any sort of updating of packages on servers in my environments, unless: (a) there is an important CERT advisory for one of packages on my system; (b) I need to upgrade individual packages for specific reasons; (c) OS or packages are reaching end-of-cycle, they won't be supported any more and we need to continue having support. My reasoning is that upgrading without knowing what's being changed or why leaves too much room for something breaking. I've been doing things like this for going on 14 years and it works well.







                                                                                                  share|improve this answer












                                                                                                  share|improve this answer



                                                                                                  share|improve this answer










                                                                                                  answered Jan 29 '15 at 0:08









                                                                                                  Michael MartinezMichael Martinez

                                                                                                  1,70511025




                                                                                                  1,70511025





















                                                                                                      0














                                                                                                      Besides the stuff that is mentioned you should use some kind of monitoring tool (Nagios or whatever floats your boat) to alert you of updates.



                                                                                                      As far as how often goes: As soon as there's an update available!






                                                                                                      share|improve this answer



























                                                                                                        0














                                                                                                        Besides the stuff that is mentioned you should use some kind of monitoring tool (Nagios or whatever floats your boat) to alert you of updates.



                                                                                                        As far as how often goes: As soon as there's an update available!






                                                                                                        share|improve this answer

























                                                                                                          0












                                                                                                          0








                                                                                                          0







                                                                                                          Besides the stuff that is mentioned you should use some kind of monitoring tool (Nagios or whatever floats your boat) to alert you of updates.



                                                                                                          As far as how often goes: As soon as there's an update available!






                                                                                                          share|improve this answer













                                                                                                          Besides the stuff that is mentioned you should use some kind of monitoring tool (Nagios or whatever floats your boat) to alert you of updates.



                                                                                                          As far as how often goes: As soon as there's an update available!







                                                                                                          share|improve this answer












                                                                                                          share|improve this answer



                                                                                                          share|improve this answer










                                                                                                          answered Jun 3 '09 at 20:14









                                                                                                          serverhorrorserverhorror

                                                                                                          5,88821840




                                                                                                          5,88821840



























                                                                                                              draft saved

                                                                                                              draft discarded
















































                                                                                                              Thanks for contributing an answer to Server Fault!


                                                                                                              • Please be sure to answer the question. Provide details and share your research!

                                                                                                              But avoid


                                                                                                              • Asking for help, clarification, or responding to other answers.

                                                                                                              • Making statements based on opinion; back them up with references or personal experience.

                                                                                                              To learn more, see our tips on writing great answers.




                                                                                                              draft saved


                                                                                                              draft discarded














                                                                                                              StackExchange.ready(
                                                                                                              function ()
                                                                                                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f9490%2fhow-often-should-i-update-our-linux-server%23new-answer', 'question_page');

                                                                                                              );

                                                                                                              Post as a guest















                                                                                                              Required, but never shown





















































                                                                                                              Required, but never shown














                                                                                                              Required, but never shown












                                                                                                              Required, but never shown







                                                                                                              Required, but never shown

































                                                                                                              Required, but never shown














                                                                                                              Required, but never shown












                                                                                                              Required, but never shown







                                                                                                              Required, but never shown







                                                                                                              Popular posts from this blog

                                                                                                              Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

                                                                                                              Vilaño, A Laracha Índice Patrimonio | Lugares e parroquias | Véxase tamén | Menú de navegación43°14′52″N 8°36′03″O / 43.24775, -8.60070

                                                                                                              Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020