Beginner guide on keeping Ubuntu server updated?


Is there a post here or library topic on keeping Ubuntu server updated?

I am a newbie to server admin. Been working with my Linodes (Ubuntu 12.04 LTS) for a while now and feel pretty comfortable.


1. Is this all you need to do to keep the server updated?

sudo apt-get update

sudo apt-get upgrade –show-upgraded

…if not what else?

2. What if something goes wrong with the above (such as: apt-get upgrade)?

I assume there is no "undo". The only super-safe thing I could think of is to do a Linode disk image backup before upgrade. Is that overkill? is there another way?



5 Replies

There isn't really an 'undo'. The only reliable thing (as far as I know) is start again … or backup your filesystem prior to updating (see below).

The following command will list the pending updates: apt-get -u upgrade --assume-no
You can review the list and decide whether or not you want to update them (individually or all).

I've found that Ubuntu 12.04 (and probably other releases, though I have no experience with them) does a good job of not feeding you updates that will break things. That being said, if anything on your VPS relies on a specific version of something you'd better make sure you don't blindly update.

When I'm not sure about an update I make a copy of my filesystem (I try to keep my active filesystem small enough that I can create a copy before I do something that may cause issues). That way I have a system-wide restore point. I do have to shutdown for a short period of time to create the copy, so I have to make sure to time it well (5am seems to be a good time based on our clients and site visitors).

I do this:

sudo apt-get update && sudo apt-get dist-upgrade

It seems to be more thorough. If something breaks, the something would need to be addressed.

That will work as long as you use packages for everything. You should do that for everything there is a package for, because it will make upgrading easier.

The main things that won't upgrade are web applications, any programs that you run for creating websites. Those will need to be upgraded manually. If they have web updaters and you use them, for security you should make the file permissions non upgradeable when you aren't upgrading. All it takes is someone to hack WordPress and use the file editor to add shell_exec() to start wrecking stuff.

Worry less (but not zero) about keeping things up to date and worry more (a lot lot lot more) about backing everything up.

Make a backup plan, test it both ways (backing up and restoring), have more then one copy in various storage locations, and automatic the notifications (both when the backup works and especially when it doesn't).

Being "Up to Date" doesn't mean you can't be hacked, having a Verified Backup off system does guarantee that you'll be back up and running will minimal fuss, crying and hair pulling.

Thanks for the input. So for backups I do this:

1. I backup all my databases as SQL dumps downloaded to my local.

2. Ditto for all website files - download to local via rsync.

3. I use the Linode backup service which backs up the entire Linode.

Items #1 and #2 above are for recovering from problems specific to the websites (all Drupal by the way).

I assume #3 is the only real option for recovering from something really major or if

sudo apt-get update && sudo apt-get dist-upgrade

goes bad? Which I guess is almost never?




Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct