How to Keep Your Linux Server Secure: Updating the Kernel, System Packages & Key Services

November 21, 2025 / Servers, Hosting & Email

Keeping your Linux server updated is one of the most important steps in maintaining security, stability, and performance. Outdated kernels, system packages, and services like Apache, PHP, and MySQL/MariaDB are common entry points for attackers and can lead to unexpected service failures.

This KB provides a complete, step-by-step guide to update the kernel, packages, and major web services across common Linux distributions (Ubuntu, CentOS, and AlmaLinux). It also covers how to enable automatic security updates, guaranteeing your server remains protected at all times.

Introduction

Regular updates protect your server against vulnerabilities and ensure stable performance. Whether you manage a personal VPS or a business-critical dedicated server, following consistent update practices helps prevent security breaches, downtime, and software conflicts.

Why Regular Updates Are Important?

Regular updates are important because they patch security vulnerabilities, improve server stability and compatibility, deliver important bug fixes and performance enhancements, and help prevent both kernel-level and service-level exploits. Keeping your system updated also ensures compliance with security policies. Industry experts recommend checking for and applying updates at least once a week, or enabling automatic security updates for ongoing protection.

Check Your Current System & Kernel Version

  1. Check Linux distribution version:
    cat /etc/os-release
  2. Check the current kernel version:
    uname -r

Updating the Kernel on Linux Servers

  1. Update Kernel on Ubuntu
    Ubuntu updates the kernel with its standard package updates.

    sudo apt update
    sudo apt upgrade -y

    Then reboot:

    sudo reboot

    Verify:

    uname -r
  2. Update Kernel on CentOS 7
    sudo yum update -y
    sudo reboot

    Check version:

    uname -r
  3. Update Kernel on AlmaLinux / CentOS Stream 8 / RHEL 8
    sudo dnf update -y
    sudo reboot

    Check:

    uname -r

Updating System Packages

  1. sing apt (Ubuntu / Debian)
    sudo apt update
    sudo apt upgrade -y
    sudo apt autoremove -y
  2. Using yum (CentOS 7)
    sudo yum update -y
  3. Using dnf (CentOS 8+, AlmaLinux, RHEL 8+)
    sudo dnf update -y

Enabling Automatic Security Updates

  1. Enable Auto Updates on Ubuntu
    sudo apt install unattended-upgrades -y
    sudo dpkg-reconfigure --priority=low unattended-upgrades

    To check status:

    systemctl status unattended-upgrades
  2. Enable Auto Updates on CentOS 7
    Install the tool:

    sudo yum install yum-cron -y

    Enable it:

    sudo systemctl enable --now yum-cron
  3. Enable Auto Updates on AlmaLinux / CentOS Stream 8
    Install dnf-automatic:

    sudo dnf install dnf-automatic -y

    Enable it:

    sudo systemctl enable --now dnf-automatic.timer

Updating Apache, PHP, and MySQL/MariaDB

  1. Update Apache
    Ubuntu:

    sudo apt update
    sudo apt install --only-upgrade apache2

    CentOS/AlmaLinux:

    sudo dnf update httpd -y

    Restart:

    sudo systemctl restart apache2   # Ubuntu
    sudo systemctl restart httpd     # CentOS/AlmaLinux
  2. Update PHP
    For security patches within the same version:
    Ubuntu:

    sudo apt update
    sudo apt upgrade php -y

    CentOS/AlmaLinux:

    sudo dnf update php -y

    Restart Apache or PHP-FPM:

    sudo systemctl restart php-fpm
  3. Update MySQL or MariaDB
    Ubuntu:

    sudo apt update
    sudo apt upgrade mysql-server -y

    CentOS/AlmaLinux:

    sudo dnf update mysql-server mariadb-server -y

    Restart server:

    sudo systemctl restart mysqld

Best Practices Before and After Updating

  • Always take a full backup.
  • Create a snapshot (if using a VPS).
  • Check available free disk space.
  • Update during low-traffic hours.
  • Review logs after updating:
    journalctl -xe

Troubleshooting Common Issues

  1. Broken dependencies:
    sudo apt --fix-broken install
  2. Kernel not booting
    Boot from the previous kernel via GRUB menu.
  3. Repository errors
    Check repo files in:

    /etc/apt/sources.list (Ubuntu)
    /etc/yum.repos.d/ (CentOS/AlmaLinux)
  4. Service fails to start after the update:
    sudo systemctl status <service>
    journalctl -u <service>

Conclusion

From the above article, it is clear that keeping your Linux server updated is essential for maintaining security, stability, and performance. Regularly updating the kernel, system packages, and key services, combined with automatic security updates, protects your server from vulnerabilities and ensures smooth operation.

If you need help, our support team is always available to assist you.

Ready to take your server security a step further? Learn How to switch the hardened kernel of cPanel with a standard kernel

Spread the love