How to Update a Linux Server

Introduction

Keeping your Linux server updated is one of the simplest and most important security habits you can build. Updates fix vulnerabilities, improve stability, and bring bug fixes.

This guide is written for complete beginners. You will copy/paste commands exactly as shown, and you will learn:

• What to check before updating
• How to update safely on the most common Linux families (Ubuntu/Debian, RHEL/Alma/Rocky/CentOS, and SUSE)
• What each command does, why it matters, and what output you should expect
• When a reboot is required and how to verify services afterwards

Prerequisites

• SSH access to your server (username + password or SSH key)
• A maintenance window (updates can restart services)
• A backup or snapshot (strongly recommended)

Step-by-step

Step 1) Connect to your server using SSH

Command:

ssh root@YOUR_SERVER_IP

What it does: Opens a secure terminal session on your server.

Why it is needed: All update commands must run on the server.

Expected result: You should see a prompt like root@hostname:~# or user@hostname:~$.

Important note: If you are not root, you will use sudo in later commands.

Step 2) Identify your Linux distribution

Command:

cat /etc/os-release

What it does: Prints OS details (name, version).

Why it is needed: Update commands differ between Ubuntu/Debian and RHEL-based systems.

Expected result: Lines like NAME="Ubuntu" or NAME="AlmaLinux".

Step 3) Confirm you have enough disk space

Command:

df -h

What it does: Shows disk usage in human-readable format.

Why it is needed: Updates download packages and may fail if your disk is full.

Expected result: Your main partition (often /) should have free space. If it is near 100%, clean up first.

Step 4) Check what services are running (optional but recommended)

Command:

systemctl --type=service --state=running

What it does: Lists currently running services.

Why it is needed: After updating, you can compare and confirm important services are still running.

Expected result: A list of running services (e.g., nginx, apache2, mysql, sshd).

Updates by distribution

A) Ubuntu / Debian (APT)

A1) Refresh package lists

Command:

sudo apt update

What it does: Downloads the latest list of available packages from your configured repositories.

Why it is needed: Without this, your server may not know about newer security updates.

Expected result: You will see repository URLs and a summary like Reading package lists... Done.

Warning: If you see repository errors, stop and fix them before upgrading.

A2) Install upgrades

Command:

sudo apt upgrade -y

What it does: Installs newer versions of packages already installed on your system.

Why it is needed: This is the actual update step that patches vulnerabilities.

Expected result: Packages will download and install. You may see progress lines and prompts.

Note: Some servers prefer apt full-upgrade when kernel or dependency changes are involved. If apt upgrade says packages are “kept back”, run:

sudo apt full-upgrade -y

A3) Remove unused packages (cleanup)

Command:

sudo apt autoremove -y

What it does: Removes packages that were installed as dependencies but are no longer needed.

Why it is needed: Saves disk space and keeps the system tidy.

Expected result: A list of packages removed (or nothing to remove).

A4) Optional: reboot if the kernel or critical libraries were updated

Check if a reboot is recommended:

if [ -f /var/run/reboot-required ]; then echo "Reboot required"; else echo "No reboot required"; fi

What it does: Prints whether Ubuntu/Debian marked the system as needing a reboot.

B) AlmaLinux / Rocky / CentOS / RHEL (DNF/YUM)

B1) Update all packages

Command (modern systems):

sudo dnf update -y

Command (older CentOS):

sudo yum update -y

What it does: Refreshes metadata and updates installed packages.

Why it is needed: Applies security and bug-fix patches.

Expected result: A transaction summary and packages installing.

B2) Clean cached package files (optional)

Command:

sudo dnf clean all

What it does: Removes cached metadata and packages.

Why it is needed: Frees disk space and can help if metadata got corrupted.

C) openSUSE / SUSE Linux (Zypper)

Command:

sudo zypper refresh
sudo zypper update -y

What it does: Refreshes repositories and applies updates.

After the update: verify everything is healthy

Step 1) Reboot (only if needed)

Command:

sudo reboot

What it does: Restarts the server.

Why it may be needed: Kernel updates and some libraries require a reboot to fully apply.

Expected result: Your SSH session disconnects. Wait 30–120 seconds and reconnect.

Step 2) Confirm the server is back

Command:

uptime

What it does: Shows how long the server has been running since the last boot.

Expected result: A low “up time” (e.g., up 2 min) right after a reboot.

Step 3) Check failed services

Command:

systemctl --failed

What it does: Lists services that failed to start.

Expected result: Ideally 0 loaded units listed. If not, investigate the failed service.

Step 4) Verify your web/app stack (examples)

Depending on what you run, check the status:

sudo systemctl status nginx
sudo systemctl status apache2
sudo systemctl status mysql
sudo systemctl status mariadb
sudo systemctl status php-fpm

What it does: Shows whether each service is active.

Expected result: Lines like Active: active (running).

Conclusion

You have successfully updated your Linux server safely. The key is to (1) know your distribution, (2) run the correct update commands, and (3) verify services after the update (and reboot when required).

If you want to go one step further, schedule a recurring maintenance window and apply updates regularly (weekly or monthly depending on your risk profile).