{"id":8268,"date":"2025-09-03T14:44:28","date_gmt":"2025-09-03T12:44:28","guid":{"rendered":"https:\/\/www.lrob.fr\/?p=8268"},"modified":"2025-10-10T12:58:19","modified_gmt":"2025-10-10T10:58:19","slug":"keeping-your-linux-installed-base-up-to-date","status":"publish","type":"post","link":"https:\/\/www.lrob.fr\/en\/blog\/sysadmin\/tenir-son-parc-linux-a-jour\/","title":{"rendered":"Linux servers: how to keep your servers up to date like a pro"},"content":{"rendered":"<p>At <strong>LRob<\/strong>we are prioritizing three objectives: <strong><a href=\"https:\/\/www.lrob.fr\/en\/features\/secure-web-host-cybersecurity\/\">safety<\/a><\/strong>, <strong><a href=\"https:\/\/www.lrob.fr\/en\/features\/most-reliable-web-host\/\">availability<\/a><\/strong>, <strong><a href=\"https:\/\/www.lrob.fr\/en\/features\/web-host-best-performance\/\">performance<\/a><\/strong>. And that's why our update policy is deliberate. <strong>simple<\/strong>, <strong>readable<\/strong>, <strong>repeatable<\/strong>... and above all <strong>frequent<\/strong>.<\/p>\n\n\n\n<p>We are convinced that <a href=\"https:\/\/www.lrob.fr\/en\/features\/secure-web-host-cybersecurity\/\"><strong>up-to-date servers<\/strong> <strong>protect against attacks<\/strong><\/a> and enable <strong>more sustainable infrastructure<\/strong>.<br>At LRob, we don't beat around the bush, either in practice or in explanation. So hang in there and find out how we keep our Linux server park clean and free of surprises.<\/p>\n\n\n\n<p><em>\u26a0\ufe0f Please note: This article is our example, our opinion, and not an absolute truth or a guide to be blindly copied for any company. Every company is different, your choices are your own and LRob cannot be held responsible for the consequences of your choices. Also, some statements may be difficult to bear in cases of cognitive dissonance - we hope this won't be too difficult to endure.<\/em><\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Contents<\/h2><nav><ul><li><a href=\"#la-base-technique-debian-ubuntu-apt\">Prerequisite: making the right choices upstream for optimal maintenance<\/a><ul><li><a href=\"#n\">Choosing a future-proof Linux distribution: Debian<\/a><\/li><li><a href=\"#u\">Software and hardware lifecycles and durations<\/a><\/li><li><a href=\"#pre-requis-choisir-un-os-fiable\">Avoid technical debt with simple architectures<\/a><\/li><\/ul><\/li><li><a href=\"#otre-routine-de-maintenance\">Maintenance policy<\/a><ul><li><a href=\"#p\">Basic principles of good maintenance<\/a><\/li><li><a href=\"#approche-incrementale\">Incremental approach<\/a><\/li><li><a href=\"#l\">Invalid reasons to delay updates<\/a><\/li><li><a href=\"#cadence-ce-qui-est-auto-ce-qui-reste-humain\">Update frequency: automatic vs. manual, standby, major decisions<\/a><\/li><li><a href=\"#une-routine-claire-reproductible\">The manual upgrade command: apt (and apt-get)<\/a><\/li><li><a href=\"#r\">Reboot or not reboot?<\/a><\/li><\/ul><\/li><li><a href=\"#ce-que-vous-gagnez-concretement\">What you gain with frequent scheduled updates<\/a><\/li><li><a href=\"#les-bonnes-questions-a-poser-a-votre-hebergeur\">Hosted customer: the right questions to ask your hosting provider<\/a><\/li><li><a href=\"#lapproche-l-rob-en-une-ligne\">The LRob approach, in a nutshell<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"la-base-technique-debian-ubuntu-apt\">Prerequisite: making the right choices upstream for optimal maintenance<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"n\">Choosing a future-proof Linux distribution: Debian<\/h3>\n\n\n\n<p>Let's be clear: a policy of upgrading to the wrong OS is pointless. The OS must be the most <strong>stable and predictable<\/strong> possible, including <strong>when applying updates<\/strong>. So choose wisely.<\/p>\n\n\n\n<p>Our choice won't be unanimous, but it's definitely a safe bet. We think it's the safest distribution of all: We standardize our servers on <strong>Debian<\/strong>.<\/p>\n\n\n\n<p><strong>Why?<\/strong> For its <strong>simplicity<\/strong>his <strong>stability<\/strong>his <strong>predictability<\/strong> and its <strong>community governance<\/strong>. Debian is a <strong>sober base<\/strong>who was able to show <strong>reliable over the long term<\/strong>. Debian also allows major distribution version upgrades, which can be useful, although we prefer reinstallation on a \"fresh\", newer and more powerful server. At LRob, major releases are seen as an opportunity to update the installed base.<\/p>\n\n\n\n<p>We believe that <strong>Debian is much more reliable<\/strong> for production than its \"forks\" (derivatives) like Ubuntu, whose policy seems less stable to us (as do the latest versions of the packages often offered), or even than some pay distributions whose pricing policy can change and hold you prisoner, ruining, in our view, much of the appeal of Linux.<\/p>\n\n\n\n<p>Because Debian also has the advantage of being entirely <strong>free and open-source<\/strong> and therefore <strong>free of charge<\/strong>. The money saved can then be used for <strong>maintain <strong>properly<\/strong> its fleet in-house<\/strong>... Or if your structure is big enough, why not go as far as improving Debian and Linux. Because \"open-source\" also means \"community\", and that's never stopped private individuals from improving it for themselves and for others. It also gives visibility and a positive image. It's a win-win situation.<\/p>\n\n\n\n<p>Of course, standardization is a key factor in efficient maintenance. We therefore believe that the chosen OS should be standardized across almost all servers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"u\">Software and hardware lifecycles and durations<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">At LRob, <strong>a server does not remain in production beyond 5 years<\/strong> (OS and\/or hardware). Our forecasts even include <strong>an average of 2 to 3 years<\/strong>This average is only possible because we lease the servers... So we're not prisoners of a 5-year amortization period like many others. Think about it too, to get a <strong>technological lead<\/strong>.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">This means that the duration of an \"LTS\" is generally not decisive for us, particularly with regard to the <strong><a href=\"https:\/\/www.debian.org\/releases\/\" target=\"_blank\" rel=\"noopener\">long lifespan of recent Debian releases<\/a><\/strong> (~10 years).<\/p>\n\n\n\n<p class=\"has-medium-font-size\">A server is replaced according to :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>visit <strong>major releases<\/strong> OS and kernel, and their ease of upgrading Linux distributions,<\/li>\n\n\n\n<li>visit <strong>hardware evolutions<\/strong> (CPU, Storage, RAM) and available prices,<\/li>\n\n\n\n<li>visit <strong>requirements<\/strong> of the load (CPU, storage, RAM, here too).<\/li>\n<\/ul>\n\n\n\n<p>Two options:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OS upgrade<\/strong> when relevant;<\/li>\n\n\n\n<li>Often, <strong>clean reinstallation<\/strong> on <strong>newer material<\/strong> to stay in the <strong>top performance<\/strong>.<\/li>\n<\/ul>\n\n\n\n<p class=\"has-medium-font-size\"><em>Please note: The servers we stop using are then reused by other, less demanding users. The quest for performance should not prevent us from being eco-responsible. If you own your equipment and wish to renew it more regularly, there are second-hand resellers available.<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"pre-requis-choisir-un-os-fiable\">Avoid technical debt with simple architectures<\/h3>\n\n\n\n<p><strong>Multiplying software dependencies<\/strong>is as much <strong>risks<\/strong> that one of them becomes <strong>incompatible<\/strong>no <strong>maintained<\/strong>or requires the creation of a new repository, or <strong>plant to update<\/strong>.<\/p>\n\n\n\n<p>When designing your software, you must therefore <strong>choose reliable, time-tested technologies<\/strong>. Don't give in to the first fashionable language or framework that may no longer be maintained. So that the servers running this software are <strong>perennial<\/strong>can be updated efficiently, with their applications, so that you don't have to redo everything in 2 years' time... <\/p>\n\n\n\n<p><strong>Because we all know how a company reacts when everything becomes impossible to update: it stops updating altogether, thus dramatically increasing its technical debt.<\/strong><\/p>\n\n\n\n<p>Beyond the server aspect, you also need to be ready to maintain your applications to keep up with version upgrades. If only for PHP version upgrades. But the same applies to MySQL\/MariaDB, NodeJS and so on.<\/p>\n\n\n\n<p>Ultimately, apply the principles of \"KISS\": \"Keep It Stupid Simple\".<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"otre-routine-de-maintenance\">Maintenance policy<\/h2>\n\n\n\n<p><strong>Scary update<\/strong> many system administrators. Entire teams make <strong>endless, pointless meetings<\/strong> to plan each package update... And in the end <strong>lose weeks, even months<\/strong>with late versions piling up and <strong>security holes that slip through<\/strong>. Linux, in our experience, <strong>this method is absolutely counter-productive<\/strong> and <strong>a much more down-to-earth approach is much more relevant<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"p\">Basic principles of good maintenance<\/h3>\n\n\n\n<p>In the Linux environment, we have made three simple observations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keeping up to date improves security by correcting vulnerabilities discovered over time.<\/li>\n\n\n\n<li>Infrequent updating means many changes during updates, increasing the risk of multi-causal bugs, which are much harder to understand and correct than a single bug.<\/li>\n\n\n\n<li>More frequent updating reduces the number of simultaneous changes, decreases the number of potential bugs and greatly simplifies their resolution.<\/li>\n<\/ul>\n\n\n\n<p>Consequently, we deduce the following principle, which seems obvious to us:<\/p>\n\n\n\n<p class=\"is-style-text-subtitle is-style-text-subtitle--1\"><strong>Frequent updating is safer, more stable and more worry-free.<\/strong><\/p>\n\n\n\n<p>We therefore categorically believe that <strong>delaying updates is a double fault: strategic and technical.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"approche-incrementale\">Incremental approach<\/h3>\n\n\n\n<p>The idea: Go for it straightforwardly, but surely. Yes, it's antinomic, but understandable:<\/p>\n\n\n\n<p>We update a <strong>first server<\/strong>We then observe any changes and adjustments that may need to be made. We can then de <strong>repeat the procedure<\/strong> on the rest of the park... Which is normally ISO (identical) if no disparate choices were made at the design stage, and if monitoring is correct.<\/p>\n\n\n\n<p>Process <strong>foreseeable<\/strong>, <strong>reproducible<\/strong>, <strong>documented<\/strong>. In short, the definition of efficiency.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"l\">Invalid reasons to delay updates<\/h3>\n\n\n\n<p>Every day, we see fleets that are insufficiently maintained, sometimes within large companies.<br>The result: every day, companies of all sizes are hacked as a result of known security flaws.<\/p>\n\n\n\n<p>The cause? Barriers to updating. Excessive caution and precaution, leading to inaction. When it comes to maintaining a proper level of security, how far should caution go? Not too far, of course: the priority should always be to secure.<\/p>\n\n\n\n<p>What's worse? The reasons given are always the same... Here is our top list of those famous phrases we don't want to hear anymore, as well as the answers to push for real action:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>It works, so we don't touch\n<ul class=\"wp-block-list\">\n<li>-&gt; If you think like that, women still wouldn't have the right to vote.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Update may cause bugs\n<ul class=\"wp-block-list\">\n<li>-&gt; We'll take as long as it takes to resolve them.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Update will cause downtime\n<ul class=\"wp-block-list\">\n<li>-&gt; Plan this maintenance and downtime, and no one will hold it against you.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The update is not compatible with our technical debt\n<ul class=\"wp-block-list\">\n<li>-&gt; Let's fix or redo this old app' without delay.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>You can't back out of a problem easily\n<ul class=\"wp-block-list\">\n<li>-&gt; Learn how to downgrade a system package.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>We don't have backups, or they can't be restored easily enough.\n<ul class=\"wp-block-list\">\n<li>-&gt; Take immediate action and draw up a disaster recovery plan.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Lessons learned:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Excessive \"caution\" regarding security updates becomes a risk.<\/li>\n\n\n\n<li>A functional risk is better than a security risk... A hack is a stain.<\/li>\n\n\n\n<li>Knowing the risks and doing nothing has a name: irresponsibility.<\/li>\n\n\n\n<li><strong>Seeing problems is good, finding solutions is better.<\/strong><\/li>\n<\/ul>\n\n\n\n<p>If that wasn't clear enough, King Arthur has a message for you:<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69f381da4b2ff&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69f381da4b2ff\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"344\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2025\/09\/kaamelott-arthur-sortez-vous-les-doigts.webp\" alt=\"Kaamelott - Get your fingers out of your ass!\" class=\"wp-image-8270\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2025\/09\/kaamelott-arthur-sortez-vous-les-doigts.webp 640w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2025\/09\/kaamelott-arthur-sortez-vous-les-doigts-300x161.webp 300w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2025\/09\/kaamelott-arthur-sortez-vous-les-doigts-150x81.webp 150w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cadence-ce-qui-est-auto-ce-qui-reste-humain\">Update frequency: automatic vs. manual, standby, major decisions<\/h3>\n\n\n\n<p>As we've seen, frequent updating solves a number of problems in its own right.<\/p>\n\n\n\n<p>The update frequency should therefore be : <strong>as often as possible<\/strong>. However, there is a <strong>balance<\/strong> to avoid spending a lifetime on the subject, and in the end really save time, security and peace of mind.<\/p>\n\n\n\n<p>In concrete terms, here's how LRob works to achieve the best compromise between safety, time spent and reliability.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Every night on automatic<\/strong> : <strong>safe\" updates<\/strong> small application servers are configured with <code>unattended-upgrades<\/code> while Plesk web servers perform safe upgrades automatically.<\/li>\n\n\n\n<li><strong>Every 7 days max: Reading of changelogs<\/strong> of the main software used.<\/li>\n\n\n\n<li><strong>Each month, manually<\/strong> : <strong>checkup server by server<\/strong>. First check the list of changes, then apply, clean up and decide whether or not to reboot for Kernel Updates.<\/li>\n\n\n\n<li><strong>Every 1 to 6 months: assessment and planning of major version changes<\/strong> (PHP, MySQL) which have a specific update or addition process.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.lrob.fr\/en\/features\/proactive-and-curative-monitoring-24-7\/\">24\/7 monitoring<\/a><\/strong>alert and immediate intervention if necessary.<\/li>\n<\/ul>\n\n\n\n<p>The result: almost no functional changes or bugs.<br>About 1x\/year, we come across a \"breaking change\": each time, it's a minor fix, like removing or adapting an obsolete config line.<br>And also 1x\/year, a service doesn't restart correctly after an update... 24\/7 monitoring is also used for this.<\/p>\n\n\n\n<p>The $1 million question: <strong>Would you rather take emergency action for 5 minutes once a year, or spend hours, weeks or months planning overdue updates or doing them needlessly by hand?<\/strong><\/p>\n\n\n\n<p>For LRob, the answer is obvious: <strong>simplify, automate, control, monitor<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"une-routine-claire-reproductible\">The manual upgrade command : <code>apt<\/code> (and <code>apt-get<\/code>)<\/h3>\n\n\n\n<p>A server can of course be updated from a <strong>terminal<\/strong> in most cases.<\/p>\n\n\n\n<p>Under Debian, we use <strong><code>apt<\/code><\/strong> (<em>Advanced Package Tool<\/em>) for <strong>set up<\/strong>, <strong>update<\/strong> and <strong>delete<\/strong> software.<br>NB: The <code>apt<\/code> has gradually replaced <code>apt-get<\/code>.<\/p>\n\n\n\n<div class=\"wp-block-columns are-vertically-aligned-center is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<p>Our standard sequence is done in 1x so as not to forget anything:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update &amp;&amp; apt upgrade &amp;&amp; apt autoremove &amp;&amp; uptime &amp;&amp; uname -a<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><code>apt update<\/code><\/strong> refreshes the list of packages. On <strong>reads what will change<\/strong> (release notes, sensitive packages) to detect any <strong>breaking change<\/strong>.<\/li>\n\n\n\n<li><strong><code>apt upgrade<\/code><\/strong> : applies updates, since everything is fine 99.99% of the time.<\/li>\n\n\n\n<li><strong><code>apt autoremove<\/code><\/strong> cleans up old kernels and other dependencies no longer needed.<\/li>\n\n\n\n<li><strong><code>uptime<\/code><\/strong> time since last restart.<\/li>\n\n\n\n<li><strong><code>uname -a<\/code><\/strong> technical identity (kernel, architecture, etc.).<\/li>\n<\/ul>\n\n\n\n<p>Visit <code>&amp;&amp;<\/code> means : <strong>the sequence is executed only if the previous step was successful<\/strong>.<br>Fewer chain errors, more control.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69f381da4b952&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69f381da4b952\" class=\"wp-block-image size-large has-custom-border wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1024\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2025\/09\/apt-update-on-sait-pas-cque-ca-veut-dire-1024x1024.webp\" alt=\"Update policy: comande apt update - Ref cit\u00e9 de la peur &quot;We don&#039;t know what it means but the number and letter guys are on it&quot;.\" class=\"wp-image-8272\" style=\"border-radius:16px\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2025\/09\/apt-update-on-sait-pas-cque-ca-veut-dire-1024x1024.webp 1024w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2025\/09\/apt-update-on-sait-pas-cque-ca-veut-dire-300x300.webp 300w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2025\/09\/apt-update-on-sait-pas-cque-ca-veut-dire-150x150.webp 150w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2025\/09\/apt-update-on-sait-pas-cque-ca-veut-dire-1536x1536.webp 1536w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2025\/09\/apt-update-on-sait-pas-cque-ca-veut-dire.webp 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n<\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"r\">Reboot or not reboot?<\/h3>\n\n\n\n<p>Unless the OS crashes completely, <strong>there's never any need to reboot a Linux machine<\/strong>... Except for upgrading the kernel, if you're not using KernelCare or similar for a hot upgrade. For the rest, <strong>all OS services can be restarted independently<\/strong> and all configurations are editable. So <strong>if you think you need a reboot, it's probably because you haven't found the right program to restart<\/strong>... Or would you like to <strong>update kernel<\/strong>.<\/p>\n\n\n\n<p>Thus, without KernelCare, depending on the kernel in place, changelogs on new kernels, and in particular the <strong>security patches<\/strong>and from uptime, you decide whether or not to reboot the machine and switch to the new kernel.<\/p>\n\n\n\n<p>So should we reboot or not? Here's an example of our decision scale:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li> On a non-critical or redundant VPS server like a DNS \u2192 The reboot takes a few seconds, so we reboot every time a new kernel is available.<\/li>\n\n\n\n<li>On a dedicated web server \u2192 The reboot takes ~8 minutes, so it's best done for a major upgrade or security patch. And above all: at night for less disturbance.<\/li>\n\n\n\n<li>Server not rebooted for +6 months \u2192 The new kernel surely has things to bring us, we'll plan the reboot.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ce-que-vous-gagnez-concretement\">What you gain with frequent scheduled updates<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Sustainable performance<\/strong> smart equipment renewal, controlled reuse.<\/li>\n\n\n\n<li><strong>Stability<\/strong> no big bang, just <strong>small, controlled steps<\/strong>.<\/li>\n\n\n\n<li><strong>Security<\/strong> minimum exposure window, fast patches.<\/li>\n\n\n\n<li><strong>Transparency<\/strong> you know <strong>what, when, why<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"les-bonnes-questions-a-poser-a-votre-hebergeur\">Hosted customer: the right questions to ask your hosting provider<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>What is <strong>automated<\/strong> on a daily basis?<\/li>\n\n\n\n<li>How does the <strong>incident management<\/strong> ?<\/li>\n\n\n\n<li>What is the <strong>reboot policy<\/strong> (windows, redundancy, rollback)?<\/li>\n\n\n\n<li>Who <strong>bed<\/strong> sensitive changes every month, and how it's <strong>layout<\/strong> ?<\/li>\n\n\n\n<li>What is the <strong>hardware lifecycle strategy<\/strong> (perf vs. sobriety, reuse)?<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"lapproche-l-rob-en-une-ligne\">The LRob approach, in a nutshell<\/h2>\n\n\n\n<p><strong>Automation<\/strong> security patches + <strong>monthly human checkup<\/strong> + <strong>24\/7 monitoring<\/strong>with reboots <strong>tailored to service<\/strong> and equipment that's always <strong>level<\/strong>without unnecessary e-waste.<\/p>\n\n\n\n<p>Tired of struggling with a poorly maintained fleet? Migrating to LRob is simple and transparent.<\/p>\n\n\n\n<p>-&gt; Because when you're proud of your work, you show it!<br>-&gt; ? and you become a sure thing!<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.lrob.fr\/en\/web-hosting\/\">Hosting <strong>single site<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.lrob.fr\/en\/web-hosting\/web-agency\/\">Hosting <strong>multi-site \/ branch<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.lrob.fr\/en\/web-hosting\/nextcloud-private-cloud\/\">Hosting <strong>Managed Nextcloud<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.lrob.fr\/en\/services\/wordpress-webmastering\/\">Full WordPress maintenance<\/a><\/li>\n<\/ul>\n\n\n\n<p>PS: <a href=\"https:\/\/www.lrob.fr\/en\/features\/premium-web-to-lrob-migration\/\">migration to LRob is available for single sites<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Linux updates: risk or security? At LRob, we've chosen peace of mind. Find out how we maintain a clean fleet with simple, proven solutions.<\/p>","protected":false},"author":1,"featured_media":6783,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-8268","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sysadmin"],"_links":{"self":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/8268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/comments?post=8268"}],"version-history":[{"count":10,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/8268\/revisions"}],"predecessor-version":[{"id":8372,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/8268\/revisions\/8372"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/media\/6783"}],"wp:attachment":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/media?parent=8268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/categories?post=8268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/tags?post=8268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}