Nowadays, the average survival time (time it takes to become infected with malware) of an unpatched computer connected directly to the Internet is less than eight minutes. The importance of keeping a Cloud Server's packages up-to-date cannot be underestimated. Fortunately, Linux makes system updates a piece of cake.

//

Debian/Ubuntu

• Update package list:

  aptitude update

• Upgrade system (security/bug fixes):
  

  aptitude safe-upgrade

• Upgrade system to newest release (dangerous!):
  

  aptitude full-upgrade

CentOS/Fedora/Red Hat

• List available updates:

  yum list updates

• Update system:
  

  yum update

• Upgrade system to newest release (dangerous!):
  

  yum upgrade

Arch

• Update package list:

  pacman -Sy

• Update system (dangerous!):
  

  pacman -Syu

Gentoo

• Update package list:

  emerge --sync

• Update explicitly installed packages:
  

  emerge --update world

• Update all packages (dangerous!):
  

  emerge --update --deep world

For more information on Linux package managers, please see General Package Installation Guidelines.

How often does a system need to be updated? That really depends on its function and what software is installed. It also depends on any recent security advisories. In general, though, you really can't go wrong by having a cron job which runs 'aptitude upgrade' (or its equivalent) on a daily basis. Major updates, such as those provided by 'aptitude dist-upgrade,' may require some testing before being enabled on a production server.

However, any software you've compiled from source will not be upgraded by your system's package manager. These packages will need to be carefully monitored, and manually patched when any security holes are fixed.