As zero-day exploits become increasingly common, keeping the kernel up to date is a top priority.
In CentOS 6.x/7.x and RHEL 6x./7.x, upgrading the Linux Kernel is a painful procedure which requires about a dozen steps. On Fedora, all it takes is a time-saving two-liner. You don’t need to concern yourself with the configuration of the grub boot manager, which is a frequent source of trouble on CentOS and RHEL.
Upgrade your Fedora installation
Update your system:
$ sudo dnf upgrade --refresh
Reboot. Next, install the dnf-plugin-system-upgrade package:
$ sudo dnf install dnf-plugin-system-upgrade
Mainline vs. Stable: download repository definitions
When upgrading your Linux kernel, you are faced with a choice between the mainline and stable branches.
Many critical cyber security fixes make it at first only into the mainline release. It can take two days or more for the mainline kernel to become the stable kernel. If you wanted to apply the most recent security fixes, you would be looking for the mainline branch kernel-vanilla-mainline. This is the most cutting-edge Linux kernel on Fedora. It is suitable for a ‘high-risk’ production environment, especially when cyber security is important to your business.
If you were to prioritize stability and insisted that it was more important to (nearly) never break anything, then kernel-vanilla-stable would be your best choice.
Download kernel repository definitions
Download the definitions for the Kernel vanilla repositories:
curl -s https://repos.fedorapeople.org/repos/thl/kernel-vanilla.repo | sudo tee /etc/yum.repos.d/kernel-vanilla.repo
Run this to install the latest mainline (aka pre-release) kernel:
sudo dnf --enablerepo=kernel-vanilla-mainline update
Running the kernel upgrade on Fedora
Either way, installing a Linux kernel upgrade on Fedora 28 is a no-brainer. Just two lines of code, which give you peace of mind if you need to always stay “ahead of the curve”. For the mainline kernel:
sudo dnf config-manager --set-enabled kernel-vanilla-mainline sudo dnf update
For the stable kernel branch:
sudo dnf config-manager --set-enabled kernel-vanilla-stable sudo dnf update
After the kernel upgrade, reboot.
Verify the upgrade of the Linux Kernel
After the reboot, verify that the kernel upgrade succeeded using the following command:
Kernel 4.17 passed the six million git objects mark
Some time ago Linus Torvalds predicted that the kernel which would pass the six million git objects mark would be released as Linux kernel 5.0. This certainly applies to kernel 4.17. Given all the changes in version 4.17, it would have certainly been worthy of the designation. One thing is for sure, the kernel version numbers are just that: numbers. Not more, not less.
Nevertheless, the only thing that really matters is keeping your IT environment secured. Obviously, upgrading the Kernel isn’t everything, but it’s certainly a critical part of it.