I’d love to keep our server up to date but I’m reluctant to run the virtualmin package updater on our production server in case it breaks something. Is there a way to roll back updates if they go bad or some other solution for getting the latest patches and updates onto a production box?
Virtualmin is just using the package manager to perform package updates (ie, yum/apt), it’s not using anything unusual in that regard.
However, it’s certainly always good to be cautious when applying new updates.
Having a system image or other backup from before the updates is good.
I don’t personally have experience using any sort of rollback feature within the package manager, though you could always look up the information on yum/apt to see if it contains a feature like what you’re after.
I personally just keep recent backups of /etc, and I test the updates on a test server before applying them to the live server. I do keep daily snapshots of most servers, though I don’t make a new snapshot immediately before applying an update.