RHEL7: Configure automatic updates.


The yum-cron package provides a convenient way to check for, download and apply updates automatically.

Installation procedure

Install the yum-cron package:

# yum install -y yum-cron

Start the yum-cron service:

# systemctl start yum-cron

By default, the configuration of the yum-cron service is done through two files following exactly the same syntax:

  • /etc/yum/yum-cron.conf defines what is done once every day,
  • /etc/yum/yum-cron-hourly.conf defines what is done once every hour.

Still by default, no action in defined in the /etc/yum/yum-cron-hourly.conf file. Conversely, in the /etc/yum/yum-cron.conf file associated with daily actions, instructions are given to send a message on stdio (which means written into the /var/log/cron file) when any update is available (see update categories below), to download it without applying it.

Configuration syntax

In any of the two configuration files, configuration is defined through the following directives:

  • update_cmd = value specifies the category of upgrade where value can take:
    • default for yum upgrade,
    • security for yum –security upgrade,
    • security-severity:Critical for yum –sec-severity=Critical upgrade,
    • minimal for yum –bugfix upgrade-minimal,
    • minimal-security for yum –security upgrade-minimal,
    • minimal-security-severity:Critical for yum –sec-severity=Critical upgrade-minimal.
  • update_messages = yes/no defines whether a mail is sent when updates from the previously specified category are available.
  • download_updates = yes/no specifies whether these available updates need to be downloaded.
  • apply_updates = yes/no defines whether these available updates need to be applied.
  • random_sleep = 15 specifies the maximum time in minutes to randomly sleep preserving bandwidth and avoiding download storms.
  • emit_via = stdio/email/none defines what kind of message is used: stdio means written into the /var/log/cron file, email causes a mail to be sent, none doesn’t do anything.
  • email_from = root@localhostemail_to = rootemail_host = localhost defines respectively when the message is a mail the originator’s email address, the recipient’s email address and the host to which the mail is sent.

Note: As the official CentOS repositories don’t provide any security metadata, update_cmd = default is the only option that works (see here for details). To get these security metadata, you will have to get them through this website. It is also possible to get CentOS security updatesthrough the procedure provided by Casey Labs.

Source: Linuxaria’s website.

Additional Resources

Rackspace wrote a similar tool called Auter available through EPEL:

You can also read a Centmin Mod article about Setting up automatic updates.


0 (0)
Article Rating (No Votes)
Rate this article
There are no attachments for this article.
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHCS6: Extend an existing Logical Volume / GFS2 filesystem
Viewed 749 times since Sun, Jun 3, 2018
linux unix aix banner /etc/issue
Viewed 510 times since Fri, Aug 3, 2018
red hat 7 tmpfiles service
Viewed 419 times since Thu, Oct 11, 2018
LVM: Recovering Physical Volume Metadata
Viewed 648 times since Sat, Jun 2, 2018
How to deal with dmesg timestamps
Viewed 533 times since Wed, Oct 3, 2018
UUIDs and Linux: Everything you ever need to know [Update]
Viewed 483 times since Tue, Jul 17, 2018
How to run command or code in parallel in bash shell under Linux or Unix
Viewed 527 times since Tue, Aug 6, 2019
ZFS: Create a new zfs filesystem
Viewed 625 times since Sun, Jun 3, 2018
CentOS / RHEL 7 : Configuring an NFS server and NFS client Linux NFS
Viewed 448 times since Fri, Feb 21, 2020
RHEL: Manually encrypting a filesystem with LUKS
Viewed 942 times since Sun, May 27, 2018