Install Security Patches or Updates Automatically on CentOS and RHEL

One of the serious needs of a Linux system is to be kept up to date regularly with the latest security patches or updates available for the corresponding distribution.

In a previous article, we’ve explained how to configure automatic security update in Debian/Ubuntu, in this article we will explain how to set up your CentOS/RHEL 7/6 distribution to auto update essential security packages when needed.

Other Linux distributions in the same families (Fedora or Scientific Linux) can be configured similarly.

Configure Automatic Security Updates on CentOS/RHEL Systems

On CentOS/RHEL 7/6, you will need to install the following package:

# yum update -y && yum install yum-cron -y

Enable Automatic Security Updates on CentOS/RHEL 7

Once the installation is complete, open /etc/yum/yum-cron.conf and locate these lines – you will have to make sure that the values matches those listed here:

update_cmd = security
update_messages = yes
download_updates = yes
apply_updates = yes

The first line indicates that the unattended update command will be:

# yum --security upgrade

whereas the other lines enable notifications and automatic download and installation of security upgrades.

The following lines are also required to indicate that notifications will be sent via email from root@localhost to the same account (again, you may choose another one if you want).

emit_via = email
email_from = root@localhost
email_to = root

Enable Automatic Security Updates on CentOS/RHEL 6

By default, the cron is configured to download and install all updates immediately, but we can change this behavior in /etc/sysconfig/yum-cron configuration file by modifying these two parameters to yes.

# Don't install, just check (valid: yes|no)
CHECK_ONLY=yes

# Don't install, just check and download (valid: yes|no)
# Implies CHECK_ONLY=yes (gotta check first to see what to download)
DOWNLOAD_ONLY=yes

To enable email notification that about the security package updates, set the MAILTO parameter to a valid mail address.

# by default MAILTO is unset, so crond mails the output by itself
# example:  MAILTO=root
MAILTO=admin@tecmint.com

Finally, start and enable the yum-cron service:

------------- On CentOS/RHEL 7 ------------- 
systemctl start yum-cron
systemctl enable yum-cron

------------- On CentOS/RHEL 6 -------------  
# service yum-cron start
# chkconfig --level 35 yum-cron on

Congrats! You have successfully set up unattended upgrades on CentOS/RHEL 7/6.

Summary

In this article we have discussed how to keep your server updated regularly with the latest security patches or updates. Additionally, you learned how to configure email notifications in order to keep yourself updated when new patches are applied.

If you have any concerns about this article? Feel free to drop us a note using the comment form below. We look forward to hearing from you.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Install OpenVPN On CentOS / RHEL 7
Viewed 3219 times since Fri, May 15, 2020
red hat 7 tmpfiles service
Viewed 2001 times since Thu, Oct 11, 2018
12 Tcpdump Commands – A Network Sniffer Tool
Viewed 8924 times since Fri, Jul 27, 2018
6 easy steps to setup offline two factor authentication in Linux
Viewed 13612 times since Mon, Apr 6, 2020
Jak ustawić LVM, jak robić snapshoty oraz automatycznie powiększać LV, czyli małe howto
Viewed 4849 times since Sun, May 20, 2018
LVM: Rename root VG/LV
Viewed 7872 times since Sat, Jun 2, 2018
Script to Offline and Remove A Disk In Linux
Viewed 2115 times since Mon, Jan 28, 2019
KONTO SFTP Z CHROOTEM Z UŻYCIEM OPENSSH-SERVER NA CENTOS/RHEL6
Viewed 2023 times since Fri, Nov 30, 2018
LVM: Extend an existing Logical Volume / Filesystem
Viewed 2709 times since Sat, Jun 2, 2018
RHEL: Force system to prompt for password in Single User mode
Viewed 7724 times since Sat, Jun 2, 2018