It is essential to update your CentOS system from a security perspective because your system may become vulnerable if you don't update your OS packages with security patches.
However, managing the manual updates on multiple OS may take some time. To overcome this, you can set automatic updates.
Please refer to the following steps to configure automatic updates on CentOS 7.
1. At first, we will install Yum-cron, which will help you automatically run the Yum command.
Your system may already have the same package installed.
# sudo yum install yum-cron
2. Enable and start the Yum-cron.
# sudo systemctl enable yum-cron
# sudo systemctl start yum-cron
3. Verify that the service is running with this command –
# systemctl status yum-cron
There will be two configuration files inside the /etc/yum directory – yum-cron-hourly.conf for hourly and yum-cron.conf for the yearly configuration file. Yum-cron will manage whether the cron is to be run or not.
4. Open the yum-cron-hourly.conf file in your preferred text editor. In the command section, define the types of packages that need to be updated, enable messages and downloads, and set them to automatically apply updates when it is available. Update_cmd will be set to default which will update all packages. It is recommended to change the value to security so Yum will update the packages which have a security issue.
# nano /etc/yum/yum-cron-hourly.conf
[commands]
update_cmd = security
update_messages = yes
download_updates = yes
apply_updates = no
random_sleep = 360
5. In the second section, To send messages to both stdout and email, change the value of emit_via to stdio,email.
-
[emitters]
system_name = None
emit_via = stdio,email
output_width = 80
6. Set the sender and receiver email address.
You need a tool to send emails from your system, such as postfix or mailx.
-
[email]
email_from = [email protected]
email_to = [email protected]
email_host = localhost
7. In the base section, you can modify the settings defined in the yum.conf file. For example, if you want to exclude any packages, you can add them inside the base.
Here, we have excluded the [mariadb] package.
-
[base]
debuglevel = -2
mdpolicy = group:main
exclude = mariadb*
8. You can use grep to check if cron jobs for Yum are executed.
-
sudo grep yum /var/log/cron