On CentOS servers, we can enable the automatic download and installation of security updates. Let's see how to protect our servers by installing the
yum-cron package!### The System
See what version of CentOS we're using:
We can see I'm using CentOS 7.
We can upgrade the system using
sudo yum upgrade. We can do just security updates by adding the
sudo yum --security upgrade # Or, alternatively sudo yum --security upgrade-minimal
Automatic Yum Upgrades
We'll use the package
yum-cron to run
yum --security upgrade automatically.
# Install yum-cron sudo yum install yum-cron # Configure yum-cron sudo vim /etc/yum/yum-cron.conf
Set the following
update_cmd = security apply_updates = yes
Then restart the service created by installing this package:
sudo systemctl status yum-cron sudo systemctl enable yum-cron # Or "restart" if already started sudo systemctl start yum-cron
If you're curious, you can see the cron configuration used to run this by inspecting the configuration within
/etc/cron.daily/0yum-daily.cron. It just runs yum upgrade based on the configuration file we used once per day. Simple!
- Here's an Ansible playbook for this setup that will work on CentOS 6 and 7