Nov 102012
 

In a previous post we’ve seen how to Enable automatic security update in Debian/Ubuntu, I use it on my Debian VPS and I must say that I’ve forgot to be worried about security updates thanks to this, but perhaps you have a Red Hat 6 or Centos 6 and you want to sleep well as well ?

There is no problem, today we’ll see how to achieve the same result on a Centos 6 machine.


Install yum-cron

The package that allows us to do automatic updates via yum is yum-cron, to do this just open a terminal as root and run the command:

yum -y install yum-cron

By default, this software is configured to download all the updates and apply them immediately after downloading, but we can change these behaviors in its configuration file /etc/sysconfig/yum-cron the parameters that we can change are these 2:

# Don't install, just check (valid: yes|no)
CHECK_ONLY=no
 
# Don't install, just check and download (valid: yes|no)
# Implies CHECK_ONLY=yes (gotta check first to see what to download)
DOWNLOAD_ONLY=no

In my opinion the default is good for what i want to achieve, download and install all the updates, if you just want a mail that tell you which packages are available set the parameter CHECK_ONLY to yes, this will NOT download the updates but will just check if there are updates and will send an email to the root account if there is something that can be updated.

You can set the parameter MAILTO to a valid mail address, by default this parameter is not set:

# by default MAILTO is unset, so crond mails the output by itself
# example:  MAILTO=root
MAILTO=

Change this to something like MAILTO=[email protected].

And now, before enabling the automatic updates keep in mind 2 things related to Centos/Red Hat:

1) The packages for these distribution don’t give exact information about security, so what we can do is an automatic update of the whole system, not just security like Debian.

2) Due to point number 1, this will update every single in your system, so it’s important that as first thing you setup correctly the packages that should not be automatically updated.


Block packages from being automatically updated in Centos

There are 2 ways to get this goal:

- If you want to exclude some packages from being updated also when you issue a yum update from the command line you can set the option exclude in the file /etc/yum.conf , with something like this:

exclude=kernel* php*

- If you want to exclude some packages only from the automatic update you can edit the file /etc/sysconfig/yum-cron and set the option YUM_PARAMETER with -x packagename, you have to repeat the -x for every package that you want to exclude, such as:

YUM_PARAMETER="-x kernel* -x php*"

You should then run a ‘yum update’ to make sure you’re currently up to date. This will also show you that there are no conflicts. Remember, if there are conflicts yum won’t be able to update. This means that yum-cron won’t be able to auto update you either.

Enabling the automatic updates

Now you just have to enable the automatic updates with the command:

[root@host ~]# /etc/init.d/yum-cron start
Enabling nightly yum update: [ OK ]

And enable this daemon at boot time with the command:

[root@host ~]# chkconfig yum-cron on

The update of the system will be done during the cron.daily planned tasks of the system.

Popular Posts:

flattr this!

  3 Responses to “Enabling automatic updates in Centos 6 and Red Hat 6”

  1. Thank you for the article… very informative. I didn’t know there is ‘yum-cron’ for this. I used to use a simple ‘yum update -y’ in a shell script inside cron.daily which I assume it’s the same thing..

  2. Reinventing the wheel, yum-updatesd can already do that.

  3. yum-updatesd is better suited for desktop, and yum-cron for servers.

 Leave a Reply

(required)

(required)


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>