In a previous post we’ve seen how to Enable automatic security update in Debian/Ubuntu, I use it on my Debian VPS and I must say that I’ve forgot to be worried about security updates thanks to this, but perhaps you have a Red Hat 6 or Centos 6 and you want to sleep well as well ?
There is no problem, today we’ll see how to achieve the same result on a Centos 6 machine.
yum -y install yum-cron
By default, this software is configured to download all the updates and apply them immediately after downloading, but we can change these behaviors in its configuration file
/etc/sysconfig/yum-cron the parameters that we can change are these 2:
# Don't install, just check (valid: yes|no) CHECK_ONLY=no # Don't install, just check and download (valid: yes|no) # Implies CHECK_ONLY=yes (gotta check first to see what to download) DOWNLOAD_ONLY=no
In my opinion the default is good for what i want to achieve, download and install all the updates, if you just want a mail that tell you which packages are available set the parameter
CHECK_ONLY to yes, this will NOT download the updates but will just check if there are updates and will send an email to the root account if there is something that can be updated.
You can set the parameter MAILTO to a valid mail address, by default this parameter is not set:
# by default MAILTO is unset, so crond mails the output by itself # example: MAILTO=root MAILTO=
Change this to something like
And now, before enabling the automatic updates keep in mind 2 things related to Centos/Red Hat:
1) The packages for these distribution don’t give exact information about security, so what we can do is an automatic update of the whole system, not just security like Debian.
2) Due to point number 1, this will update every single in your system, so it’s important that as first thing you setup correctly the packages that should not be automatically updated.
Block packages from being automatically updated in Centos
There are 2 ways to get this goal:
- If you want to exclude some packages from being updated also when you issue a
yum update from the command line you can set the option
exclude in the file
/etc/yum.conf , with something like this:
- If you want to exclude some packages only from the automatic update you can edit the file
/etc/sysconfig/yum-cron and set the option YUM_PARAMETER with
-x packagename, you have to repeat the -x for every package that you want to exclude, such as:
YUM_PARAMETER="-x kernel* -x php*"
You should then run a ‘yum update’ to make sure you’re currently up to date. This will also show you that there are no conflicts. Remember, if there are conflicts yum won’t be able to update. This means that yum-cron won’t be able to auto update you either.
Enabling the automatic updates
Now you just have to enable the automatic updates with the command:
[root@host ~]# /etc/init.d/yum-cron start Enabling nightly yum update: [ OK ]
And enable this daemon at boot time with the command:
[root@host ~]# chkconfig yum-cron on
The update of the system will be done during the cron.daily planned tasks of the system.
- Linux Security: How to hide processes from other users
- Productivity boosting with open source applications
- 8 Simple To Follow Tips To Secure Your Apache Web Server
- The Humble “Open Source” Bundle
- Linux Games: FTL Advanced Edition expansion
Find me on Google+