In a previous post we’ve seen how to Enable automatic security update in Debian/Ubuntu, I use it on my Debian VPS and I must say that I’ve forgot to be worried about security updates thanks to this, but perhaps you have a Red Hat 6 or Centos 6 and you want to sleep well as well ?
There is no problem, today we’ll see how to achieve the same result on a Centos 6 machine.
Install yum-cron
The package that allows us to do automatic updates via yum is yum-cron
, to do this just open a terminal as root and run the command:
yum -y install yum-cron |
By default, this software is configured to download all the updates and apply them immediately after downloading, but we can change these behaviors in its configuration file /etc/sysconfig/yum-cron
the parameters that we can change are these 2:
# Don't install, just check (valid: yes|no) CHECK_ONLY=no # Don't install, just check and download (valid: yes|no) # Implies CHECK_ONLY=yes (gotta check first to see what to download) DOWNLOAD_ONLY=no |
In my opinion the default is good for what i want to achieve, download and install all the updates, if you just want a mail that tell you which packages are available set the parameter CHECK_ONLY
to yes, this will NOT download the updates but will just check if there are updates and will send an email to the root account if there is something that can be updated.
You can set the parameter MAILTO to a valid mail address, by default this parameter is not set:
# by default MAILTO is unset, so crond mails the output by itself # example: MAILTO=root MAILTO= |
Change this to something like [email protected]
.
And now, before enabling the automatic updates keep in mind 2 things related to Centos/Red Hat:
1) The packages for these distribution don’t give exact information about security, so what we can do is an automatic update of the whole system, not just security like Debian.
2) Due to point number 1, this will update every single in your system, so it’s important that as first thing you setup correctly the packages that should not be automatically updated.
Block packages from being automatically updated in Centos
There are 2 ways to get this goal:
– If you want to exclude some packages from being updated also when you issue a yum update
from the command line you can set the option exclude
in the file /etc/yum.conf
, with something like this:
exclude=kernel* php* |
– If you want to exclude some packages only from the automatic update you can edit the file /etc/sysconfig/yum-cron
and set the option YUM_PARAMETER with -x packagename
, you have to repeat the -x for every package that you want to exclude, such as:
YUM_PARAMETER="-x kernel* -x php*" |
You should then run a ‘yum update’ to make sure you’re currently up to date. This will also show you that there are no conflicts. Remember, if there are conflicts yum won’t be able to update. This means that yum-cron won’t be able to auto update you either.
Enabling the automatic updates
Now you just have to enable the automatic updates with the command:
[root@host ~]# /etc/init.d/yum-cron start Enabling nightly yum update: [ OK ] |
And enable this daemon at boot time with the command:
[root@host ~]# chkconfig yum-cron on |
The update of the system will be done during the cron.daily planned tasks of the system.
Popular Posts:
- None Found
Thank you for the article… very informative. I didn’t know there is ‘yum-cron’ for this. I used to use a simple ‘yum update -y’ in a shell script inside cron.daily which I assume it’s the same thing..
Reinventing the wheel, yum-updatesd can already do that.
yum-updatesd is better suited for desktop, and yum-cron for servers.
yumupdatesd was available in RHEL/CentOS 5.x.
It was replaced in RHEL/CentOS 6.x with yum-cron.
is that any way to run yum-cron only for a specific day say Sunday rather than everyday.
@ dipan mukherjee
in /etc/sysconfig there is a file called yum-cron
To open and edit this file execute the following command:
nano /etc/sysconfig/yum-cron
When the file is open in Nano look for this part:
# you may set DAYS_OF_WEEK to the days of the week you want to run
# default is every day
#DAYS_OF_WEEK="0123456"
Changing the number will set certain days. 0 = Sunday, 1 = Monday, 2 = Tuesday, etc… Set the value to “0” to cron every Sunday.
# you may set DAYS_OF_WEEK to the days of the week you want to run
# default is every day
#DAYS_OF_WEEK="0"
Good luck
Thanks for update.Actually we had needed a specific time in weekend to run and send mail to us for this purpose I have moved the file from /etc/cron.daily/0yum.cron to /etc/cron.d/0yum.cron and made changes as per my requirement. It is working fine. Ok we will check the solution which you provide.
# crontab -l
0 2 * * 6 /etc/cron.d/0yum.cron
Another way of updating everything but leaving certian packages alone is to sue the “versionlock” option with yum.
Download/install it
[root@foo samba]# yum install yum-versionlock
And now version lock samba
[root@foo samba]# yum versionlock samba