Updates

----

install Security Patches or Updates Automatically on CentOS and RHEL

# yum update -y && yum install yum-cron -y

[root@web01 ~]# yum -y update yum [root@web01 ~]# yum -y install yum-cron [root@web01 ~]# systemctl enable yum-cron [root@web01 ~]# systemctl start yum-cron

Enable Automatic Security Updates on CentOS/RHEL 7

Once the installation is complete, open # vi /etc/yum/yum-cron.conf and locate these lines – you will have to make sure that the values matches those listed here:

update_cmd = security update_messages = yes download_updates = yes apply_updates = yes

The first line indicates that the unattended update command will be:

# yum --security upgrade

whereas the other lines enable notifications and automatic download and installation of security upgrades.

The following lines are also required to indicate that notifications will be sent via email from root@localhost to the same account (again, you may choose another one if you want).

emit_via = email email_from = root@localhost email_to = root

Enable Automatic Security Updates on CentOS/RHEL 6

By default, the cron is configured to download and install all updates immediately, but we can change this behavior in  #  vi /etc/sysconfig/yum-cron configuration file by modifying these two parameters to yes.

# Don't install, just check (valid: yes|no) CHECK_ONLY=yes  # Don't install, just check and download (valid: yes|no) # Implies CHECK_ONLY=yes (gotta check first to see what to download) DOWNLOAD_ONLY=yes

To enable email notification that about the security package updates, set the MAILTO parameter to a valid mail address.

# by default MAILTO is unset, so crond mails the output by itself # example:  MAILTO=root MAILTO=admin@tecmint.com

Finally, start and enable the yum-cron service:

------------- On CentOS/RHEL 7 -------------  systemctl start yum-cron systemctl enable yum-cron  ------------- On CentOS/RHEL 6 -------------   # service yum-cron start # chkconfig --level 35 yum-cron on

Congrats! You have successfully set up unattended-upgrades on CentOS/RHEL 7/6.

Configure To Exclude Packages in CentOS 7s

 for example, to exclude the kernel with MySQL:

#  cd /etc/yum/

#  vim yum-cron.conf

exclude = mysql* kernel*       # [Add this line at Last]

# systemctl restart yum-cron

 Check yum-cron logs

Yum-cron uses a cronjob for automatic security updates, and all logs for this cron is available under the '/var/log' directory.

So you need to head to the '/var/log' directory to access the 'cron' log file.

cd /var/log/

cat cron | grep yum-daily

And in case you want to see the packages that have been updated, you can check the yum.log file.

cat yum.log | grep Updated

Configure Automatic Security Updates with Webmin

https://IP.Address:10000

Navigate to System > Software Package Updates

For Check for Updates on schedule select Yes, every day

For Action when update needed select Install security updates

Click Save

---