How to enable automatic updates in CentOS, Red Hat, Fedora and Oracle Linux

The package that allows us to do automatic updates via yum is yum-cron,

$ sudo yum -y install yum-cron
By default, this software is configured to download all the updates and apply them immediately after downloading, but we can change these behaviors in its configuration file /etc/sysconfig/yum-cron the parameters that we can change are these 2:

# Don't install, just check (valid: yes|no)
CHECK_ONLY=no

# Don't install, just check and download (valid: yes|no)
# Implies CHECK_ONLY=yes (gotta check first to see what to download)
DOWNLOAD_ONLY=no
If you just want a mail that tell you which packages are available set the parameter CHECK_ONLY to yes, this will NOT download the updates but will just check if there are updates and will send an email to the root account if there is something that can be updated.

You can set the parameter MAILTO to a valid mail address, by default this parameter is not set:

# by default MAILTO is unset, so crond mails the output by itself
# example:  MAILTO=root
MAILTO=
#Change this to something like [email protected]
Before enabling the automatic updates keep in mind 2 things related to Centos/Red Hat:

1) The packages for these distribution don’t give exact information about security, so what we can do is an automatic update of the whole system, not just security like Debian.

2) Due to point number 1, this will update every single in your system, so it’s important that as first thing you setup correctly the packages that should not be automatically updated.

Exclude packages from being automatically updated in Centos

There are 2 ways to get this goal:

– If you want to exclude some packages from being updated also when you issue a yum update from the command line you can set the option exclude in the file /etc/yum.conf , with something like this:

exclude=kernel* php*
– If you want to exclude some packages only from the automatic update you can edit the file /etc/sysconfig/yum-cron and set the option YUM_PARAMETER with -x packagename, you have to repeat the -x for every package that you want to exclude, such as:

YUM_PARAMETER="-x kernel* -x php*"
You should then run a ‘yum update’ to make sure you’re currently up to date. This will also show you that there are no conflicts. Remember, if there are conflicts yum won’t be able to update. This means that yum-cron won’t be able to auto update you either.

Enabling the automatic updates

Now you just have to enable the automatic updates with the command:

$ sudo systemctl start yum-cron
And enable this daemon at boot time with the command:

$ sudo systemctl enable yum-cron
The update of the system will be done during the cron.daily planned tasks of the system.

For CentOS 7 also has an hourly configuration file at /etc/yum/yum-cron-hourly.conf
Post a Comment

Featured Post

Updated Coupons / promo codes for Google Apps for Work / Business

To redeem: 1. Sign up for Google Apps   2. Go to your billing settings  3. Choose your payment plan  4. Enter your promo code ...