In a world of emerging and ever-evolving cyber threats and breaches, applying security updates will go a long way in safeguarding your system against potential threats. And what a joy it would be if the application of these updates is done automatically without your intervention!
This means that you would worry less about manually updating your system and focus on other system administration tasks.
Recommended Read: dnf-automatic – Install Security Updates Automatically in CentOS 8
In this tutorial, you will learn how to use yum-cron to install and configure security updates automatically on your CentOS 7system.
So what is Yum-Cron?
Step 1: Installing Yum-cron Utility in CentOS 7
The Yum-cron comes preinstalled on CentOS 7, but if for whatever reason it is not present, you can install it by running the command.
# yum install yum-cron
Once the installation is complete, confirm the existence of yum-cron utility by running the rpm command with grep command.
# rpm -qa | grep yum-cron
Step 2: Configuring Automatic Security Updates in CentOS 7
# vi /etc/yum/yum-cron.conf
update_cmd = security
Next, locate the update_messages
parameter and ensure its value is set to ‘yes’
.
update_messages = yes
Likewise, do the same for download_updates
as well as apply_updates
.
download_updates = yes apply_updates = yes
Your configuration should look as shown below.
Save and exit the configuration file.
# systemctl start yum-cron # systemctl enable yum-cron # systemctl status yum-cron
Step 3: How to Exclude Packages from Updating in Yum
exclude = mysql* php* kernel*
All package names that begin with mysql & php will be excluded from automatic updates.
Restart yum-cron to effect the changes.
# systemctl restart yum-cron
Step 4: Checking yum-cron Logs
The yum-cron logs are stored in /var/log/yum.log
file. To view the packages that have been updated run the cat command.
# cat /var/log/yum.log | grep -i updated
Automatic system updates are controlled by a cron job that runs daily and is stored in the /var/log/cron
file. To check the logs for the daily cron job run.
# cat /var/log/cron | grep -i yum-daily
Your CentOS 7 system is now fully configured for automatic security updates and you won’t have to stress over manually updating your system.