When running your own VPS, security updates are critical for stability. I have shown how to configure automatic security updates on Debian and now it’s time to do it for CentOS.
CentOS provide a flag for applying security updates, when combined with yum-cron we can schedule security updates to be automatically installed every day.
Configure CentOS Automatic Security Updates
The basic command for installing security updates is using the --security flag for the yum upgrade command
sudo yum upgrade --securityIf you see this error Command line error: no such option: --security then you can solve it by installing the yum-security package
sudo yum install yum-securityThanks to Casey Labs, I was informed the above --security flag only works properly on Red Hat 🙁 but luckily there is a workaround!
sudo yum install yum-plugin-changelog pcre-devel python-pip
mkdir /var/lib/centos-package-cron
pip install centos_package_cronOnce this package is installed we can upgrade with this command
centos-package-cron --output stdout --forceold | pcregrep -M 'Packages:[^:]*' | grep -o "[^* ]*" | grep -v 'Packages:' | grep -v 'References' | sort | uniq | xargs yum -y update
You can add the above command to the cron configuration below
Automatic Yum Upgrades
We’ll use the package yum-cron to run yum --security upgrade automatically.
sudo yum install yum-cronAdd the configuration to apply security updates automatically to yum-cron.conf
echo -e "update_cmd = security\napply_updates = yes" > /etc/yum/yum-cron.confEnable the yum-cron service and restart it
sudo systemctl enable yum-cron
sudo systemctl restart yum-cronIf you get systemctl not found then use these commands
sudo chkconfig yum-cron on
sudo service yum-cron restartThe cron configuration is in /etc/cron.daily/0yum-daily.cron.
Once a day the yum upgrade --security command will be automatically run.