When running your own VPS, security updates are critical for stability. I have shown how to configure automatic security updates on Debian and now it’s time to do it for CentOS.
CentOS provide a flag for applying security updates, when combined with yum-cron we can schedule security updates to be automatically installed every day.
Configure CentOS Automatic Security Updates
The basic command for installing security updates is using the --security
flag for the yum upgrade
command
sudo yum upgrade --security
If you see this error Command line error: no such option: --security
then you can solve it by installing the yum-security
package
sudo yum install yum-security
Thanks to Casey Labs, I was informed the above --security
flag only works properly on Red Hat 🙁 but luckily there is a workaround!
sudo yum install yum-plugin-changelog pcre-devel python-pip
mkdir /var/lib/centos-package-cron
pip install centos_package_cron
Once this package is installed we can upgrade with this command
centos-package-cron --output stdout --forceold | pcregrep -M 'Packages:[^:]*' | grep -o "[^* ]*" | grep -v 'Packages:' | grep -v 'References' | sort | uniq | xargs yum -y update
You can add the above command to the cron configuration below
Automatic Yum Upgrades
We’ll use the package yum-cron
to run yum --security upgrade
automatically.
sudo yum install yum-cron
Add the configuration to apply security updates automatically to yum-cron.conf
echo -e "update_cmd = security\napply_updates = yes" > /etc/yum/yum-cron.conf
Enable the yum-cron service and restart it
sudo systemctl enable yum-cron
sudo systemctl restart yum-cron
If you get systemctl not found then use these commands
sudo chkconfig yum-cron on
sudo service yum-cron restart
The cron configuration is in /etc/cron.daily/0yum-daily.cron
.
Once a day the yum upgrade --security
command will be automatically run.
Sources
Automatic Security Updates CentOS
Security Updates on CentOS