When running your own VPS, security updates are critical for stability. I have shown how to configure automatic security updates on Debian and now it’s time to do it for CentOS.
CentOS provide a flag for applying security updates, when combined with yum-cron we can schedule security updates to be automatically installed every day.
Configure CentOS Automatic Security Updates
The basic command for installing security updates is using the
--security flag for the
yum upgrade command
sudo yum upgrade --security
If you see this error
Command line error: no such option: --security then you can solve it by installing the
sudo yum install yum-security
Thanks to Casey Labs, I was informed the above
--security flag only works properly on Red Hat 🙁 but luckily there is a workaround!
sudo yum install yum-plugin-changelog pcre-devel python-pip mkdir /var/lib/centos-package-cron pip install centos_package_cron
Once this package is installed we can upgrade with this command
centos-package-cron --output stdout --forceold | pcregrep -M 'Packages:[^:]*' | grep -o "[^* ]*" | grep -v 'Packages:' | grep -v 'References' | sort | uniq | xargs yum -y update
You can add the above command to the cron configuration below
Automatic Yum Upgrades
We’ll use the package
yum-cron to run
yum --security upgrade automatically.
sudo yum install yum-cron
Add the configuration to apply security updates automatically to
echo -e "update_cmd = security\napply_updates = yes" > /etc/yum/yum-cron.conf
Enable the yum-cron service and restart it
sudo systemctl enable yum-cron sudo systemctl restart yum-cron
If you get systemctl not found then use these commands
sudo chkconfig yum-cron on sudo service yum-cron restart
The cron configuration is in
Once a day the
yum upgrade --security command will be automatically run.