Implementing YUM Automatic Updates for CentOS/RHEL

1 min read Web Security Fundamentals

Implementing YUM Automatic Updates for CentOS/RHEL

For CentOS/RHEL systems, configure automatic updates using yum-cron:

# Install yum-cron
sudo yum install yum-cron

# Configure yum-cron
sudo vi /etc/yum/yum-cron.conf

Configure /etc/yum/yum-cron.conf for security updates:

[commands]
# What updates to apply
update_cmd = security
# update_cmd = default

# Whether to download updates
download_updates = yes

# Whether to apply updates
apply_updates = yes

# Random delay before running (minutes)
random_sleep = 360

[emitters]
# Notification method
system_name = None
emit_via = stdio
output_width = 80

[email]
# Email settings
email_from = root@localhost
email_to = [email protected]
email_host = localhost

[groups]
# Package groups to update
group_list = None
group_package_types = mandatory, default

[base]
# Debugging
debuglevel = -2
mdpolicy = group:main

Enable and start yum-cron:

sudo systemctl enable yum-cron
sudo systemctl start yum-cron