Enable Automatic Updates – Fedora/Red Hat/CentOS + Bonus Tip

As a reminder, Red Hat Enterprise Linux is based on Fedora Linux And CentOS is a 100% compatible rebuild of Red Hat Enterprise Linux, Moving on from that path. Linux server security is critical to Linux server administration. Part of keeping a Linux server secure is installing security updates as soon as they become available. Very often, compromised servers result from pending security updates awaiting manual installation.

In general, for critical servers where you cannot tolerate unplanned downtime very careful With automatic updates. While there are reasons to be cautious, it is also worth considering. Let’s take a look at how to enable Automatic security update On Fedora, Red Hat and CentOS.

RHEL 8, CentOS 8 and Fedora 29+ . Enable Automatic Updates on

Feather Red Hat Enterprise Linux (RHEL) 8, Centos 8 more fedora 29+, the dnf-automatic The RPM package provides a service that is automatically started for automatic updates. Packages can be configured to automatically update to install updated packages and/or security updates.

If not already installed, run the following command:

dnf install dnf-automatic

Next you’ll want to edit the config file:

nano /etc/dnf/automatic.conf

Here is a screenshot excerpt from my dnf-automatic config file:

Once you are finished with the configuration, run the following command:

systemctl enable --now dnf-automatic.timer

This enables and starts the systemd timer. you can also use Notify only. timer, download.timer either install.timer to override download_updates = yes Settings.

RHEL 7, CentOS 7 . Enable Automatic Updates on

The yum-cron RPM package on Red Hat Enterprise Linux (RHEL) 7 and CentOS 7 provides a service that is started automatically for automatic updates. To enable that we need to edit the yum-cron configuration file first.

yum-cron rpm is not installed by default, use the command below to install:

yum install -y yum-cron

Next you’ll want to edit the config file:

nano /etc/yum/yum-cron.conf

Here is a screenshot excerpt from my yum-cron config file:

/etc/yum/yum-cron.conf

In that configuration file, change the line:

apply_updates = no

To

apply_updates = yes

Also, change the line:

update_cmd = default

To

update_cmd = security

Available options are:

# default = yum upgrade
# security = yum-security upgrade
# security-severity: critical = yum-seconds-severity = critical upgrade
#min=yum-bugfix update-minimal
#min-security=yum-security update-minimal
# minimum-security-severity: critical = –seconds-severity = critical update-minimum

Note in both the examples above, I only enabled automatic installation of security updates. Also, no instructions have been included for the Fedora release. 29. beforePlease, make sure you are currently upgrading to the supported version fedora server Your First Step in Server Security!

Bonus Tip for RHEL, CentOS and Fedora

Manage your servers remotely and securely cockpit-project, An easy-to-use, unified, viewable and open web-based interface for your server:

cockpit-project storage

cockpit-project network

enjoy!

Leave a Comment