Configuring Automated Security Updates on CentOS

Select distribution:
Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Create a Linode account to try this guide with a $100 credit.
This credit will be applied to any valid services used during your first 60 days.

Keeping your system up-to-date with the latest packages and security updates can be a tedious task. Most users forget to do it, leaving them vulnerable to countless threats. Automate security (or other package) updates with the dnf-automatic command line utility or the Cockpit web application on CentOS.

Before You Begin

  1. Complete the Getting Started guide.

  2. Follow the Setting Up and Securing a Compute Instance guide to create a standard user account, and harden SSH access.

  3. Log into your Linode via SSH and update.

    sudo yum update
    
Note
This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, see our Users and Groups guide.

Install dnf-automatic

The first step is to install the dnf-automatic utility package.

  1. Use the yum package manager to run the following command:

    sudo yum install dnf-automatic
    
  2. You can configure the dnf-automatic updates. The default configuration file is located at /etc/dnf/automatic.conf. Use the text editor of your choice to edit the configuration file:

    File: /etc/dnf/automatic.conf
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    
    [commands]
    #  What kind of upgrade to perform:
    # default                            = all available upgrades
    # security                           = only the security upgrades
    upgrade_type = security
    random_sleep = 0
    
    # To just receive updates use dnf-automatic-notifyonly.timer
    
    # Whether updates should be downloaded when they are available, by
    # dnf-automatic.timer. notifyonly.timer, download.timer and
    # install.timer override this setting.
    download_updates = yes
    
    # Whether updates should be applied when they are available, by
    # dnf-automatic.timer. notifyonly.timer, download.timer and
    # install.timer override this setting.
    apply_updates = yes
    
    ...
  • Change the upgrade_type from default to security to only receive important security updates. If you leave it at default, all available upgrades are applied.
  • Change the apply_updates field from no to yes.
  1. To start and enable the dnf-automatic service, run the following commands:

    sudo systemctl enable --now dnf-automatic.timer
    
    sudo systemctl start --now dnf-automatic.timer
    

Install Cockpit

Cockpit is a web console with an easy-to-use web-based interface that enables you to carry out administrative tasks on your servers. Cockpit is not installed by default.

  1. Install Cockpit and its required dependencies with the following command:

    sudo yum install cockpit
    
  2. You need to enable and start the cockpit.socket service to be able to connect to the system through the web console. Do this by running the following commands:

    sudo systemctl enable --now cockpit.socket
    
    sudo systemctl start cockpit.socket
    
  3. You can now access the Cockpit web console on by navigating to 203.0.113.0:9090 in a web browser, replacing 203.0.113.0 with the IP address of your server.

  4. Cockpit uses system credentials, so you can login with any user account credentials that are present on the system.

  5. In the left navigation pane, click Software Updates.

  6. You can then choose to apply all or only security automatic updates, and specify the days and times you wish the updates to be installed.

This page was originally published on


Your Feedback Is Important

Let us know if this guide made it easy to get the answer you needed.


Join the conversation.
Read other comments or post your own below. Comments must be respectful, constructive, and relevant to the topic of the guide. Do not post external links or advertisements. Before posting, consider if your comment would be better addressed by contacting our Support team or asking on our Community Site.