So how do you keep your CentOS or Almalinux servers secure as possible, but without having to do the mundane task of manually applying updates? In this tutoral we cover how to configure automatic updates on CentOS. It is essential that you keep your servers and desktops fully up to date. With the constant threat of attacks to systems, it is only a matter of time before you find your systems down, encrypted or even worse, your data completely lost.
For CentOS and Almalinux, we can simply enable the automatic updates package and allow the OS to do this job for us. If on the other hand, the server is mission critical, then caution should be taken to ensure a service restarting doesn’t cause any disruption.
Strive not to be a success, but rather to be of value.
Albert Einstein
Requirements
- You will need root access to the CentOS or Almalinux system
- Your OS should be supported (at least CentOS 7)
There are currently different EOL schedules for CentOS 7 and CentOS 8 due to the change that RedHat took with its support. If you havent already, then we would suggest moving from CentOS to either CentOS 9 Stream, or AlmaLinux (the CentOS fork).
If you want to try out either OS then you can simply spin up a Virtual Private Server with us.
Before You Begin
Lets get the dnf package manager up to date, this will ensure the repositorys are working correctly. Login to SSH using root and running the following:
dnf updateStep 1: Install CentOS Automatic Updates
First of all, we need to download and install the dnf-automatic package:
dnf install -y vim dnf-automaticDuring the install process, dnf package manager will prompt to continue, if you are happy please enter ‘Y‘
You can review more information about the package by running the following:
rpm -qi dnf-automatic
Step 2: Configure the configuration files
Lets review the configuraion file /etc/dnf/automatic.conf
vim /etc/dnf/automatic.confYou should have options similar to this:
[commands]
upgrade_type = default
random_sleep = 0
download_updates = yes
apply_updates = yes
[emitters]
emit_via = email
[email]
email_from = myserver@example.com
email_to = email@mydomain.com
email_host = localhost
[base]
debuglevel = 1Edit the file to match your requirements. If you wish to be notifed by email when updates have occurred, then change the settings as required. To receive email you will also need to install an email server package, such as mailx or use your own SMTP server.
You can also download the updates and have the system notify you when they are ready to be installed. This approach is useful if you have a mission critical server, you can then schedule the manual install during a mainteance window.
To set the system to only notify, change this:
apply_updates = no
Step 3: Enable The CentOS Automatic Timer
We can now tell the system to start downloading the updates automatically by running the following:
systemctl enable --now dnf-automatic.timerIf successful we should then see:
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.The command above enables and starts the system timer. We can check the status of the dnf-automatic service by running the following:
systemctl list-timers *dnf-*The timer should be running, and output the following:
NEXT LEFT LAST PASSED UNIT ACTIVATES
Thu 2021-10-21 06:24:35 UTC 10h left n/a n/a dnf-automatic.timer dnf-automatic.service
n/a n/a n/a n/a dnf-makecache.timer dnf-makecache.service
2 timers listed.
Pass --all to see loaded but inactive timers, too.
Now the system is set for automatic updates on CentOS or Almalinux. The system will periodically download and apply the updates, no further configuration is required. It is recommened to check the system occasionally to ensure the updates are being applied.
