Security updates, as most of you would agree, are very important. Under Linux it is always advisable to keep the installed packages up to date, especially when it comes to security. In general, users should apply security updates to their Linux systems within 30 days of the release.
In this article, you are going to learn how to enable automatic software updates on CentOS 8 Linux machine. This ensures that the system automatically downloads packages and performs updates without manual intervention.
On the CentOS 8 system, we have two ways to set up automatic update packages. We can use the CLI mode with the utility “dnf-automatic“.
Set automatic CentOS 8 updates using automatic RPM Package
The first thing is to install the DNF-automatic RPM package. The package provides a DNF component that starts automatically. To install it, use the following command.
# dnf install dnf-automatic
More details on the package can be pulled with the rpm command.
# rpm -qi dnf-automatic Name : dnf-automatic Version : 4.0.9.2 Release : 5.el8 Architecture: noarch Install Date: Thu 26 Sep 2019 12:50:23 AM EAT Group : Unspecified Size : 46825 License : GPLv2+ and GPLv2 and GPL Signature : RSA/SHA256, Tue 02 Jul 2019 12:14:36 AM EAT, Key ID 05b555b38483c65d Source RPM : dnf-4.0.9.2-5.el8.src.rpm Build Date : Mon 13 May 2019 10:35:13 PM EAT Build Host : ppc64le-01.mbox.centos.org Relocations : (not relocatable) Packager : CentOS Buildsys <bugs@centos.org> Vendor : CentOS URL : https://github.com/rpm-software-management/dnf Summary : Package manager - automated upgrades Description : Systemd units that can periodically download package upgrades and apply them.
[ads]
Configure dnf-automatic updates
Once the installation is complete, go to the /etc/dnf directory and edit the configuration automatic.conf.
# cd /etc/dnf/ vim automatic.conf
On the [commands] section, change the upgrade_type as you need. You can use default for upgrading all packages or use the security option to upgrade all packages related security.
[commands] upgrade_type = default download_updates = yes
On the [emitters] section, uncomment the system_name option and change the value with your hostname. Then change the emit_via option to motd, so you will be displayed about package updates on every login.
[emitters] system_name = lintut-centos8 emit_via = motd
Other options for emit_via configuration are stdio which is default configuration and email for sending package updates information to your email.
Now go to the [email] section and change each configuration with your own.
[email] email_from = root@server.com email_to = root email_host = localhost
Save and close.
Finally, you can now run dnf-automatic, execute the following command to schedule DNF automatic updates for your CentOS 8 machine.
# systemctl enable --now dnf-automatic.timer
The command executed will enable and start the systemd timer. To check the status of dnf-automatic service, run:
$ sudo systemctl list-timers *dnf-* NEXT LEFT LAST PASSED UNIT ACTIVATES Sat 2019-09-28 11:24:09 EAT 23min left Sat 2019-09-28 10:24:09 EAT 36min ago dnf-makecache.timer dnf-makecache.service Sun 2019-09-29 06:01:45 EAT 19h left Sat 2019-09-28 06:02:11 EAT 4h 58min ago dnf-automatic-install.timer dnf-automatic-install.service Sun 2019-09-29 11:02:13 EAT 24h left Sat 2019-09-28 10:59:02 EAT 1min 21s ago dnf-automatic.timer dnf-automatic.service 3 timers listed. Pass --all to see loaded but inactive timers, too.
Conclusion
The main advantage of enabling YUM|DNF automatic updates on RHEL 8 / CentOS 8 Linux is that your machines will get updated more uniformly, quickly and frequently as compared to manual updates.