Configuring Automated Security Updates on CentOS
Keeping your system up-to-date with the latest packages and security updates can be a tedious task. Most users forget to do it, leaving them vulnerable to countless threats. Automate security (or other package) updates with the dnf-automatic command line utility or the Cockpit web application on CentOS.
Complete the Getting Started guide.
Follow the Setting Up and Securing a Compute Instance guide to create a standard user account, and harden SSH access.
Log into your Linode via SSH and update.
sudo yum update
sudo. If you’re not familiar with the
sudo command, see our Users and Groups guide.
The first step is to install the
dnf-automatic utility package.
Use the yum package manager to run the following command:
sudo yum install dnf-automatic
You can configure the dnf-automatic updates. The default configuration file is located at
/etc/dnf/automatic.conf. Use the text editor of your choice to edit the configuration file:
- File: /etc/dnf/automatic.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
[commands] # What kind of upgrade to perform: # default = all available upgrades # security = only the security upgrades upgrade_type = security random_sleep = 0 # To just receive updates use dnf-automatic-notifyonly.timer # Whether updates should be downloaded when they are available, by # dnf-automatic.timer. notifyonly.timer, download.timer and # install.timer override this setting. download_updates = yes # Whether updates should be applied when they are available, by # dnf-automatic.timer. notifyonly.timer, download.timer and # install.timer override this setting. apply_updates = yes ...
- Change the upgrade_type from
securityto only receive important security updates. If you leave it at
default, all available upgrades are applied.
- Change the apply_updates field from
To start and enable the dnf-automatic service, run the following commands:
sudo systemctl enable --now dnf-automatic.timer sudo systemctl start --now dnf-automatic.timer
Cockpit is a web console with an easy-to-use web-based interface that enables you to carry out administrative tasks on your servers. Cockpit is not installed by default.
Install Cockpit and its required dependencies with the following command:
sudo yum install cockpit
You need to enable and start the
cockpit.socketservice to be able to connect to the system through the web console. Do this by running the following commands:
sudo systemctl enable --now cockpit.socket sudo systemctl start cockpit.socket
You can now access the Cockpit web console on by navigating to
203.0.113.0:9090in a web browser, replacing
203.0.113.0with the IP address of your server.
Cockpit uses system credentials, so you can login with any user account credentials that are present on the system.
In the left navigation pane, click Software Updates.
You can then choose to apply all or only security automatic updates, and specify the days and times you wish the updates to be installed.
This page was originally published on