{"id":848,"date":"2016-11-04T09:53:31","date_gmt":"2016-11-04T09:53:31","guid":{"rendered":"http:\/\/www.haxed.me.uk\/?p=848"},"modified":"2016-11-04T09:53:56","modified_gmt":"2016-11-04T09:53:56","slug":"enabling-automatic-security-updates-centos-6-7-rhel-6-rhel-7-debian-ubuntu","status":"publish","type":"post","link":"https:\/\/haxed.me.uk\/index.php\/2016\/11\/04\/enabling-automatic-security-updates-centos-6-7-rhel-6-rhel-7-debian-ubuntu\/","title":{"rendered":"Enabling Automatic Security Updates in CentOS 6, 7 and RHEL 6 and RHEL 7 (and Debian and Ubuntu too)"},"content":{"rendered":"
\r\nyum -y install yum-cron\r\n<\/pre>\n
This can also be done on Debian and Ubuntu systems if you are feeling left out:<\/p>\n
\r\napt-get -y install unattended-upgrades\r\n<\/pre>\n
Configuration on the CentOS\/RHEL side is:<\/strong><\/p>\n
da da da da da da da ! Actually that’s all you need to do to enable it, but there are a lot of things you can customise in \/etc\/yum\/yum-cron.conf <\/p>\n
\r\n[commands]\r\n#  What kind of update to use:\r\n# default                            = yum upgrade\r\n# security                           = yum --security upgrade\r\n# security-severity:Critical         = yum --sec-severity=Critical upgrade\r\n# minimal                            = yum --bugfix update-minimal\r\n# minimal-security                   = yum --security update-minimal\r\n# minimal-security-severity:Critical =  --sec-severity=Critical update-minimal\r\nupdate_cmd = default\r\n\r\n# Whether a message should be emitted when updates are available,\r\n# were downloaded, or applied.\r\nupdate_messages = yes\r\n\r\n# Whether updates should be downloaded when they are available.\r\ndownload_updates = yes\r\n\r\n# Whether updates should be applied when they are available.  Note\r\n# that download_updates must also be yes for the update to be applied.\r\napply_updates = no\r\n\r\n# Maximum amout of time to randomly sleep, in minutes.  The program\r\n# will sleep for a random amount of time between 0 and random_sleep\r\n# minutes before running.  This is useful for e.g. staggering the\r\n# times that multiple systems will access update servers.  If\r\n# random_sleep is 0 or negative, the program will run immediately.\r\n# 6*60 = 360\r\nrandom_sleep = 360\r\n\r\n\r\n[emitters]\r\n# Name to use for this system in messages that are emitted.  If\r\n# system_name is None, the hostname will be used.\r\nsystem_name = None\r\n\r\n# How to send messages.  Valid options are stdio and email.  If\r\n# emit_via includes stdio, messages will be sent to stdout; this is useful\r\n# to have cron send the messages.  If emit_via includes email, this\r\n# program will send email itself according to the configured options.\r\n# If emit_via is None or left blank, no messages will be sent.\r\nemit_via = stdio\r\n\r\n# The width, in characters, that messages that are emitted should be\r\n# formatted to.\r\nouput_width = 80\r\n\r\n\r\n[email]\r\n# The address to send email messages from.\r\nemail_from = root@localhost\r\n\r\n# List of addresses to send messages to.\r\nemail_to = root\r\n\r\n# Name of the host to connect to to send email messages.\r\nemail_host = localhost\r\n\r\n\r\n[groups]\r\n# NOTE: This only works when group_command != objects, which is now the default\r\n# List of groups to update\r\ngroup_list = None\r\n\r\n# The types of group packages to install\r\ngroup_package_types = mandatory, default\r\n\r\n[base]\r\n# This section overrides yum.conf\r\n\r\n# Use this to filter Yum core messages\r\n# -4: critical\r\n# -3: critical+errors\r\n# -2: critical+errors+warnings (default)\r\ndebuglevel = -2\r\n\r\n# skip_broken = True\r\nmdpolicy = group:main\r\n\r\n# Uncomment to auto-import new gpg keys (dangerous)\r\n# assumeyes = True\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
yum -y install yum-cron This can also be done on Debian and Ubuntu systems if you are feeling left out: apt-get -y install unattended-upgrades Configuration on the CentOS\/RHEL side is: da da da da da da da ! Actually that’s … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,7,3,20],"tags":[],"class_list":["post-848","post","type-post","status-publish","format-standard","hentry","category-linux","category-management-tools","category-security","category-webhosting"],"_links":{"self":[{"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/posts\/848","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/comments?post=848"}],"version-history":[{"count":2,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/posts\/848\/revisions"}],"predecessor-version":[{"id":850,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/posts\/848\/revisions\/850"}],"wp:attachment":[{"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/media?parent=848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/categories?post=848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/tags?post=848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}