How to Manually Update and Enable Automatic Updates in CentOS 7

Posted on

As part of your server hardening process, you need to make sure that your operating system is always up to date. Linux distros like CentOS 7 are constantly making changes, and patching security holes. Moreover, each update is flagged with an indicator that shows the kind of update it is. For example, we have regular updates, security updates, critical security updates, bug fix updates, and so on and so forth.

In this tutorial, we’ll look at the following steps:

  1. How to manually update CentOS;
  2. How to Automatically update CentOS 7.

Manual CentOS 7 Updates

The package manager for Red-Hat Enterprise Linux (RHEL) systems like CentOS is yum. Updating the server OS with yum is super easy. Just type the following command into your CLI with the proper permissions:

yum update

This will generate an output like this if there’s any update pending:

In the example above, I had an earlier version of CentOS 7 and the system updated it automatically with a 225 MB download. As you can see, it doesn’t get any easier. Here’s the screen after the update is complete:

You can also choose to use “yum upgrade” instead of “yum update”. They’re almost the same. The difference is that “update” will keep older packages, while “upgrade” will delete them.

Automatic CentOS 7 Updates

Making the leap from manual updates to automatic can involve messy cron job configurations. Which is why it’s much easier to install a package that does the work for you and allows you to make modifications in a configuration file. Luckily, we have a great package called “yum-cron” that does this for us. First check and see if it’s not already installed via:

rpm -q yum-cron

If it isn’t, use yum to install it via this command:

yum install yum-cron

Automatic updates in CentOS 7

Yum-cron is a package that takes care of the heavy lifting for you. It allows you to precisely control the kind of automatic updates you want. 

Ensuring that yum-cron Runs Automatically

To make sure that the package is running, enter the following commands:

systemctl enable yum-cron
systemctl start yum-cron
systemctl status yum-cron

This will initiate yum-cron and ensure that it’s running:

You can see that the service was “dead” before. After the commands, it now shows as active in green.

Configuring yum-cron

The configurations for yum-cron are located in this file:


Opening it up in a text editor, allows you to make the following modifications:

Kind of Updates you want Installed:

Opening up /etc/yum/yum-cron.conf, you can see that the first variable is called “update_cmd”. The default is to run the “yum upgrade” command, which is what we did in the initial manual update. However, many people might have version sensitive software running, and don’t want the OS to be upgraded in its entirely. In which case, there are a variety of options. The file is well documented, and you can choose from the following updates:

  • security
  • security-severity:Critical
  • minimal
  • minimal-security
  • minimal-security-severity:Critical

These are all self explanatory, and setting the “update_cmd” variable in the above file will update CentOS 7 with the appropriate parameters.

Schedule of Updates:

The updates will run once daily. Previous versions of “yum-cron” had a feature where you could set the exact day of the week when you want updates to run. There was a file called “/etc/sysconfig/yum-cron” that held detailed configurations for this. However, they removed this functionality for some reason, and now we’re left with only daily updates.

However, you have some leeway. There is a variable called “random_sleep”. If set to a number, the program will randomly sleep for the number of minutes specified in the variable. This is more useful for multiple systems that need to stagger our their update process, rather than a single machine.

The configuration file has a number of other options such as whether or not you want the updates to be applied automatically, e-mail settings etc. Each system will have a different set of requirements, and you can use the options to craft an upgrade program that is uniquely suited to your server.

Leave a Reply

Your email address will not be published. Required fields are marked *