In this article, we will delve into the process of setting up and configuring unattended-upgrades on the CentOS 7 operating system. The objective is to enable automatic security updates without the need for manual intervention, thereby enhancing the system's security standards.

Prerequisites

Before commencing the process, it is crucial to ensure that your system is fully updated and that you have administrative privileges (root access). This can be verified using the following commands:

sudo yum update
sudo yum upgrade

Installation of Necessary Tools

By default, CentOS 7 does not include the unattended-upgrades package known from Debian and its derivatives. Instead, we will use the yum-cron tool for automating updates. To install yum-cron, use the following command:

sudo yum install yum-cron

Configuring yum-cron for Automatic Updates

After installing yum-cron, it's time to configure it. The configuration file is located at /etc/yum/yum-cron.conf. You can use any text editor, such as nano, to edit this file:

sudo nano /etc/yum/yum-cron.conf

In the configuration file, focus on the following sections:

• update_cmd: This directive specifies what types of updates yum-cron triggers. For security updates, set the value to security.
• apply_updates: Set to yes if you want yum-cron to automatically install available updates.
• download_updates: If you want yum-cron to only download updates without installing them, set this value to yes. For automatic installation along with automatic download, keep apply_updates set to yes.

Example Configuration File:

[commands]
update_cmd = security
apply_updates = yes

[emitters]
system_name = None
emit_via = stdio
output_width = 80

[email]
email_from = root@localhost
email_to = root
email_host = localhost

[base]
debuglevel = -2
mdpolicy = group:main

Activation and Starting the yum-cron Service

After completing the configuration, you need to enable and start the yum-cron service:

sudo systemctl enable yum-cron
sudo systemctl start yum-cron

Verification of Functionality

To verify that yum-cron is running and functioning correctly, use the command:

systemctl status yum-cron

This command should return information indicating that the service is active and running.

With yum-cron, the update process on CentOS 7 can be fully automated, contributing to maintaining a secure and up-to-date system with minimal effort from the administrator. It is essential to regularly check logs and ensure that updates do not disrupt the operation of services or applications on your server.