Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
dnf-automatic - Install Security Updates Automatically in CentOS 8
Keeping your software up-to-date is essential for maintaining the security and reliability of your system. This is particularly true for servers and other production systems that are exposed to the Internet, as they are often targeted by malicious actors seeking to exploit vulnerabilities in outdated software.
For users of CentOS 8 and other RPM-based distributions, the dnf package manager provides a powerful tool for managing software packages and keeping them up-to-date. However, manually checking for and installing updates can be a time-consuming and error-prone process, especially on systems with a large number of packages installed.
Fortunately, dnf-automatic provides an easy and automated solution to this problem. By configuring dnf-automatic to check for and install updates automatically, you can ensure that your system stays up-to-date with the latest security patches without having to manually install updates yourself.
In this blog post, we will explore how to install and configure dnf-automatic on CentOS 8 to automate the installation of security updates on your system. We will also look at how to check the dnf-automatic logs, and how to test, schedule, and disable it if needed.
What is dnf-automatic?
dnf-automatic is a tool that comes with the DNF package manager, which is the default package manager in CentOS 8. It is designed to automatically install updates on your system, including security updates. By default, dnf-automatic is configured to install updates daily, but you can customize its behavior to suit your needs.
Installing dnf-automatic
To install dnf-automatic on your CentOS 8 system, you can use the following command −
sudo dnf install dnf-automatic
This will install the dnf-automatic package along with its dependencies.
Configuring dnf-automatic
Once dnf-automatic is installed, you need to configure it to automatically install security updates on your system. To do this, you need to edit the /etc/dnf/automatic.conf file. This file contains the configuration settings for dnf-automatic.
Open the file with a text editor of your choice −
sudo nano /etc/dnf/automatic.conf
Inside the file, there are a number of configuration settings that you can customize to meet your needs. For now, we'll focus on the settings that control the automatic installation of security updates.
Find the upgrade_type setting and change its value to security. This will tell dnf-automatic to only install security updates −
upgrade_type = security
Next, find the apply_updates setting and change its value to yes. This will enable dnf-automatic to automatically install security updates −
apply_updates = yes
Finally, find the emit_via setting and change its value to stdio. This will ensure that any output from dnf-automatic is sent to the standard output (i.e., the console) instead of being logged to a file −
emit_via = stdio
Save and close the file.
Testing dnf-automatic
To test that dnf-automatic is working as expected, you can manually trigger a check for updates and installation of any security updates by running −
sudo dnf-automatic
If there are any security updates available, dnf-automatic will automatically download and install them.
Scheduling dnf-automatic
By default, dnf-automatic is configured to check for updates daily and install any updates that are available. However, you can customize its behavior by modifying the /etc/dnf/automatic.conf file.
To change the frequency of updates, you can modify the random_sleep setting, which is the maximum number of seconds that dnf-automatic will wait before checking for updates −
random_sleep = 1440
In this example, dnf-automatic will check for updates once every 1440 minutes, which is once a day.
You can also specify a specific time of day for dnf-automatic to check for updates by setting the system_name setting to yourhostname.localdomain. For example −
system_name = mycomputer.localdomain
By default, dnf-automatic will check for updates at a random time between the hours of 0 and 23. However, if you specify a hostname, dnf-automatic will use that hostname to determine the hour of the day to check for updates. For example, if your hostname is mycomputer.localdomain, dnf-automatic will check for updates at a random time between 00:00 and 00:59 each day.
You can also configure dnf-automatic to send email notifications when updates are installed or if there are any errors during the update process. To do this, you need to modify the email_from and email_to settings.
Configuring email notifications for security updates
First, set the email_from setting to the email address that dnf-automatic should use as the sender for email notifications −
email_from = root@example.com
Next, set the email_to setting to the email address that should receive the email notifications −
email_to = admin@example.com
Save and close the file.
Viewing Logs for dnf-automatic
dnf-automatic logs its activity to the /var/log/dnf.log file. You can view the logs for dnf-automatic by running the following command −
sudo less /var/log/dnf.log
This will display the logs in the less pager, allowing you to scroll through the logs and search for specific entries.
Disabling dnf-automatic
If you ever need to disable dnf-automatic, you can do so by running the following command −
sudo systemctl disable dnf-automatic.timer
This will disable the dnf-automatic timer, preventing it from running automatically. You can re-enable it at any time by running the following command −
sudo systemctl enable dnf-automatic.timer
This will re-enable the dnf-automatic timer and cause it to run automatically according to its configured schedule.
Customizing dnf-automatic
In addition to the settings discussed above, there are a number of other settings that you can customize in the /etc/dnf/automatic.conf file to fine-tune the behavior of dnf-automatic. For example, you can specify a list of packages to exclude from updates by modifying the exclude setting, or you can specify a list of packages that should be updated before any others by modifying the priority setting.
Conclusion
dnf-automatic provides an easy and effective solution for automating the installation of security updates on CentOS 8 and other RPM-based distributions. By configuring dnf-automatic to check for and install updates automatically, you can ensure that your system stays up-to-date with the latest security patches without having to manually install updates yourself.
In this article, we have covered the basics of dnf-automatic and how to configure it to install security updates automatically. We have also explored some of the advanced configuration options available in dnf-automatic, such as scheduling and email notifications.
By following the steps outlined in this blog post and customizing the configuration of dnf-automatic to suit your needs, you can ensure that your CentOS 8 system remains secure and up-to-date with the latest security patches.
373 Views
To Continue Learning Please Login