dnf-automatic – Install Security Updates Automatically in CentOS 8

Security updates play a crucial role in safeguarding your Linux system against cyber-attacks and breaches which can have a devastating effect on your critical files, databases and other resources on your system.

You can manually apply security patches on your CentOS 8 system, but it is much easier as a system administrator to configure automatic updates. This will give you the confidence that your system will be periodically checking for any security patches or updates and applying them.

Recommended Read: Yum-cron – Install Security Updates Automatically in CentOS 7

In this article, we will walk you through how you can configure security updates manually using dnf-automatic and also using a web-based console known as cockpit-webserver.

Step 1: Install dnf-automatic in CentOS 8

To get the ball rolling, begin by installing the dnf-automatic RPM package shown below.

# dnf install dnf-automatic
Install dnf-automatic in CentOS 8
Install dnf-automatic in CentOS 8

Upon successful installation, you can confirm its presence by running rpm command.

# rpm -qi dnf-automatic
Get Info About dnf-automatic
Get Info About dnf-automatic

Step 2. Configuring dnf-automatic in CentOS 8

The configuration file for the dnf-automatic RPM file is the automatic.conf found at /etc/dnf/ directory. You can view the default configurations using your favorite text editor and here’s how the file looks like.

# vi /etc/dnf/automatic.conf
dnf-automatic- Configuration
dnf-automatic- Configuration

Under the 'commands' section, define the upgrade type. You can leave it as default, which will apply all updates. Since we are concerned with security updates, set it as shown:

upgrade_type = security

Next, scroll to the 'emitters' section and set the system hostname.

system_name = centos-8

Also, set the emit_via a parameter to motd so that upon every login, messages about the updates packages will be displayed.

emit_via = motd

Now save and exit the configuration file.

Step 3. Start and Enable dnf-automatic in CentOS 8

The next step will be to start the dnf-automatic service. Run the command below to start scheduling automatic updates for your CentOS 8 system.

# systemctl enable --now dnf-automatic.timer
Enable dnf-automatic Updates
Enable dnf-automatic Updates

To check the status of the service, issue the command.

# systemctl list-timers *dnf-*
Check dnf-automatic Update Status
Check dnf-automatic Update Status

The dnf-makecache runs the dnf-makecache service which is responsible for updating cache packages, while the dnf-automatic unit runs the dnf-automatic service which will download the package upgrades.

Install Security Updates Automatically using Cockpit in CentOS 8

Cockpit is a web-based GUI platform that allows system administrators to seamlessly have an overview of the system metrics and configure various parameters such as the firewall, create users, manage cron jobs, etc. Cockpit also allows you to set up automatic updates: package/feature updates and security updates.

To configure automatic security updates, log in to cockpit as root user by browsing the server URL as shown:


On the left sidebar, click on the ‘Software updates’ option.

Cockpit - Software Updates for CentOS0-8
Cockpit – Software Updates for CentOS0-8

Next, turn the ‘Automatic Updates’ toggle ON. Be sure to select ‘Apply Security Updates’ and choose the frequency of the updates.

Cockpit - Set Automatic CentOS 8 Updates
Cockpit – Set Automatic CentOS 8 Updates

And this concludes our topic today. We cannot stress further the need for setting security updates on your system. This will not only keep your system safe from potential malware, at the very least but also give you peace of mind that your system is being regularly patched and staying up to date with the latest security definitions.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

James Kiarie
This is James, a certified Linux administrator and a tech enthusiast who loves keeping in touch with emerging trends in the tech world. When I'm not running commands on the terminal, I'm taking listening to some cool music. taking a casual stroll or watching a nice movie.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.


Leave a Reply
  1. gnurap is right. “security” mode is only for RHEL, as CentOS is not maintaining the metadata, so you won’t get updates then….

  2. Hi,

    Have you been able to really get security updates with CentOS, since security metadata are missing from CentOS repositories?


Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.