dnf-automatic – Install Security Updates Automatically in CentOS 8

Security updates play a crucial role in safeguarding your Linux system against cyber-attacks and breaches which can have a devastating effect on your critical files, databases and other resources on your system.

You can manually apply security patches on your CentOS 8 system, but it is much easier as a system administrator to configure automatic updates. This will give you the confidence that your system will be periodically checking for any security patches or updates and applying them.

Recommended Read: Yum-cron – Install Security Updates Automatically in CentOS 7

In this article, we will walk you through how you can configure security updates manually using dnf-automatic and also using a web-based console known as cockpit-webserver.

Step 1: Install dnf-automatic in CentOS 8

To get the ball rolling, begin by installing the dnf-automatic RPM package shown below.

# dnf install dnf-automatic
Install dnf-automatic in CentOS 8

Install dnf-automatic in CentOS 8

Upon successful installation, you can confirm its presence by running rpm command.

# rpm -qi dnf-automatic
Get Info About dnf-automatic

Get Info About dnf-automatic

Step 2. Configuring dnf-automatic in CentOS 8

The configuration file for the dnf-automatic RPM file is the automatic.conf found at /etc/dnf/ directory. You can view the default configurations using your favorite text editor and here’s how the file looks like.

# vi /etc/dnf/automatic.conf
dnf-automatic- Configuration

dnf-automatic- Configuration

Under the 'commands' section, define the upgrade type. You can leave it as default, which will apply all updates. Since we are concerned with security updates, set it as shown:

upgrade_type = security

Next, scroll to the 'emitters' section and set the system hostname.

system_name = centos-8

Also, set the emit_via a parameter to motd so that upon every login, messages about the updates packages will be displayed.

emit_via = motd

Now save and exit the configuration file.

Step 3. Start and Enable dnf-automatic in CentOS 8

The next step will be to start the dnf-automatic service. Run the command below to start scheduling automatic updates for your CentOS 8 system.

# systemctl enable --now dnf-automatic.timer
Enable dnf-automatic Updates

Enable dnf-automatic Updates

To check the status of the service, issue the command.

# systemctl list-timers *dnf-*
Check dnf-automatic Update Status

Check dnf-automatic Update Status

The dnf-makecache runs the dnf-makecache service which is responsible for updating cache packages, while the dnf-automatic unit runs the dnf-automatic service which will download the package upgrades.

Install Security Updates Automatically using Cockpit in CentOS 8

Cockpit is a web-based GUI platform that allows system administrators to seamlessly have an overview of the system metrics and configure various parameters such as the firewall, create users, manage cron jobs, etc. Cockpit also allows you to set up automatic updates: package/feature updates and security updates.

To configure automatic security updates, log in to cockpit as root user by browsing the server URL as shown:

http://server-ip:9090/

On the left sidebar, click on the ‘Software updates’ option.

Cockpit - Software Updates for CentOS0-8

Cockpit – Software Updates for CentOS0-8

Next, turn the ‘Automatic Updates’ toggle ON. Be sure to select ‘Apply Security Updates’ and choose the frequency of the updates.

Cockpit - Set Automatic CentOS 8 Updates

Cockpit – Set Automatic CentOS 8 Updates

And this concludes our topic today. We cannot stress further the need for setting security updates on your system. This will not only keep your system safe from potential malware, at the very least but also give you peace of mind that your system is being regularly patched and staying up to date with the latest security definitions.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

James Kiarie

This is James, a certified Linux administrator and a tech enthusiast who loves keeping in touch with emerging trends in the tech world. When I'm not running commands on the terminal, I'm taking listening to some cool music. taking a casual stroll or watching a nice movie.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide
The Complete Linux System Administrator Bundle
Become an Ethical Hacker Bonus Bundle

You may also like...

3 Responses

  1. gnuraph says:

    Hi,

    Have you been able to really get security updates with CentOS, since security metadata are missing from CentOS repositories?

  2. James Kiarie says:

    I’m glad the article was useful to you Ben.

  3. ben Thijssen says:

    That a lot, always convenient to install the update automatically.

Leave a Reply to ben Thijssen Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.