Security updates play a crucial role in safeguarding your Linux system against cyber-attacks and breaches which can have a devastating effect on your critical files, databases and other resources on your system.
You can manually apply security patches on your CentOS 8 system, but it is much easier as a system administrator to configure automatic updates. This will give you the confidence that your system will be periodically checking for any security patches or updates and applying them.
Recommended Read: Yum-cron – Install Security Updates Automatically in CentOS 7
In this article, we will walk you through how you can configure security updates manually using dnf-automatic and also using a web-based console known as cockpit-webserver.
Step 1: Install dnf-automatic in CentOS 8
To get the ball rolling, begin by installing the dnf-automatic RPM package shown below.
# dnf install dnf-automatic
Upon successful installation, you can confirm its presence by running rpm command.
# rpm -qi dnf-automatic
Step 2. Configuring dnf-automatic in CentOS 8
The configuration file for the dnf-automatic RPM file is the automatic.conf found at /etc/dnf/ directory. You can view the default configurations using your favorite text editor and here’s how the file looks like.
# vi /etc/dnf/automatic.conf
Under the 'commands' section, define the upgrade type. You can leave it as default, which will apply all updates. Since we are concerned with security updates, set it as shown:
upgrade_type = security
Next, scroll to the 'emitters' section and set the system hostname.
system_name = centos-8
Also, set the emit_via a parameter to motd so that upon every login, messages about the updates packages will be displayed.
emit_via = motd
Now save and exit the configuration file.
Step 3. Start and Enable dnf-automatic in CentOS 8
The next step will be to start the dnf-automatic service. Run the command below to start scheduling automatic updates for your CentOS 8 system.
# systemctl enable --now dnf-automatic.timer
To check the status of the service, issue the command.
# systemctl list-timers *dnf-*
The dnf-makecache runs the dnf-makecache service which is responsible for updating cache packages, while the dnf-automatic unit runs the dnf-automatic service which will download the package upgrades.
Install Security Updates Automatically using Cockpit in CentOS 8
Cockpit is a web-based GUI platform that allows system administrators to seamlessly have an overview of the system metrics and configure various parameters such as the firewall, create users, manage cron jobs, etc. Cockpit also allows you to set up automatic updates: package/feature updates and security updates.
To configure automatic security updates, log in to cockpit as root user by browsing the server URL as shown:
http://server-ip:9090/
On the left sidebar, click on the ‘Software updates’ option.
Next, turn the ‘Automatic Updates’ toggle ON. Be sure to select ‘Apply Security Updates’ and choose the frequency of the updates.
And this concludes our topic today. We cannot stress further the need for setting security updates on your system. This will not only keep your system safe from potential malware, at the very least but also give you peace of mind that your system is being regularly patched and staying up to date with the latest security definitions.
gnurap is right. “security” mode is only for RHEL, as CentOS is not maintaining the metadata, so you won’t get updates then….
Hi,
Have you been able to really get security updates with CentOS, since security metadata are missing from CentOS repositories?
I’m glad the article was useful to you Ben.
That a lot, always convenient to install the update automatically.