Home >Operation and Maintenance >CentOS >How to update security patches for CentOS/RHEL systems
How to update security patches for CentOS/RHEL systems
- 藏色散人forward
- 2021-01-21 11:36:162588browse
The following tutorial column from centos will introduce to you how to update security patches for CentOS/RHEL systems. I hope it will be helpful to friends who need it!
| Introduction | On a Linux system, one of the most important requirements is to keep regularly updated with the latest security patches, or for the corresponding Linux Version updates with available security patches. In this article, we will share how to set up automatic updates of important security patches when needed in CentOS/RHEL 7/6 versions. Similar methods can be used to configure other Linux versions of the same family (Fedora or Scientific Linux). |
Configuring automatic security updates on CentOS/RHEL7 systems
On CentOS/RHEL 7/6 system, you need to install the following installation package:
# yum update -y ; yum install yum-cron -y
After the installation is completed, open /etc/yum/yum-cron.conf, and then find the following lines, you must ensure that their values are the same as shown below
update_messages = yes download_updates = yes apply_updates = yes
The first line indicates that the automatic update command line should look like this:
# yum --security upgrade
And the others This ensures that security upgrades can be notified and automatically downloaded and installed.
The following lines are also required in order for notifications from root@localhost to be emailed to the same account (again, you can choose a different account if you want this).
emit_via = email email_from = root@localhost email_to = root
Enable automatic security updates on CentOS/RHEL 6
By default, the cron task is configured to download and install all updates immediately, but we can pass the following two parameters in the /etc/sysconfig/yum-cron configuration file Change this behavior to yes.
# 不要安装,只做检查(有效值: yes|no) CHECK_ONLY=yes # 不要安装,只做检查和下载(有效值: yes|no) # 要求 CHECK_ONLY=yes(先要检查后才可以知道要下载什么) DOWNLOAD_ONLY=yes
In order to enable email notifications about package updates, you need to set the MAILTO parameter to a valid email address.
# 默认情况下 MAILTO 是没有设置的,crond 会将输出发送邮件给自己 # (执行 cron 的用户,这里是 root) # 例子: MAILTO=root MAILTO=admin@tecmint.com
Finally, open and enable the yum-cron service:
------------- On CentOS/RHEL 7 ------------- systemctl start yum-cron systemctl enable yum-cron ------------- On CentOS/RHEL 6 ------------- # service yum-cron start # chkconfig --level 35 yum-cron on
Congratulations, you have successfully set up automatic upgrade on the CentOS/RHEL 7/6 system .
Summarize
In this article, we discuss how to keep your server regularly updated or upgraded with the latest security patches. Additionally, to ensure that you know when new patches are applied, you also learned how to configure email notifications.
The above is the detailed content of How to update security patches for CentOS/RHEL systems. For more information, please follow other related articles on the PHP Chinese website!