The security of the operating system is a key point in the integrity, availability and reliability of system resources since some vulnerability that is present will undoubtedly lead to global and systematic failures that will have a negative impact on the behavior of the system..
CentOS 8 was recently launched and security is one of its main bastions and something closely linked to this are the updates that are available periodically for the system. Remember that in Linux operating systems, it is advisable to update the system packages by applying the available updates up to 2 months after an operating system has been officially launched. This is due to the fact that in this period of time vulnerabilities and possible errors in the system can be detected .
As CentOS 8 administrators we have the possibility of activating automatic updates or not and this is because the updates will be downloaded and applied automatically when they are available, but they can affect the system performance if they are of a considerably large size..
TechnoWikis will explain how to disable automatic updates, as well as their activation if necessary in CentOS 8.
1. How to set automatic updates in CentOS 8 using DNF-automatic RPM packages
The RPM Package Manager (RPM) is a package management system thanks to which we will be able to carry out actions such as:
- Run the installation, update and uninstallation of packaged software.
- Build software from the source in packages that can be distributed comprehensively.
- Verify the integrity of the packaged software and the installation of the current software.
- Consult detailed information about the system software independent of whether it is installed or not.
In the case of automatic updates we will use the DNF-automatic RPM package which integrates functions to be executed automatically, as well as work regularly from systemd timers, cron jobs and more..
This RPM package will accept a single optional argument which is redirected to the configuration file, so if we do not enter any configuration file from the command line, the path /etc/dnf/automatic.conf will be used by default.
DNF-automatic is in charge of synchronizing the metadata of the package where apply to be able to search for the updates available in CentOS 8 and after that you can only download the packages or download and apply the packages. As a result, we will get details either through standard output, email or MOTD messages.
Step 1
To install this RPM package we will run the following line in CentOS 8:
dnf install dnf-automatic
Step 2
Enter the letter "s" to confirm the download of the RPM package:
Step 3
To access more complete details of the DNF-automatic RPM package we can execute the following:
rpm -qi dnf-automatic
Step 4
Now we will configure the automatic updates using this RPM package, for this we must access the configuration file located in the path /etc/dnf/automatic.conf, we will access with some text editor for editing:
nano /etc/dnf/automatic.conf
Step 5
For our updates to be automatic (both download and apply), we must configure the following lines as follows:
[commands] upgrade_type = default random_sleep = 0 download_updates = yes apply_updates = yes [emitters] emit_via = motd [e-mail] email_from = [email protected] email_to = root email_host = localhost [base] debuglevel = 1
Step 6
If we want DNF-automatic to only download the updates but not install them, we must assign the following value:
apply_updates = no
Once we apply the changes we proceed to save them using the Ctrl + O keys and exit the editor using the Ctrl X keys.
Step 7
Finally, we will execute DNF-automatic, for this we will execute the following command in order to schedule the automatic DNF updates in CentOS 8:
systemctl enable --now dnf-automatic.timer
Step 8
This command is responsible for enabling and starting the system timer which we can verify with the following command:
systemctl list-timers * dnf- *
In this way we have enabled automatic updates in CentOS 8 using the RPM DNF-automatic package.
2. How to disable automatic updates in CentOS 8 through DNF-automatic RPM packages
Just as it is simple to schedule both the download and the installation of updates in CentOS 8 using this medium.
Step 1
We can also prevent updates from being downloaded to the system, for this we access the DNF-automatic configuration file:
nano /etc/dnf/automatic.conf
Step 2
There we must apply the following values ​​in the respective lines:
download_updates = no apply_updates = no
This will not download or install updates in CentOS 8. We save the changes with the Ctrl + O keys and exit the editor with the Ctrl + X keys.
Step 3
Finally, we restart the dnf-automatic service to complete the changes:
systemctl restart dnf-automatic
3. How to activate automatic updates in CentOS 8 through the web console
CentOS 8 integrates Cockpit which is a web administration console which allows us to perform various operations of management and administration of the operating system, for its installation you can visit the following link of TechnoWikis:
How to install Cockpit Web Console on Centos 8
Step 1
To access it we must go to a browser and enter the following:
https: // Server_IP: 9090
After this we will enter the root user credentials:
Step 2
When accessing there, the utility will check for updates automatically (checking updates):
Step 3
If there are updates, we will see the message “Updates availableâ€:
Step 4
To configure automatic updates through this tool, we will go to the "Software updates" section in the left side panel and to activate these updates click on the "Automatic updates" switch so that its status becomes ON:
Step 5
Now, at the bottom it will be possible:
- Define the type of updates to download (all or only security)
- Define the search frequency (each day or a specific day)
Note that in the final part is the legend "and restart the machine automatically" which by default will restart CentOS 8 affecting work if we do not have the update time in mind.
4. How to disable automatic updates in CentOS 8 through the web console
Finally, from the same console it will be possible to disable automatic updates in CentOS 8. To do this we access the console and from the “Software updates†section, simply press the “Automatic updates†switch so that its status becomes Off:
There we can click on the "Install all updates" button to download and install all updates manually or select only the desired updates in the central panel.
With either of these two methods it will be possible to activate or not automatic updates in CentOS 8.