We can do this with the yum-cron tool - which (as suggested) creates a cronjob to perform the updates:
sudo -y install yum-cron
We can then configure yum-cron - ensuring it only applies critical security updates:
vi /etc/yum/yum-cron.conf
and setup a mail host and destination - while ensuring that the update_cmd is set accordingly:
update_cmd minimal-security-severity:Critical
start the service:
sudo systemctl start yum-cron
and ensure it starts at boot:
sudo systemctl enable yum-cron
By default yum-cron runs on a daily basis - however this can easily be changed or the command integrated into your own cron job:
cat /etc/cron.daily/0yum-daily.cron
#!/bin/bash
# Only run if this flag is set. The flag is created by the yum-cron init
# script when the service is started -- this allows one to use chkconfig and
# the standard "service stop|start" commands to enable or disable yum-cron.
if [[ ! -f /var/lock/subsys/yum-cron ]]; then
exit 0
fi
# Action!
exec /usr/sbin/yum-cron
No comments:
Post a Comment