One central part of keeping Linux servers secure is installing security updates on time. Therefore, keeping the system up to date is one of the most critical tasks for Linux administrators.
One of the most common approaches used by Linux system administrators is manually installing security updates. However, the problem with this approach is that it cannot ensure consistent regularity.
In other words, if the administrator forgets or is prevented for some reason from performing this action, it can lead to serious security threats.
Fortunately, RHEL-based Linux derivatives like Rocky Linux and AlmaLinux provide a ready-made solution to deal with this case that can be quickly and easily implemented without much effort. As a result, the security of your Linux system will be strengthened. So let us show you how.
Set up Automatic Updates on Rocky Linux / AlmaLinux
To enable automatic updates on your Rocky Linux or AlmaLinux system, you need to install the dnf-automatic package and then configure it according to your needs. So let’s first install it using the following DNF command:
sudo dnf install dnf-automatic
After installing the dnf-automatic package, you should edit /etc/dnf/automatic.conf to configure the settings. So, use your preferred text editor to open the file:
sudo vim /etc/dnf/automatic.confMake sure the apply_updates option is set to yes. By default, its value is no. Otherwise, dnf-automatic will download but not install available updates.
You can then change the value of the upgrade_type option. By default, all packages are updated, but this can be risky if some of your applications are sensitive to updates. So you could change it to only apply security updates by replacing the default value with security.
However, our recommendation is to stick with the default option.
Additionally, after each automatic update, you can further configure the options in the [email] section if you want to receive email notifications from your Rocky Linux / AlmaLinux system.
The next step is optional, but you can configure the dnf-automatic.timer service according to your needs if you want. Unlike some systemd services, dnf-automatic is implemented as a timer rather than a service that runs in the background perpetuity.
But what are timers? Let us explain. Timers are systemd unit files that end in .timer and control .service files or events. In other words, they can be used as an alternative to cron.
sudo systemctl edit dnf-automatic.timerCode language: CSS (css)In the configuration below, the automatic update process on your Rocky Linux or AlmaLinux system will start between 6:00 am and 7:00 am. The RandomizedDelaySec=60m option is used as a random extra time delta to avoid all of your machines updating simultaneously.
Finally, to update and enable the dnf-automatic service, use the command shown below:
sudo systemctl enable --now dnf-automatic.timerCode language: CSS (css)
Use the following command to check the status of the automatic update process:
sudo systemctl list-timers dnf-*Code language: PHP (php)Conclusion
This article taught you how to configure the automatic installation of the updates on your Rocky Linux or AlmaLinux system. The dnf-automatic service keeps your system updated and secure by installing the most recent updates and security patches as soon as they become available.
We strongly advise you to use this feature, at the very least, for security updates. Many compromised hosts would have been safe if they had used the dnf-automatic tool.
We hope you found this guide helpful. Any suggestions and comments are welcome in the comments section below.
