Setting automatic server patching/updating on Red Hat/Centos

This is a trail of how we got some scheduled patching/updating working on our Red Hat and CentOS machines using cron jobs that notify us via email.

TCP Wrappers

  • If you are using tcp wrappers you will need to allow sendmail by editing the /etc/hosts.allow file. Simply add something like this to your hosts.allow file
    sendmail : All : All

Update config (depends on if you are using Yum or up2date, you choose)

Using Yum

  • We did not want kernel upgrades to be done automatically and we had to set a proxy so we added the following lines to the /etc/yum.conf file
    exclude=*kernel*
    proxy=yourproxy.com.au:port

Using up2date

  • run up2date – – configure and follow the prompts

Executable file

  • Next we created an executable file that can be called by the crontab (notice the -y, this answers yes to all of the questions automatically so that the updates will run) There is one example for each system
#!/bin/bash
yum -y update
updatedb
  #!/bin/bash
  up2date -u -v
  updatedb
  • After creating this file be sure to make it executable (as root, type)
    chmod 755 name_of_file.sh

Cron Job

  • We created the following example (to run it once a week on Sundays at 1 past 1 am)
    MAILTO=me@here.com, you@there.com, them@there.com
    1 1 * * 0 /location_of_executable file.sh
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s