Automatically Install Security Updates in CentOS 7 with Yum-Cron

2 min read

Yum-cron is a yum module and command-line tool that allows a user to configure a cron job for the Yum package manager.

Step 1: Installing Yum-cron Utility in CentOS 7

The Yum-cron comes preinstalled on CentOS 7, but if for whatever reason it is not present, you can install it by running the command.

# yum install yum-cron

Once the installation is complete, confirm the existence of yum-cron utility by running the rpm command with grep command.

# rpm -qa | grep yum-cron

Step 2: Configuring Automatic Security Updates in CentOS 7

After the successful installation of the yum-cron utility, you need to configure it to automatically retrieve security updates and update your system. There are 2 kinds of updates: the default update which is initialized using the yum update command, minimal update and finally the security update.

In this guide, we will configure the system to automatically receive security updates. So open and edit the yum-cron.conf file located in the path shown.

# vi /etc/yum/yum-cron.conf

Locate the string update_cmd. By default, this is set to default. Now edit and set the value to ‘security’.

update_cmd = security

Next, locate the update_messages parameter and ensure its value is set to ‘yes’.

update_messages = yes

Likewise, do the same for download_updates as well as apply_updates.

download_updates = yes
apply_updates = yes

Save and exit the configuration file.

For the changes to come into effect, start and enable the yum-cron daemon or service on boot as shown.

# systemctl start yum-cron
# systemctl enable yum-cron
# systemctl status yum-cron

Step 3: How to Exclude Packages from Updating in Yum

Sometimes, you may need to maintain the version of packages and not update them due to compatibility issues that may arise with other applications that depend on the package. Sometimes, this may even include the kernel itself.

To achieve this, head back to the yum-cron.conf configuration file. At the bottom, in the [base] section, append a line with the ‘exclude’ parameter and define the packages you want to exclude from updating.

exclude = mysql* php* kernel*

All package names that begin with mysql & php will be excluded from automatic updates.

Restart yum-cron to effect the changes.

# systemctl restart yum-cron

Step 4: Checking yum-cron Logs

The yum-cron logs are stored in /var/log/yum.log file. To view the packages that have been updated run the cat command.

# cat /var/log/yum.log  | grep -i updated

Automatic system updates are controlled by a cron job that runs daily and is stored in the /var/log/cron file. To check the logs for the daily cron job run.

# cat /var/log/cron | grep -i yum-daily

Your CentOS 7 system is now fully configured for automatic security updates and you won’t have to stress over manually updating your system.

We want to hear your thoughts about this. Is there anything in particular that you love about it? What can we do to improve our services and experience? Leave a comment below or open a ticket on our helpdesk and we’ll personally review all suggestions and feedback. 

About Servercheap.NET

Since it was founded in 2015, Servercheap has always strived to provide its clients with enterprise-level performance at an unbeatable cost. Servercheap offers a wide range of customizable hybrid and virtual private server hosting services. All Servercheap clients enjoy a 99.9% uptime SLA and 24/7 rapid response support team.
At Servercheap, our core directive has always been to provide our clients with the best services and infrastructure possible, whether you’re hosting a game server, a high-intensity database, a development environment, or anything in-between.
For more information, visit

Leave a Reply

Your email address will not be published. Required fields are marked *