服务器和VPS放置在公网上,每时每刻都可能面临着各种各样的攻击,所以需要及时的更新操作系统的软件,作为一个比较懒的程序猿,肯定要做成自动化,在运维界有一句话“最懒的运维人员,是最牛的运维人员”全部自动化搞定。
配置自动化更新操作系统,需要用到的软件crontab和yum-cron。
#安装cronie和yum-cron
yum install -y cronie yum-cron
#关于yum-cron的配置文件
/etc/yum/yum-cron.conf (每天),
/etc/yum/yum-cron-hourly.conf (每小时).
#配置自动更新:
vi /etc/yum/yum-cron.conf
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix update-minimal
# minimal-security = yum --security update-minimal
# minimal-security-severity:Critical = --sec-severity=Critical update-minimal
update_cmd = default
apply_updates = yes
update_messages = yes
download_updates = yes
//设置你emAIl通知,也可以不设置:
[email]
email_from = root@localhost
email_to = root
email_host = localhost
#把cronie和yum-cron加入开机启动:
systemctl enable crond
systemctl enable yum-cron
#启动crond和yum-cron:
systemctl start crond
systemctl start yum-cron
#配置文件详解:
In any of the two configuration files, configuration is defined through the following directives:
update_cmd = value specifies the category of upgrade where value can take:
default for yum upgrade,
security for yum –security upgrade,
security-severity:Critical for yum –sec-severity=Critical upgrade,
minimal for yum –bugfix upgrade-minimal,
minimal-security for yum –security upgrade-minimal,
minimal-security-severity:Critical for yum –sec-severity=Critical upgrade-minimal.
update_messages = yes/no defines whether a mail is sent when updates from the previously specified category are available.
download_updates = yes/no specifies whether these available updates need to be downloaded.
apply_updates = yes/no defines whether these available updates need to be applied.
random_sleep = 15 specifies the maximum time in minutes to randomly sleep preserving bandwidth and avoiding download storms.
emit_via = stdio/email/none defines what kind of message is used: stdio means written into the /var/log/cron file, email causes a mail to be sent, none doesn’t do anything.
email_from = root@localhost, email_to = root, email_host = localhost defines respectively when the message is a mail the originator’s email address, the recipient’s email address and the host to which the mail is sent.
#参考:
http://linuxaria.com/howto/enabling-automatic-updates-in-centos-7-and-rhel-7
https://www.certdepot.net/rhel7-configure-automatic-updates/