In today’s world, where vulnerabilities are found daily, it is imperative that you keep your servers updated. If you do not have the time and energy to do it manually, there’s a simple solution from a package called dnf-automatic.
First, we install the dnf-automatic package:
dnf install -y dnf-automatic
Next, we update the configuration to apply the updates automatically.
Edit /etc/dnf/automatic.conf with your favorite editor (vi/nano etc) and replace:
apply_updates = no
apply_updates = yes
By default, all packages are updated. This can be risky if your application is generally sensitive to updates, so you could set it to apply only the security updates by replacing
upgrade_type = default
upgrade_type = security
You can also set up the email notifications by [email] block with your email address and the source address.
In the end, we need to start and enable the dnf-automatic service. We do this by running:
systemctl enable --now dnf-automatic.timer
We strongly suggest to use this feature, at least for security updates. There are too many compromised hosts which would have been safe have they used dnf-automatic or similar automatic updates tools