Auto Upate Config Script
Some of the systems I work on need there packages update fairly regular for security and bugs, This script will install the need packages and configure/activate the auto update cron
Keeping your system up-to-date with the latest packages and security updates can be a tedious when maintaining lots of server. Most part-time admins forget to do it, leaving the systems vulnerable to countless threats. Automate security (or other package) updates with this script
Works on most RedHat and Ubuntu based systems, and before you begin yawning
You can download this script here.or at the bottom of the page
System Variables
###########################
#### System Variables ####
###########################
OS=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}' | tr '[:upper:]' '[:lower:]')
OSVER=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="' | awk -F. '{print $1}')
aptcnf="/etc/apt/apt.conf.d"
dnfcnf="/etc/dnf/automatic.conf"
yum6cnf="/etc/sysconfig/yum-cron"
yum7cnf="/etc/yum/yum-cron.conf" I use this function in place of cat from time to time works well for files that have no indenting
###################################
#### Copy to EOF file function ####
###################################
function no_show() {
{
expand | awk 'NR == 1 {match($0, /^ */); l = RLENGTH + 1}
{print substr($0, l)}'
}
} Detect the OS and OS Version
###########################################################
#### Detect Package Manger from OS and OSVer Variables ####
###########################################################
if [ "${OS}" = ubuntu ]; then
PAKMGR="apt-get -y"
elif [[ ${OS} = centos || ${OS} = redhat || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
if [ "${OSVER}" = 7 ]; then
PAKMGR="yum -y"
fi
if [ "${OSVER}" = 8 ]; then
PAKMGR="dnf -y"
fi
fi Simple code to add auto updating service
#####################################
#### Install Auto Update Service ####
#####################################
if [[ ${OS} = centos || ${OS} = redhat || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
if [ "${OSVER}" = 6 ] || [ "${OSVER}" = 7 ]; then
${PAKMGR} update
${PAKMGR} install yum-cron
if [ "${OSVER}" = 6 ]; then
chkconfig yum-cron on
chkconfig yum-updatesd off
service yum-updatesd stop
#echo 'exclude= http php* kernel*' >> /etc/yum.conf # <-- If you need to add exclude package from updating
#sed -i 's/YUM_PARAMETER=""/YUM_PARAMETER="-x http -x php* -x kernel*"/g' >> $yum6cnf # <-- If you need to add exclude package from updating
sed -i 's/CHECK_ONLY=yes/CHECK_ONLY=no/g' $yum6cnf
sed -i 's/DOWNLOAD_ONLY=yes/DOWNLOAD_ONLY=no/g' $yum6cnf
sed -i 's/MAILTO=/MAILTO=root/g' $yum6cnf
service yum-cron start
fi
if [ "${OSVER}" = 7 ]; then
sed -i 's/update_cmd = default/update_cmd = security/g' $yum7cnf #<-- comment this out for ALL available upgrades
sed -i 's/apply_updates = no/apply_updates = yes/g' $yum7cnf
sed -i 's/download_updates = no/download_updates = yes/g' $yum7cnf
systemctl enable --nom yum-cron
fi
fi
if [ "${OSVER}" = 8 ] || [ "${OSVER}" = 9 ]; then
${PAKMGR} update
${PAKMGR} install dnf-automatic
sed -i 's/upgrade_type = default/upgrade_type = security/g' $dnfcnf #<-- comment this out for ALL available upgrades
sed -i 's/apply_updates = no/apply_updates = yes/g' $dnfcnf
systemctl enable --now dnf-automatic.timer
fi
elif [ "${OS}" = ubuntu ]; then
${PAKMGR} upgrade
${PAKMGR} install unattended-upgrades apticron
touch $aptcnf/20auto-upgrades
no_show << EOF > $aptcnf/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF
sed -i 's/\/\/Unattended-Upgrade\:\:Mail "root";/Unattended-Upgrade\:\:Mail "root";/g' $aptcnf/50unattended-upgrades
fi You can download this script here
Comments