{{tag>[security centos6.5]}}

=====Automatic updates with yum-cron (and reboot if necessary)=====
My repo server syncs the repositories between 13:00 and 16:00 local time. It will reboot at 06:00 if a kernel update has been installed.

Clients update at around 03.00 via cron.daily. See: /etc/anacrontab. 

===Install yum-cron===
  yum install yum-cron
  chkconfig yum-cron on

===Configure yum-cron===
  vi /etc/sysconfig/yum-cron
<code>YUM_PARAMETER=
CHECK_ONLY=no
CHECK_FIRST=no
DOWNLOAD_ONLY=no
RANDOMWAIT="60"
MAILTO=<email@address>
CLEANDAY="0"
SERVICE_WAITS=yes
SERVICE_WAIT_TIME=300</code>

===Add reboot script===
The yum-cron script /etc/cron.daily/0yum.cron will start before the reboot script /etc/cron.daily/1new-kernel-reboot because of sorting.
  vi /etc/cron.daily/1new-kernel-reboot
<code>#!/bin/bash
entry=`cat /boot/grub/grub.conf | grep '^default' | cut -d '=' -f2`
entry=`expr $entry + 1`
if [ "`cat /boot/grub/grub.conf | grep '^title' | tail -n +$entry | head -1 | sed -e 's/.*(\(.*\)).*/\1/'`" != "`uname -r`" ]; then
  sleep 10 ; shutdown -r +5
fi</code>

  chmod +x /etc/cron.daily/1new-kernel-reboot