Mastering Linux Security and Hardening
上QQ阅读APP看书,第一时间看更新

Updating Red Hat 8-based systems

The old yum utility has been around for practically forever, and it's been a good, hard-working utility. But it does have its occasional quirks, and at times it can be excruciatingly slow. But not to worry. Our heroes at Red Hat have finally done something about that, by replacing yum with dnf. Now, dnf has been tested on the Fedora distro for the past few years, and it's now a part of the RHEL 8 family. So, when you work with your CentOS 8 virtual machines, you'll use dnf instead of yum. Let's see how to do this:

  1. For the most part, you use dnf the same way that you'd use yum, with the same arguments and options. For example, to do a system upgrade, just run the following command:
sudo dnf upgrade
  1. The main functional difference between yum and dnf is that dnf has a different automatic update mechanism. Instead of installing the yum-cron package, you'll now install the dnf-automatic package, like so:
sudo dnf install dnf-automatic
  1. In the /etc/dnf directory, you'll see the automatic.conf file, which you'll configure the same way as you did the yum-cron.conf file for CentOS 7. Instead of working as a cron job, as the old yum-cron did, dnf-automatic works with a systemd timer. When you first install dnf-automatic, the timer is disabled. Enable it and start it by running the following line of code:
sudo systemctl enable --now dnf-automatic.timer
  1. Verify that it's running by typing the following line of code:
sudo systemctl status dnf-automatic.timer
  1. If it started successfully, you should see something like this:
[donnie@redhat-8 ~]$ sudo systemctl status dnf-automatic.timer
dnf-automatic.timer - dnf-automatic timer
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.timer; enabled; vendor preset: disabled)
Active: active (waiting) since Sun 2019-07-07 19:17:14 EDT; 13s ago
Trigger: Sun 2019-07-07 19:54:49 EDT; 37min left

Jul 07 19:17:14 redhat-8 systemd[1]: Started dnf-automatic timer.
[donnie@redhat-8 ~]$
For more details about dnf-automatic, type the following command:

man dnf-automatic

And that's all there is to it.

Automatic updating sounds like a good thing, right? Well, it is in some circumstances. On my own personal Linux workstations, I always like to turn it off. That's because it drives me crazy whenever I want to install a package, and the machine tells me that I have to wait until the update process finishes. In an enterprise, it might also be desirable to disable automatic updates, so that administrators can have more control over the update process.

There are special considerations about doing updates in an enterprise environment. Let's look at them next.