How to use yum-cron to automatically update RHEL/CentOS Linux

The yum command line tool is used to install and update software packages under RHEL / CentOS Linux server. I know how to apply updates using yum update command line, but I would like to use cron to update packages where appropriate manually. How do I configure yum to install software patches/updates automatically with cron?

WARNING! These instructions only work on RHEL or CentOS version 7.x. For RHEL/CentOS version 8.x, see “how to enable automatic updates for RHEL/CentOS 8“.

You need to install yum-cron package. It provides files needed to run yum updates as a cron job. Install this package if you want auto yum updates nightly via cron. This page shows how to automatically update RHEL or CentOS Linux using yum-cron.

Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements RHEL/CentOS 7.x
Est. reading time 4 minutes

How to install yum-cron on a CentOS/RHEL 6.x/7.x

Type the following yum command on:
$ sudo yum install yum-cron
How to install yum-cron on CentOS RHEL server
Turn on service using systemctl command on CentOS/RHEL 7.x:
$ sudo systemctl enable yum-cron.service
$ sudo systemctl start yum-cron.service
$ sudo systemctl status yum-cron.service

 yum-cron.service - Run automatic yum updates as a cron job
   Loaded: loaded (/usr/lib/systemd/system/yum-cron.service; enabled; vendor preset: disabled)
   Active: active (exited) since Sat 2020-06-06 22:21:12 IST; 2h 33min ago
  Process: 1185 ExecStart=/bin/touch /var/lock/subsys/yum-cron (code=exited, status=0/SUCCESS)
 Main PID: 1185 (code=exited, status=0/SUCCESS)
    Tasks: 0
   CGroup: /system.slice/yum-cron.service

Jun 06 22:21:12 centos7-box systemd[1]: Starting Run automatic yum updates as a cron job...
Jun 06 22:21:12 centos7-box systemd[1]: Started Run automatic yum updates as a cron job.

If you are using CentOS/RHEL 6.x, run:
$ sudo chkconfig yum-cron on
$ sudo service yum-cron start

How to turn on yum-cron-service on CentOS or RHEL server
yum-cron is an alternate interface to yum. Very convenient way to call yum from cron. It provides methods to keep repository metadata up to date, and to check for, download, and apply updates. Rather than accepting many different command line arguments, the different functions of yum-cron can be accessed through config files.

How to configure yum-cron to automatically update RHEL/CentOS Linux

You need to edit /etc/yum/yum-cron.conf and /etc/yum/yum-cron-hourly.conf files using a text editor such as vi command:
$ sudo vi /etc/yum/yum-cron.conf
Make sure updates should be applied when they are available
apply_updates = yes
You can set the address to send email messages from. Please note that ‘localhost’ will be replaced with the value of system_name.
email_from = root@localhost
List of addresses to send messages to.
email_to = your-it-support@some-domain-name
Name of the host to connect to to send email messages.
email_host = localhost
If you do not want to update kernel package add the following on CentOS/RHEL 7.x:
For RHEL/CentOS 6.x add the following to exclude kernel package from updating:
Save and close the file in vi/vim. You also need to update /etc/yum/yum-cron-hourly.conf file if you want to apply update hourly. Otherwise /etc/yum/yum-cron.conf will run on daily using the following cron job (use cat command to see the file):
$ cat /etc/cron.daily/0yum-daily.cron
Sample outputs:

# Only run if this flag is set. The flag is created by the yum-cron init
# script when the service is started -- this allows one to use chkconfig and
# the standard "service stop|start" commands to enable or disable yum-cron.
if [[ ! -f /var/lock/subsys/yum-cron ]]; then
  exit 0
# Action!
exec /usr/sbin/yum-cron /etc/yum/yum-cron-hourly.conf

Here is an updated version from CentOS 7.x:
[root@centos7-box yum]# cat /etc/cron.daily/0yum-daily.cron

# Only run if this flag is set. The flag is created by the yum-cron init
# script when the service is started -- this allows one to use chkconfig and
# the standard "service stop|start" commands to enable or disable yum-cron.
if [[ ! -f /var/lock/subsys/yum-cron ]]; then
  exit 0
# Action!
exec /usr/sbin/yum-cron

That is all. Now your system will update automatically everyday using yum-cron. See man page of yum-cron for more details:
$ man yum-cron

Method 2 – Use shell scripts

Warning: The following method is outdated. Do not use it on RHEL/CentOS 6.x/7.x. I kept it below for historical reasons only when I used it on CentOS/RHEL version 4.x/5.x.

Let us see how to configure CentOS/RHEL for yum automatic update retrieval and installation of security packages. You can use yum-updatesd service provided with CentOS / RHEL servers. However, this service provides a few overheads. You can create daily or weekly updates with the following shell script. Create

  • /etc/cron.daily/ to apply updates one a day.
  • /etc/cron.weekly/ to apply updates once a week.

Sample shell script to update system

A shell script that instructs yum to update any packages it finds via cron:

$YUM -y -R 120 -d 0 -e 0 update yum
$YUM -y -R 10 -e 0 -d 0 update

(Code listing -01: /etc/cron.daily/


  1. First command will update yum itself and next will apply system updates.
  2. -R 120 : Sets the maximum amount of time yum will wait before performing a command
  3. -e 0 : Sets the error level to 0 (range 0 – 10). 0 means print only critical errors about which you must be told.
  4. -d 0 : Sets the debugging level to 0 – turns up or down the amount of things that are printed. (range: 0 – 10).
  5. -y : Assume yes; assume that the answer to any question which would be asked is yes.

Make sure you setup executable permission:
# chmod +x /etc/cron.daily/


This page explained how to install yum-cron package to update and apply security updates automatically.

  1. yum man page here
  2. yum command: Update / Install Packages under Redhat Enterprise / CentOS Linux Version 5.x
  3. How do I add jobs to cron under Linux or UNIX oses?

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 16 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
16 comments… add one
  • cod3fr3ak May 19, 2009 @ 14:38

    Good info. Thanks!

  • Marcus Moeller May 19, 2009 @ 16:29

    This is where yum-updatesd is for. Please take a look at:


    for configuration parameters. Updates will automatically be applied with:

    do_update = yes

    Best Regards

  • Patrick May 19, 2009 @ 19:22

    As Marcus said, yum-updatesd already does this !
    And as it’s not yet clearly said, auto updating is not recommended at all on production servers !!!
    Only do this on test or dev servers… or your linux desktop.
    Best regards

  • yum-check May 25, 2009 @ 6:20

    I use script called yum-check from CentOS wiki. It works great, its called from cron.daily and if there is a updates, send a mail to me. You can set only notify, download or direct download and install updates.

  • sys01admin Sep 13, 2010 @ 18:47

    True, yum-updatesd already does handle ad hoc updates defined by the run_interval and updaterefresh intervals. My question is how do you define a specific time for updates. e.g. in production you want all servers to update say Friday, 3:00am, or nightly at 2:00am. Apart from cron how is that done?

    • 🐧 nixCraft Sep 13, 2010 @ 19:22

      You have three options:
      1) Write your own tool and push updates on all hosts using custome programming and cron jobs.
      2) Use patch managment software such as PatchLink Update Server, Novell ZENworks Linux Management, RHEL satellite/Spacewalk etc.
      3) Use other open source system management tools such as Chef, Puppet, and, Cfengine.

      • sys01admin Sep 15, 2010 @ 13:23

        Thanks Vivek, very helpful!

        • Florian Heigl May 2, 2015 @ 18:31

          Ah, so after everyone pointing to yum-updatesd, once the point of not blindly rebooting at random times comes up we suddenly agree that the top example of doing it from cron actually wasn’t so stupid at all.

          Internet, full of wonders.

  • Antonio Sep 8, 2011 @ 10:43

    Why -R is equal to 120? Why yum will wait 120 minutes to start ?

    • Jason Aug 12, 2015 @ 15:49

      The -R flag makes yum wait a random number of minutes between 0 and the value before starting. The reason it is in there is so when a million people copy this script onto their machines, they don’t all attempt to hit the Redhat update servers at exactly 12:00 GMT every night and DOS them. This spreads the load out.

  • Mykolas OK Nov 9, 2011 @ 17:36

    Patric says: updating is not recommended at all on production servers

    I would like to make critical updates (bug fixes) on my production servers daily.
    Is it not good idea?

    How to organize it without updating packages to new versions?

    Thank you for comments.

  • Annegret Feb 7, 2012 @ 15:26

    Bravo!!! You have taken a farufel task and made it come out smooth. WELL DONE TUTORIAL!

  • Christian Apr 2, 2012 @ 6:59

    Nice tutorial. BTW, why isn’t it recommended to auto-update? I can choose the repos and sources I want to install, and if I have a server for which security is critical – why not keep it up to date?
    Of course, external sources/repos and Alpha/Beta/RC software isn’t a good idea on those – but if I stick to the original repos, then what is in the way of having a cron job do the work.
    BTW, I think the -R 120 option is for having yum wait in case that it cannot perform its job right away. But feel free to correct me, if I am wrong.

  • guest007 Mar 7, 2013 @ 2:05

    Updating automatically is not recommended on production servers because you do not know if it will break anything in your application, there are many instances where due to a patch you might need to update your application.

    As to how do organizations do it, you have a patching cycle where you would apply updates to QA/test environment and have QA regress to make sure there are no issues. Next you apply same updates to staging and perform QA. Lastly you go through change control and apply updates to production (usually do half the farm), and QA. After half the production farm is updated and performing without issues, go ahead and patch the remaining servers. At least this is how it is done in 24x7x365 environments.

  • kubrick Apr 24, 2013 @ 9:39

    If you want automatic updates in CentOS 6, install this package:
    yum install yum-cron


  • Anonymous Mar 9, 2021 @ 9:12

    How to enable automatic updates on CentOS 8 desktop and RHEL 8 EC2 server ? Please help me yum install yum-cron said:

    Last metadata expiration check: 2:25:36 ago on Tue Mar  9 06:46:14 2021.
    No match for argument: yum-cron
    Error: Unable to find a match: yum-cron

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum