Set Linux Systems to email when updates available

How to set up Ubuntu and CentOS systems to email notifications when OS updates are available.

Ubuntu:

You can use tool called apticron to notify you when new updates are available. It sends you e-mail about pending upgrades, also giving you a choice to only send you e-mail about updates not previously notified.

To setup apticron edit /etc/apticron/apticron.conf and change line containing e-mail address:

EMAIL=”admin@example.com”
Enter the e-mail address you wish to receive notifications to.

For more information see man apticron.

CentOS 6 and 7

Yum-Cron

Yum-cron is a simple way to call yum commands from cron. It provides configuration to keep repository metadata up to date, and to check for, download, and apply updates.
Install

yum install yum-cron

Config Files:

/etc/sysconfig/yum-cron
/etc/yum/yum-daily.yum
/etc/yum/yum-weekly.yum

Check the files installed:

rpm -ql yum-cron
/etc/cron.daily/0yum.cron
/etc/rc.d/init.d/yum-cron
/etc/sysconfig/yum-cron
/etc/yum/yum-daily.yum
/etc/yum/yum-weekly.yum
/usr/share/doc/yum-cron-3.2.29
/usr/share/doc/yum-cron-3.2.29/COPYING
/usr/share/man/man8/yum-cron.8.gz

Configure the service to start a boot:

# chkconfig yum-cron on

Configure the service:

# nano /etc/sysconfig/yum-cron
# Pass any given paramter to yum, as run in all the scripts invoked
# by this package.  Be aware that this is global, and yum is invoked in
# several modes by these scripts for which your own parameter might not
# be appropriate
YUM_PARAMETER=

# Don't install, just check (valid: yes|no)
CHECK_ONLY=no

# Check to see if you can reach the repos before updating (valid: yes|no)
CHECK_FIRST=no

# Don't install, just check and download (valid: yes|no)
# Implies CHECK_ONLY=yes (gotta check first to see what to download)
DOWNLOAD_ONLY=no

# Error level, practical range 0-10, 0 means print only critical errors which
# you must be told, 1 means print all errors, even ones that are not important
# Level 0 is the default
# ERROR_LEVEL=0

# Debug level, practical range 0-10, higher number means more output
# Level 1 is a useful level if you want to see what's been done and
# don't want to read /var/log/yum.log
# Level 0 is the default
# DEBUG_LEVEL=1

# randomwait is used by yum to wait random time
# default is 60 so yum waits random time from 1 to 60 minutes
# the value must not be zero
RANDOMWAIT="60"

# if MAILTO is set and the mail command is available, the mail command
# is used to deliver yum output

# by default MAILTO is unset, so crond mails the output by itself
# example:  MAILTO=root
MAILTO=admin@mydomain.com

# you may set SYSTEMNAME if you want your yum emails tagged differently
# default is output of hostname command
# this variable is used only if MAILTO is set too
#SYSTEMNAME=""

# you may set DAYS_OF_WEEK to the days of the week you want to run
# default is every day
#DAYS_OF_WEEK="0123456"

# which day should it do cleanup on?  defaults to 0 (Sunday).  If this day isn't in the
# DAYS_OF_WEEK above, it'll never happen
CLEANDAY="0"

# set to yes to make the yum-cron service to wait for transactions to complete
SERVICE_WAITS=yes

# set maximum time period (in seconds) for the yum-cron service to wait for
# transactions to complete.  The default is 300 seconds (5 minutes)
SERVICE_WAIT_TIME=300

Edit /etc/sysconfig/yum-cron (CentOS 6) to set MAILTO= email address or /etc/yum/yum-cron.conf (CentOS 7) to set email_to= for email notifications. If you use pushover.net for notifications to your mobile or tablet device, you can set

For CentOS 6

MAILTO=yourUSERkey+devicename+p1@api.pushover.net

For CentOS 7

email_to=yourUSERkey+devicename+p1@api.pushover.net

For CentOS 7 whether or not if updates are applied are controlled by 3 variables in /etc/yum/yum-cron.conf or /etc/yum/yum-cron-hourly.conf both have the 3 variables disabled = no by default. Need to change them to yes.

# Whether a message should emitted when updates are available.
update_messages = no

# Whether updates should be downloaded when they are available. Note
# that updates_messages must also be yes for updates to be downloaded.
download_updates = no

# Whether updates should be applied when they are available.  Note
# that both update_messages and download_updates must also be yes for
# the update to be applied
apply_updates = no

Also for CentOS 7, messages either go to stdio or email, default is stdio so for emails set emit_via = email
# How to send messages.  Valid options are stdio and email.  If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages.  If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio

For CentOS 7, using sed replacements to enable yum-cron settings. This sets daily updates for full yum upgrades and hourly to security only updates.

    EMAIL=your@email.com
    sed -i "s|^email_to = root|email_to = ${EMAIL}|" /etc/yum/yum-cron.conf
    sed -i 's|^update_messages = no|update_messages = yes|' /etc/yum/yum-cron.conf
    sed -i 's|^download_updates = no|download_updates = yes|' /etc/yum/yum-cron.conf
    sed -i 's|^apply_updates = no|apply_updates = yes|' /etc/yum/yum-cron.conf
    sed -i 's|^emit_via = stdio|emit_via = email|' /etc/yum/yum-cron.conf
    sed -i "s|^email_to = root|email_to = ${EMAIL}|" /etc/yum/yum-cron-hourly.conf
    sed -i 's|^update_cmd = default|update_cmd = security|' /etc/yum/yum-cron-hourly.conf
    sed -i 's|^update_messages = no|update_messages = yes|' /etc/yum/yum-cron-hourly.conf
    sed -i 's|^download_updates = no|download_updates = yes|' /etc/yum/yum-cron-hourly.conf
    sed -i 's|^apply_updates = no|apply_updates = yes|' /etc/yum/yum-cron-hourly.conf
    sed -i 's|^emit_via = stdio|emit_via = email|' /etc/yum/yum-cron-hourly.conf   
    egrep '^email_to|^update_messages|^download_updates|^apply_updates|^emit_via' /etc/yum/yum-cron.conf
    egrep '^email_to|^update_cmd|^update_messages|^download_updates|^apply_updates|^emit_via' /etc/yum/yum-cron-hourly.conf

# service yum-cron restart

For CentOS 7 also has an hourly configuration file at /etc/yum/yum-cron-hourly.conf

# service yum-cron start

Cron Job:

You can set up a cron job as well without adding a package.
set up the scrip to run:

# nano /usr/local/bin/yumcheck

Add the following:

#! /bin/sh

UPDATES=$(yum check-update --quiet | grep -v "^$")
UPDATES_COUNT=$(echo $UPDATES | wc -l)

if [[ $UPDATES_COUNT -gt 0 ]]; then
  echo $UPDATES | mail -s "Updates for $(hostname): ${UPDATES_COUNT}" you@yourdomain.com
fi

Make executable:

# chmod +x /usr/local/bin/yumcheck

Set up the cron job:

# nano /etc/cron.d/yumcheck

Add the following to run daily:

# Cronjob to check yum nightly
30     0      *       *       *       root       /usr/local/bin/yumcheck

Set up Mail:

# yum -y install mailx

Test:

# echo "Message Body" | mail -s "Email From MAILX" email@yourdomain.com

Other resources:
http://samdoran.com/automatic-updates-in-rhel-6-and-cent-os-6/

Leave a Comment