Set Linux Systems to email when updates available

March 22, 2017 The Geek Decoder No Comments Administration

How to set up Ubuntu and CentOS systems to email notifications when OS updates are available.

Ubuntu:

You can use tool called apticron to notify you when new updates are available. It sends you e-mail about pending upgrades, also giving you a choice to only send you e-mail about updates not previously notified.

To setup apticron edit /etc/apticron/apticron.conf and change line containing e-mail address:

EMAIL=”admin@example.com”
Enter the e-mail address you wish to receive notifications to.

For more information see man apticron.

CentOS 6 and 7

Yum-Cron

Yum-cron is a simple way to call yum commands from cron. It provides configuration to keep repository metadata up to date, and to check for, download, and apply updates.
Install

yum install yum-cron

Config Files:

/etc/sysconfig/yum-cron
/etc/yum/yum-daily.yum
/etc/yum/yum-weekly.yum

Check the files installed:

rpm -ql yum-cron
/etc/cron.daily/0yum.cron
/etc/rc.d/init.d/yum-cron
/etc/sysconfig/yum-cron
/etc/yum/yum-daily.yum
/etc/yum/yum-weekly.yum
/usr/share/doc/yum-cron-3.2.29
/usr/share/doc/yum-cron-3.2.29/COPYING
/usr/share/man/man8/yum-cron.8.gz

Configure the service to start a boot:

# chkconfig yum-cron on

Configure the service:

# nano /etc/sysconfig/yum-cron

# Pass any given paramter to yum, as run in all the scripts invoked
# by this package.  Be aware that this is global, and yum is invoked in
# several modes by these scripts for which your own parameter might not
# be appropriate
YUM_PARAMETER=

# Don't install, just check (valid: yes|no)
CHECK_ONLY=no

# Check to see if you can reach the repos before updating (valid: yes|no)
CHECK_FIRST=no

# Don't install, just check and download (valid: yes|no)
# Implies CHECK_ONLY=yes (gotta check first to see what to download)
DOWNLOAD_ONLY=no

# Error level, practical range 0-10, 0 means print only critical errors which
# you must be told, 1 means print all errors, even ones that are not important
# Level 0 is the default
# ERROR_LEVEL=0

# Debug level, practical range 0-10, higher number means more output
# Level 1 is a useful level if you want to see what's been done and
# don't want to read /var/log/yum.log
# Level 0 is the default
# DEBUG_LEVEL=1

# randomwait is used by yum to wait random time
# default is 60 so yum waits random time from 1 to 60 minutes
# the value must not be zero
RANDOMWAIT="60"

# if MAILTO is set and the mail command is available, the mail command
# is used to deliver yum output

# by default MAILTO is unset, so crond mails the output by itself
# example:  MAILTO=root
MAILTO=admin@mydomain.com

# you may set SYSTEMNAME if you want your yum emails tagged differently
# default is output of hostname command
# this variable is used only if MAILTO is set too
#SYSTEMNAME=""

# you may set DAYS_OF_WEEK to the days of the week you want to run
# default is every day
#DAYS_OF_WEEK="0123456"

# which day should it do cleanup on?  defaults to 0 (Sunday).  If this day isn't in the
# DAYS_OF_WEEK above, it'll never happen
CLEANDAY="0"

# set to yes to make the yum-cron service to wait for transactions to complete
SERVICE_WAITS=yes

# set maximum time period (in seconds) for the yum-cron service to wait for
# transactions to complete.  The default is 300 seconds (5 minutes)
SERVICE_WAIT_TIME=300

Edit /etc/sysconfig/yum-cron (CentOS 6) to set MAILTO= email address or /etc/yum/yum-cron.conf (CentOS 7) to set email_to= for email notifications. If you use pushover.net for notifications to your mobile or tablet device, you can set

For CentOS 6

MAILTO=yourUSERkey+devicename+p1@api.pushover.net

For CentOS 7

email_to=yourUSERkey+devicename+p1@api.pushover.net

For CentOS 7 whether or not if updates are applied are controlled by 3 variables in /etc/yum/yum-cron.conf or /etc/yum/yum-cron-hourly.conf both have the 3 variables disabled = no by default. Need to change them to yes.

# Whether a message should emitted when updates are available.
update_messages = no

# Whether updates should be downloaded when they are available. Note
# that updates_messages must also be yes for updates to be downloaded.
download_updates = no

# Whether updates should be applied when they are available.  Note
# that both update_messages and download_updates must also be yes for
# the update to be applied
apply_updates = no


Also for CentOS 7, messages either go to stdio or email, default is stdio so for emails set emit_via = email
# How to send messages.  Valid options are stdio and email.  If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages.  If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio

For CentOS 7, using sed replacements to enable yum-cron settings. This sets daily updates for full yum upgrades and hourly to security only updates.

    EMAIL=your@email.com
    sed -i "s|^email_to = root|email_to = ${EMAIL}|" /etc/yum/yum-cron.conf
    sed -i 's|^update_messages = no|update_messages = yes|' /etc/yum/yum-cron.conf
    sed -i 's|^download_updates = no|download_updates = yes|' /etc/yum/yum-cron.conf
    sed -i 's|^apply_updates = no|apply_updates = yes|' /etc/yum/yum-cron.conf
    sed -i 's|^emit_via = stdio|emit_via = email|' /etc/yum/yum-cron.conf
    sed -i "s|^email_to = root|email_to = ${EMAIL}|" /etc/yum/yum-cron-hourly.conf
    sed -i 's|^update_cmd = default|update_cmd = security|' /etc/yum/yum-cron-hourly.conf
    sed -i 's|^update_messages = no|update_messages = yes|' /etc/yum/yum-cron-hourly.conf
    sed -i 's|^download_updates = no|download_updates = yes|' /etc/yum/yum-cron-hourly.conf
    sed -i 's|^apply_updates = no|apply_updates = yes|' /etc/yum/yum-cron-hourly.conf
    sed -i 's|^emit_via = stdio|emit_via = email|' /etc/yum/yum-cron-hourly.conf   
    egrep '^email_to|^update_messages|^download_updates|^apply_updates|^emit_via' /etc/yum/yum-cron.conf
    egrep '^email_to|^update_cmd|^update_messages|^download_updates|^apply_updates|^emit_via' /etc/yum/yum-cron-hourly.conf


# service yum-cron restart

For CentOS 7 also has an hourly configuration file at /etc/yum/yum-cron-hourly.conf

# service yum-cron start

Cron Job:

You can set up a cron job as well without adding a package.
set up the scrip to run:

# nano /usr/local/bin/yumcheck

Add the following:

#! /bin/sh

UPDATES=$(yum check-update --quiet | grep -v "^$")
UPDATES_COUNT=$(echo $UPDATES | wc -l)

if [[ $UPDATES_COUNT -gt 0 ]]; then
  echo $UPDATES | mail -s "Updates for $(hostname): ${UPDATES_COUNT}" you@yourdomain.com
fi

Make executable:

# chmod +x /usr/local/bin/yumcheck

Set up the cron job:

# nano /etc/cron.d/yumcheck

Add the following to run daily:

# Cronjob to check yum nightly
30     0      *       *       *       root       /usr/local/bin/yumcheck

Set up Mail:

# yum -y install mailx

Test:

# echo "Message Body" | mail -s "Email From MAILX" email@yourdomain.com

Other resources:
http://samdoran.com/automatic-updates-in-rhel-6-and-cent-os-6/

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.