
Automatic System Updates with Plesk and Centos
In this guide we’ll talk about hot to schedule automatic updates with Plesk and CentOS. This guide can be used for updates to various different platforms and is not limited to CentOS or Plesk. There are some specific exclusions that need to be included for Plesk so that we don’t break things.
Preface
System updates are very important and it’s crucial that you keep your Linux system up-to-date at all times. Knowing when and how to update the system so that it doesn’t break things is also important. We’ll go through how to setup yum-cron to automatically provide updates and we’ll go over some common exclusions for Plesk to prevent updates that may create problems.
Is it safe to update system packages using an operating system package manager
Yes, it is safe, and moreover, we recommend using package managers (for example, “yum” on RedHat-based systems, or “apt-get” on Debian-based systems) to keep the system up-to-date.
Install Yum-Cron or unattended-upgrades
The first thing we need to do is install yum-cron for RedHat variants or unattended-upgrades for Debian variants. It’s fairly simple and only requires one command.
On RedHat Variants (Including CentOS) run:
yum install yum-cron
On Debian Variants run:
apt-get install unattended-upgrades bsd-mailx
With Debian Variants you need to install bsd-mailx along with the unattended upgrades if you want to receive email notifications.
Configure the Service (RedHat)
Edit the configuration file by running the following command:
nano /etc/sysconfig/yum-cron
Once in the config file edit whichever lines you want. The config file has great support documentation included. By default we leave this file as it is. Modification of the YUM_PARAMETER and MAILTO are the only couple things that we ever modify.
Once you have saved the configuration file run the following to start the service:
/etc/init.d/yum-cron start
After a day or so you should be able to see activity in the yum log which you can check by running the following command:
tail -f /var/log/yum.log
Configure the Service (Debian)
Edit the configuration file by running the following command:
nano /etc/apt/apt.conf.d/50unattended-upgrades
Once in the config file edit whichever lines you want. The config file has great support documentation included. The only thing we modify here is the email notification by removing the comment out “//” and putting the email address for notifications into the line.
After a day or so check the logs to make sure things are running by issuing the following command:
tail -f /var/log/unattended-upgrades/unattended-upgrades.log
Plesk specific settings for CentOS
If Plesk is installed inside a container, the kernel updates are not necessary — the kernel should be upgraded from the Hardware Node. If Plesk is installed on a hardware server, the kernel updates are recommended if there are only vendor’s repositories configured. Otherwise, if the custom repositories provide new kernels, it is better to have the kernel manually updated from the vendor’s repository. The reason is simple: major troubles are caused by kernels with GRSecurity patches applied. Plesk is not designed for working with such configurations.
To ensure that these aren’t upgrade edit the yum-cron configuration file and change the YUM_PARAMETER to the following:
YUM_PARAMETER="-x kernel* -x sendmail* -x bind-chroot* -x caching-nameserver*"
If you would like to exclude php and mod_sec as we do you would change the parameter to the following:
YUM_PARAMETER="-x kernel* -x php* -x sendmail* -x bind-chroot* -x caching-nameserver* -x mod_security*"
As an added precaution we also recommend editing the yum.conf file by issuing the following:
nano /etc/yum.conf
And modifying the exclude line to include whichever you wish to exclude like so:
exclude=kernel* sendmail bind-chroot caching-nameserver centos-yumconf
Conclusion
Once you have everything setup Automatic System Updates with Plesk and Centos should be working like a charm!
From all of us at WireFlare we ask that you help others find the answers they are looking for. Please leave a comment or share this post!
About Todd

I'm the President of WireFlare. I have a passion for creativity, online business and internet security. I strive to create a community that empowers people to be themselves. I'm an adventurist, fun loving and caring. Find me hiking in places most people don't dare to go!