A simple script to patch a Linux server

Want to patch your system with a simple script?  I made a very, very, very, very simple Bash script that can be thrown into cron (I have mine set to run monthly), which will just download and install any available updates from yum.  If any kernel packages were installed, the script will reboot the server to get those kernel packages applied:


# Just yum updates

yum clean all
yum -y update

# Reboot if we get a kernel installed
if grep "$(date '+%b %d')" /var/log/yum.log | grep -E "(Installed|Updated): kernel-([0-9].+|headers)"; then
logger "Kernel updated, server rebooted"
shutdown -r now

So much more can be put into this, but for just updating any packages that are available and rebooting the server when kernel packages are installed, it works.

The script works on CentOS 7 and should work on older releases of this distro.  I haven’t tested the script on Debian/Ubuntu, but I assume it would work on those distros as well.