A system maintainers job is to keep everything up-to-date. Especially security updates should get installed as soon as possible.
For those lazy maintainers like me, there is
dnf-automatic which keeps the servers up to date. If you have a large
set of servers, there are more suitable solutions available, but for my case
dnf-automatic would be sufficient.
dnf install -y dnf-automatic
now we configure
dnf-automatic to automatically install security updates.
# set upgrade type to security to only install security updates, # if you'd set it to default it would install all updates. # non-security updates might need you to intervene more often, # so we keep installing them manually sed -i 's/upgrade_type = .*/upgrade_type = security/g' /etc/dnf/automatic.conf # set apply_updates to 'yes' otherwise they wouldn't get installed. sed -i 's/apply_updates = .*/apply_updates = yes/g' /etc/dnf/automatic.conf
to automatically download and install security updates in a defined interval.
Now we can just enable the systemd timer to make it work.
systemctl enable --now dnf-automatic-install.timer