Get the most out of your Centmin Mod LEMP stack
Become a Member

Automatic nightly YUM updates with yum-cron for CentOS 7 Only

Discussion in 'System Administration' started by eva2000, Sep 28, 2014.

  1. MaximilianKohler

    MaximilianKohler Member

    189
    5
    18
    Jun 23, 2023
    Ratings:
    +25
    Local Time:
    11:19 AM
    I had mine set to "stdio" and when I got my server host (Hetzner) to open my SMTP ports, I started getting spammed with hundreds (now over 1000) of email notifications. Subject:
    How do I stop this? It looks like it went back and sent all existing entries. It's not just sending me new ones.

    I also noticed that when I type "mutt", there's only 50 entries and they're all from June 28.

    I commented out the lines under "email" (they had my email in "email_to =") but that didn't seem to work.

    I tried to find other files that may have my email address using:
    Code:
    grep -rinw "admin@mydomain.com"
    but that doesn't work for just "/". You have to specify other folders at least.'

    EDIT: Oh, wow, they were coming from my test server too...

     
    Last edited: Dec 3, 2023
  2. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    5:19 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Those are related to CSF Firewall LFD daemon and not related to yum auto updates.

    From /etc/csf/csf.conf settings config for those specific lfd emails are related to LF_EMAIL_ALERT and LF_TEMP_EMAIL_ALERT - both set to 1 = enabled. You can set to 0 to disable and restart CSF via command
    Code (Text):
    csf -ra

    from CSF Firewall config file grep filter for *_ALERT = variable settings
    Code (Text):
    grep -B1 -i '_ALERT = "' /etc/csf/csf.conf
    # reported log file for the reason for the flooding
    LOGFLOOD_ALERT = "0"
    --
    LF_PERMBLOCK_COUNT = "4"
    LF_PERMBLOCK_ALERT = "1"
    --
    LF_NETBLOCK_CLASS = "C"
    LF_NETBLOCK_ALERT = "1"
    --
    # Send an email alert if an IP address is blocked by one of the [*] triggers
    LF_EMAIL_ALERT = "1"
    --
    # Note: LF_EMAIL_ALERT must still be enabled to get permanent block emails
    LF_TEMP_EMAIL_ALERT = "1"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    LF_SSH_EMAIL_ALERT = "1"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    LF_SU_EMAIL_ALERT = "1"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    LF_SUDO_EMAIL_ALERT = "0"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    LF_WEBMIN_EMAIL_ALERT = "1"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    LF_CONSOLE_EMAIL_ALERT = "1"
    --
    # file to report in gigabytes, e.g. set to 5 for 5GB
    LF_MODSECIPDB_ALERT = "0"
    --
    # Send an email alert if LF_DISTFTP is triggered
    LF_DISTFTP_ALERT = "1"
    --
    # Send an email alert if LF_DISTSMTP is triggered
    LF_DISTSMTP_ALERT = "1"
    --
    # per IP
    LT_EMAIL_ALERT = "1"
    --
    # Send an email alert if an IP address is blocked due to connection tracking
    CT_EMAIL_ALERT = "1"
    --
    # this option to 0
    PT_USERKILL_ALERT = "1"
    --
    # "0" to disable them
    PS_EMAIL_ALERT = "1"
    --
    # 3 = enable this feature only for the root account
    AT_ALERT = "2"
    --
    # 0 = disabled
    UI_ALERT = "4"
    --
    # Set to "0" to disable
    RECAPTCHA_ALERT = "1"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    PORTKNOCKING_ALERT = "0"
    

    The Centmin Mod official Getting started guide step 18 outlines how you can handle root@ destined emails https://centminmod.com/getstarted.html. I usually just follow that guide and have such emails directed to a separate email address that is filtered and labelled in Gmail to organise emails and be able to track security related CSF Firewall and system emails.
     
  3. MaximilianKohler

    MaximilianKohler Member

    189
    5
    18
    Jun 23, 2023
    Ratings:
    +25
    Local Time:
    11:19 AM
    Ah, thank you. Do you really think it's useful to get those emails? Especially by default? What do you even do with them? Surely you're not looking through hundreds of "firewall blocked IP" emails a day? There's no option to turn them all off except by blocking the port (25?) in the firewall, or editing all the individual settings manually?
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    5:19 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Just turn them all off by using sed replace - read up on grep, sed linux commands

    filter grep match for EMAIL_ALERT = "1"
    Code (Text):
    grep 'EMAIL_ALERT = "1"' /etc/csf/csf.conf
    

    will list all enabled alerts
    Code (Text):
    grep 'EMAIL_ALERT = "1"' /etc/csf/csf.conf
    LF_EMAIL_ALERT = "1"
    LF_TEMP_EMAIL_ALERT = "1"
    LF_SSH_EMAIL_ALERT = "1"
    LF_SU_EMAIL_ALERT = "1"
    LF_WEBMIN_EMAIL_ALERT = "1"
    LF_CONSOLE_EMAIL_ALERT = "1"
    LT_EMAIL_ALERT = "1"
    CT_EMAIL_ALERT = "1"
    PS_EMAIL_ALERT = "1"
    

    backup CSF Firewall config with backup named = b4emailoff
    Code (Text):
    csf --profile backup b4emailoff
    

    check CSF backup file name
    Code (Text):
    csf --profile list | grep b4emailoff
    1701602078_b4emailoff (Sun Dec  3 05:14:38 2023)
    

    sed replace all from "1" to "0"
    Code (Text):
    sed -i -E 's/(LF|LT|CT|PS|LF_TEMP|LF_SSH|LF_SU|LF_WEBMIN|LF_CONSOLE)_EMAIL_ALERT = "1"/\1_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
    

    verify with grep
    Code (Text):
    grep 'EMAIL_ALERT = "0"' /etc/csf/csf.conf
    LF_EMAIL_ALERT = "0"
    LF_TEMP_EMAIL_ALERT = "0"
    LF_SSH_EMAIL_ALERT = "0"
    LF_SU_EMAIL_ALERT = "0"
    LF_SUDO_EMAIL_ALERT = "0"
    LF_WEBMIN_EMAIL_ALERT = "0"
    LF_CONSOLE_EMAIL_ALERT = "0"
    LT_EMAIL_ALERT = "0"
    CT_EMAIL_ALERT = "0"
    PS_EMAIL_ALERT = "0"
    

    restart CSF Firewall
    Code (Text):
    csf -ra

    If i need to restore from backup
    Code (Text):
    csf --profile restore 1701602078_b4emailoff
    Restoring backup...
    '/var/lib/csf/backup/1701602078_b4emailoff' -> '/etc/csf/csf.conf'
    You should now restart csf and then lfd
    

    restart CSF Firewall
    Code (Text):
    csf -ra


    But turning them all off, prevents you from understanding the state of your CSF Firewall operations. Though you could get some overview via cminfo netstat command still https://community.centminmod.com/threads/cminfo-command-explained.11399/#post-64104 at https://community.centminmod.com/threads/update-cminfo-command-with-netstat-flag-option.14468/
     
  5. MaximilianKohler

    MaximilianKohler Member

    189
    5
    18
    Jun 23, 2023
    Ratings:
    +25
    Local Time:
    11:19 AM
    From some troubleshooting in another thread:
    Code:
    "email_from = root@localhost"
    Should be changed to:
    Code:
    "email_from = root@hostname"
    In order to pass SPF. You replace "hostname" with your actual hostname.

    Code:
    system_name = 
    You can set system_name to anything you want, and it gets put in the email subject lines. It can have spaces. Eg: "server name daily updates"

    Ideally, this info would be added to the OP.
     
  6. runos

    runos Member

    57
    17
    8
    Dec 17, 2019
    Ratings:
    +22
    Local Time:
    3:19 AM
    1.17.6
    10
    Hi! How do I get this working for AlmaLinux 8 with Centmin Mod Menu 140.00beta01?

    yum -y install yum-cron
    Last metadata expiration check: 0:05:04 ago on Thu 04 Jul 2024 10:15:50 PM UTC.
    No match for argument: yum-cron
    Error: Unable to find a match: yum-cron
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    5:19 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Google for AlmaLinux/Rocky Linux automatic updates using dnf-automatic https://ostechnix.com/apply-updates-automatically-with-dnf-automatic/

    Rocky Linux also has a guide which would be the same for AlmaLinux Patching with dnf-automatic - Documentation

    Code (Text):
    yum -y install dnf-automatic
    sed -i 's|apply_updates = no|apply_updates = yes|' /etc/dnf/automatic.conf
    systemctl enable --now dnf-automatic.timer
    systemctl status dnf-automatic.timer --no-pager
    

    Then edit config file /etc/dnf/automatic.conf for how you want to be notified in emitters and email sections though email might not work if web host blocks port 25
     
  8. MaximilianKohler

    MaximilianKohler Member

    189
    5
    18
    Jun 23, 2023
    Ratings:
    +25
    Local Time:
    11:19 AM
    Hmm, this page says yum-cron works for Almalinux 9 (with a modified command), but your link implies it doesn't.
     
  9. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    5:19 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    I'd use dnf-automatic