This configuration works in CentOS 7. The current setup on Rocky Linux is here.
Full automatic actualization of critical systems is a very controversial matter. It’s an extremely complex problem, which everybody has to settle in their own environment, taking into account its specificity. If you want to do it, you can use yum-cron for this purpose. BTW – consultants of RHEL recommend this solution. This allows to forget about security updates of your systems.
The next step after configuration of SSH server and fail2ban will be the configuration of automatic updates of system.
1. install the package:
yum install yum-cron
2. edit configuration file
vi /etc/yum/yum-cron.conf
3. only the following lines:
update_cmd = security apply_updates = yes
4. start the service
systemctl start yum-cron systemctl enable yum-cron