Manually Upgrading Nanitor Server on RHEL 9 / Rocky Linux 9

This guide covers how to perform a manual upgrade of the Nanitor Server package on a RHEL 9-compatible system (Rocky Linux 9, AlmaLinux 9, etc.) and, optionally, how to configure automatic weekly upgrades using systemd timers.

Prerequisites

• Root or sudo access on the target server
• Network access to yum.nanitor.com
• A current Nanitor Server installation (RPM-based)
• Package manager: dnf (or yum, which is aliased to dnf on RHEL 9)

Part 1: Manual Upgrade

Step 1 — Import the Nanitor GPG Key

Before installing or upgrading, ensure the Nanitor package signing key is trusted by RPM:

rpm --import https://yum.nanitor.com/RPM-GPG-KEY-nanitor

Step 2 — Install or Refresh the Nanitor Repository File

Download the repository definition into the standard yum repos directory:

curl -so /etc/yum.repos.d/nanitor-server.repo \
  https://yum.nanitor.com/nanitor-server/rhel-9-x86_64/nanitor-server.repo

This ensures your system points to the correct Nanitor package repository for RHEL 9 on x86_64.

Step 3 — Check for Available Updates

Run a dry check to see whether a newer version of the nanitor-server package is available:

dnf check-update nanitor-server

If a newer version is listed, proceed to the next step.

Step 4 — Upgrade the Nanitor Server Package

Apply the upgrade:

dnf -y upgrade nanitor-server

During the upgrade, the RPM post-install scriptlet will automatically run a database migration if one is required. You will see output similar to:

Migrating database - please wait
Finished the migrating database task.

No manual migration step is needed.

Step 5 — Verify the Upgrade

Confirm the installed version:

rpm -q nanitor-server

You can also run a general update check to confirm nothing else is pending for the Nanitor package:

dnf -y upgrade nanitor-server

If the system reports "Nothing to do," the upgrade completed successfully.

Part 2: Automated Weekly Upgrades (Optional)

If you want the Nanitor Server package to upgrade itself automatically on a recurring schedule, you can set up a dedicated systemd timer. The example below runs every Sunday at 03:00 UTC.

Create the Service Unit

Create the file /etc/systemd/system/dnf-nanitor-server-update.service:

[Unit]
Description=Update nanitor-server package

[Service]
Type=oneshot
ExecStart=/usr/bin/dnf -y upgrade nanitor-server

Create the Timer Unit

Create the file /etc/systemd/system/dnf-nanitor-server-update.timer:

[Unit]
Description=Run nanitor-server upgrade every Sunday

[Timer]
OnCalendar=Sun *-*-* 03:00:00
Persistent=true

[Install]
WantedBy=timers.target

The Persistent=true directive ensures that if the server was powered off during the scheduled time, the upgrade will run at the next boot.

Enable and Start the Timer

systemctl daemon-reload
systemctl enable --now dnf-nanitor-server-update.timer

Verify the Timer Is Active

systemctl list-timers | grep dnf-nanitor

You should see the timer listed with its next scheduled run time.

Test It Manually

To trigger the upgrade service immediately (outside the schedule):

systemctl start dnf-nanitor-server-update.service

Review the output in the journal:

journalctl -u dnf-nanitor-server-update.service -n 50 --no-pager

See Also

For automating broader OS security updates (independent of Nanitor), see Automating OS Security Updates on RHEL 9 / Rocky Linux 9.

Verification Commands (Quick Reference)

Important Notes