LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 12-19-2012, 07:18 AM   #1
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 227

Rep: Reputation: 4
RHEL latest Patch update without updating OS version


Hi All,
As part of OS hardening process, we need to update the server to have latest patches. I have not done this before. I have used yum to install, update or remove one package at a time.
Now we need to update the server such that it has all the updated patches. From net, found that using --exclude=kernel will not update kernel. How to use yum to update patches without updating the OS versions. Current OS version is RHEL 5.5 and RHEL 5.6 is some servers.
 
Old 12-19-2012, 07:43 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
you can't, it's the same thing. the minor releases, 5.5, vs 5.6 ARE the package updates. the numbers themselves just really relate to a re-baselining of the latest packages in the major version, just a line in the sand that's drawn when new ISO's are mastered etc. It makes no sense to talk about one without the other.

that said, it's possible to only update packages that are marked as security fixes etc. with the yum-plugin-security package installed, you can run "yum update --security" but that may or may not upgrade all manner of dependencies as part of the upgrade.

Last edited by acid_kewpie; 12-19-2012 at 07:45 AM.
 
Old 12-20-2012, 06:54 AM   #3
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 227

Original Poster
Rep: Reputation: 4
I tried in a test machine for applying security patches alone. I followed http://www.cyberciti.biz/faq/redhat-...urity-updates/. But for me it does not list any security patches, when I use this command "yum --security check-update". So does this mean that this test machine has upto date security patches.
 
Old 12-20-2012, 07:14 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
almost certainly not. What was the actual output when you add some verbose flags to the command? does it show that the security plugin is loaded?
 
Old 12-20-2012, 10:05 PM   #5
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 227

Original Poster
Rep: Reputation: 4
O/P is

[root@localhost ~]# yum --security check-update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: ftp.iitm.ac.in
* extras: ftp.iitm.ac.in
* updates: ftp.iitm.ac.in
base | 1.1 kB 00:00
extras | 2.1 kB 00:00
updates | 1.9 kB 00:00
updates/primary_db | 932 kB 00:03
Limiting package lists to security relevant ones
No packages needed, for security, 325 available


Another O/P:
[root@localhost ~]# yum list-security
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: ftp.iitm.ac.in
* extras: ftp.iitm.ac.in
* updates: ftp.iitm.ac.in
list-security done

Last edited by Iyyappan; 12-20-2012 at 10:07 PM.
 
Old 12-22-2012, 07:29 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785
Quote:
Originally Posted by Iyyappan View Post
Current OS version is RHEL 5.5 and RHEL 5.6 is some servers. (..) for me it does not list any security patches, (..) So does this mean that this test machine has upto date security patches.
In the tutorial you linked to the assumption is made that the machines were first upgraded to the current Update version. There is no workaround and there should be no reason to stay with Update 5 or 6. If you think there are post your compelling reasons here.
 
Old 12-27-2012, 05:23 AM   #7
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 227

Original Poster
Rep: Reputation: 4
Its customers point of view, I do not have a say on it. For updating OS we need approvals. We are updating security patches alone. But certainly in near future we will be updating all the OS to the latest one

Last edited by Iyyappan; 12-27-2012 at 05:38 AM.
 
Old 12-27-2012, 07:22 AM   #8
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 227

Original Poster
Rep: Reputation: 4
We have a OEL server. I need to update security patches. I tried with Yum


[root@server ~]# yum repolist
Loaded plugins: rhnplugin, security
This system is not registered with ULN.
ULN support will be disabled.
repolist: 0

[root@server ~]# up2date --show-channels
Your GPG keyring does not contain the Enterprise Linux public key.
Without it, you will be unable to verify that packages Update Agent downloads
are securely signed on the Unbreakable Linux Network.

Your Update Agent options specify that you want to use GPG.

To install the key, run the following as root:

Is registering with ULN a must for updating security patches. In CentOS its free hence its working. Anyway we are in the process of getting the ULN account.
rpm --import /usr/share/rhn/RPM-GPG-KEY
 
Old 01-03-2013, 07:20 PM   #9
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,261

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Oracle (OEL / Unbreakable Linux) is a paid for distro (like RHEL) so yes, you will need a paid for subscription to ULN (or equiv) to get updates (& support).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Updating to latest RSync version in Slackware MaizeNBlueJ Linux - Software 5 10-13-2011 03:40 PM
latest update patch created wifi connection problems mel1000 Linux - Newbie 1 04-17-2009 10:57 AM
updating RHEL AS4 update 1 to update 5 via CDs? icemaker Linux - Software 1 06-09-2007 06:29 PM
Problem updating to the latest version of XFCE Shagrath239 Slackware 5 02-10-2005 12:25 PM
Latest version of RHEL? Cheeseboy Red Hat 1 11-24-2004 08:42 AM


All times are GMT -5. The time now is 03:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration