Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can someone please tell me how to verify that yum repo's are getting updated lists? The results of running 'yum update' keep getting shorter and shorter, with some servers not getting pinged for any updates at all. Out of 20 RHEL servers, only 6 came back as needing updates installed (checked monthly).
The repositories have many many packages but what YOU get in "yum update" are only those packages that are relevant for what you have installed before the update. That is to say if you do not have for example BIND installed then a yum update won't install any BIND updates even if there are a dozen of them and you really don't want it to do so.
Last edited by MensaWater; 09-11-2012 at 01:24 PM.
The repositories have many many packages but what YOU get in "yum update" are only those packages that are relevant for what you have installed before the update. That is to say if you do not have BIND installed then a yum update won't install any BIND updates even if there are a dozen of them and you really don't want it to do so.
That makes sense. So when you run 'yum update' does it check a local list on the machine, or does it reach out to the repo's on the Internet, where it would download them from? We got a security warning the other day from our Customer about needing to upgrade httpd to 4.4. When I checked we only had 2.2 installed and running 'yum update' returned a 'No Packages marked for update'. That made me wonder if other packages were not being update and prompted this post. Your point above makes sense, but apparently 'yum update' isn't updating everything, because httpd was already installed but not marked for update
We got a security warning the other day from our Customer about needing to upgrade httpd to 4.4. When I checked we only had 2.2 installed and running 'yum update' returned a 'No Packages marked for update'. That made me wonder if other packages were not being update and prompted this post. Your point above makes sense, but apparently 'yum update' isn't updating everything, because httpd was already installed but not marked for update
Have you checked online if your distribution and installed repositories actually provide httpd 4.4? Some of them do not necessarily have all the fancy new versions included but focus on stability. If your installation features httpd2.2 it might well be the case there was no need to fix a bug in httpd4.4.
I don't know about this httpd4.4 case, but I remember there were some security advises out there a while ago about cups, but e.g. RHEL just did not provide fixes/patches for these issues. In such a case you have two options: Stay with what's provided by your distro and trust the distro maintainer or install the patched/fixed version from another repo or compile it yourself. It always depends how critical your application is and where your focus is.
The way RedHat does it is to use a certain base package (e.g. httpd 2.2) then to modify that base with bug and security fixes and put their own versioning on the result. Often these bug and security fixes are backported from higher base versions.
For example:
httpd-2.2.3-22.el5_3.2
Is based on upstream version 2.2.3 of httpd. RedHat then has modified this for RHEL5 (as noted by the el5) and everything after the 2.2.3- relates to RedHat's version. You could then check your version at RedHat's site to see exactly what bug and security fixes they may have incorporated into it. It may in fact have backported security fixes from httpd-4.x in it (but only if they're relevant to the 2.2.3 base).
Generally speaking scanning tools do NOT pay attention to RedHat's extended versioning so will often falsely report you are vulnerable even though you have the latest security and bug fixes. Usually it is best to simply modify things like httpd and php that get scanned so they do NOT report a version at all. It saves you much grief in the long run as you don't have to keep explaining that you ARE patched correctly.
Have you checked online if your distribution and installed repositories actually provide httpd 4.4? Some of them do not necessarily have all the fancy new versions included but focus on stability. If your installation features httpd2.2 it might well be the case there was no need to fix a bug in httpd4.4.
The RHEL5 repositories won't have httpd 4.4 for the reasons noted in the post above. However, this does not mean a vulnerable version of httpd is being run again for the reasons noted above.
I'd also query 'httpd 4.4'; exactly which httpd server is this supposed to be?
The default one on RHEL is Apache and they're only up to 2.4.3 https://httpd.apache.org/
I'd also query 'httpd 4.4'; exactly which httpd server is this supposed to be?
The default one on RHEL is Apache and they're only up to 2.4.3 https://httpd.apache.org/
But RHEL5 is NOT up to 2.4.3 as explained above. They only up to 2.2.3 (base). Typically RHEL doesn't change base versions until they change the RHEL major version. (For example RHEL6 uses a base of 2.2.15.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.