Hi everybody,
I have a question about patching Centos (7) servers. How do you decide which patches to apply to the machine? Is there some tool which can help you determine which updates are relevant? Also, there are servers which are e.g connected to the internet vs those which are behind a firewall and are not exposed to any untrusted networks. Is it ok not to patch, or to patch such "internal" servers just with security updates?
I have seen several threads with similar topics, but they all deal more with "how to perform an update" rather than "how to select which updates to apply"?
Of course, the strategy would be to test the updates on test servers first - but I doubt even there you should "update all"... We are using a "minimal" install of Centos and would like it to stay as "minimal" as possible...
What do you think?