LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-27-2016, 10:40 PM   #1
hokie1999
Member
 
Registered: Feb 2011
Posts: 52

Rep: Reputation: 0
Smile Patch management and security


Hi, let's say we want to update Red Hat 6 packages on our servers on a private corporate network. Ansible is a good way to to this. We would have a yml file that has a line that says

yum: update=latest

and a host file with a list of servers to update.

My question is, where are these packages coming from? If it's from Red Hat, is this secure? What about satellite server - do we still need this? Is this free now -- used to be $$$.

What solutions do you have at your organizations for "patch management"?

Many thanks for your answers!
 
Old 05-28-2016, 02:04 AM   #2
Keruskerfuerst
Senior Member
 
Registered: Oct 2005
Location: Horgau, Germany
Distribution: Manjaro KDE, Win 10
Posts: 2,197

Rep: Reputation: 164Reputation: 164
The patches are build by Red Hat.
These patches are synchronized to the mirror servers.
It is a good idea to download the patches from a nearby and fast server.

It is a good idea to setup a local mirror server in your network.
This saves download volume and is faster.

Then the servers can download the patches from the local mirror server.
 
Old 05-28-2016, 05:59 AM   #3
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,325

Rep: Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760
Redhat patches are signed, a way to verify where they're coming from
 
Old 05-28-2016, 09:44 AM   #4
hokie1999
Member
 
Registered: Feb 2011
Posts: 52

Original Poster
Rep: Reputation: 0
Does Red Hat encrypt packages being sent to users? If I yum from a Red Hat repo at Red Hat, are those packages encrypted?
 
Old 05-28-2016, 10:37 AM   #5
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,325

Rep: Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760
Quote:
Originally Posted by hokie1999 View Post
Does Red Hat encrypt packages being sent to users? If I yum from a Red Hat repo at Red Hat, are those packages encrypted?
Why would they do that? Is there something secret in Redhat packages?
 
Old 05-28-2016, 11:31 AM   #6
hokie1999
Member
 
Registered: Feb 2011
Posts: 52

Original Poster
Rep: Reputation: 0
Because anything being pushed over the Internet is subject to tampering and intrusion. That's why you have a local repository of packages - security. If the push is encrypted, you're better off.

Last edited by hokie1999; 05-28-2016 at 11:39 AM.
 
Old 05-28-2016, 11:41 AM   #7
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,325

Rep: Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760
Quote:
Originally Posted by hokie1999 View Post
Because anything being pushed over the Internet is subject to tampering and intrusion. That's why you have a local repository of packages - security. If the push is encrypted, you're better off.
If you can verify the package signature, why the package should be encrypted if it doesn't contain secret data?

https://access.redhat.com/documentat...k-rpm-sig.html
 
Old 05-28-2016, 02:10 PM   #8
hokie1999
Member
 
Registered: Feb 2011
Posts: 52

Original Poster
Rep: Reputation: 0
Because not everyone verifies the package signature. Encryption / decryption eliminates that step.
 
Old 05-28-2016, 02:50 PM   #9
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,325

Rep: Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760
Isn't signature automatically checked when you install the patch? Sorry for asking but I'm not familiar with Redhat
 
Old 05-29-2016, 11:31 AM   #10
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by hokie1999 View Post
Because not everyone verifies the package signature. Encryption / decryption eliminates that step.
Quote:
Originally Posted by keefaz View Post
Isn't signature automatically checked when you install the patch?
Package Managers do.

Last edited by Habitual; 05-29-2016 at 11:32 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Patch testing - glibc with the posted patch in security thread hua Slackware 2 01-28-2015 04:29 PM
Patch management security for Redhat and Debian ER.KH Linux - Newbie 1 01-16-2015 12:11 PM
Patch Management Sathish Hemadhri Linux - Server 5 11-15-2013 06:06 AM
LXer: FreeBSD Apply Binary Security Updates and Patch management LXer Syndicated Linux News 0 08-07-2007 03:31 AM
How do i patch 2.4.21-37 kernel with antidote2 security patch suchi Linux - Kernel 4 09-05-2006 03:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration