Hi All,
As part of OS hardening process, we need to update the server to have latest patches. I have not done this before. I have used yum to install, update or remove one package at a time.
Now we need to update the server such that it has all the updated patches. From net, found that using --exclude=kernel will not update kernel. How to use yum to update patches without updating the OS versions. Current OS version is RHEL 5.5 and RHEL 5.6 is some servers.

you can't, it's the same thing. the minor releases, 5.5, vs 5.6 ARE the package updates. the numbers themselves just really relate to a re-baselining of the latest packages in the major version, just a line in the sand that's drawn when new ISO's are mastered etc. It makes no sense to talk about one without the other.

that said, it's possible to only update packages that are marked as security fixes etc. with the yum-plugin-security package installed, you can run "yum update --security" but that may or may not upgrade all manner of dependencies as part of the upgrade.

I tried in a test machine for applying security patches alone. I followed http://www.cyberciti.biz/faq/redhat-...urity-updates/. But for me it does not list any security patches, when I use this command "yum --security check-update". So does this mean that this test machine has upto date security patches.

almost certainly not. What was the actual output when you add some verbose flags to the command? does it show that the security plugin is loaded?

O/P is

[root@localhost ~]# yum --security check-update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: ftp.iitm.ac.in
* extras: ftp.iitm.ac.in
* updates: ftp.iitm.ac.in
base | 1.1 kB 00:00
extras | 2.1 kB 00:00
updates | 1.9 kB 00:00
updates/primary_db | 932 kB 00:03
Limiting package lists to security relevant ones
No packages needed, for security, 325 available


Another O/P:
[root@localhost ~]# yum list-security
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: ftp.iitm.ac.in
* extras: ftp.iitm.ac.in
* updates: ftp.iitm.ac.in
list-security done

In the tutorial you linked to the assumption is made that the machines were first upgraded to the current Update version. There is no workaround and there should be no reason to stay with Update 5 or 6. If you think there are post your compelling reasons here.

Its customers point of view, I do not have a say on it. For updating OS we need approvals. We are updating security patches alone. But certainly in near future we will be updating all the OS to the latest one

We have a OEL server. I need to update security patches. I tried with Yum


[root@server ~]# yum repolist
Loaded plugins: rhnplugin, security
This system is not registered with ULN.
ULN support will be disabled.
repolist: 0

[root@server ~]# up2date --show-channels
Your GPG keyring does not contain the Enterprise Linux public key.
Without it, you will be unable to verify that packages Update Agent downloads
are securely signed on the Unbreakable Linux Network.

Your Update Agent options specify that you want to use GPG.

To install the key, run the following as root:

Is registering with ULN a must for updating security patches. In CentOS its free hence its working. Anyway we are in the process of getting the ULN account.
rpm --import /usr/share/rhn/RPM-GPG-KEY

Oracle (OEL / Unbreakable Linux) is a paid for distro (like RHEL) so yes, you will need a paid for subscription to ULN (or equiv) to get updates (& support).