On Wed, Apr 8, 2015 at 8:54 AM, Rafał Radecki <radecki.rafal@xxxxxxxxx> wrote:
> Hi All :)
>
> What is the best way to get a list of available security updates?
> I found several commands for that:
> 1) yum updateinfo list updates -q --security
> 2) yum list-security --security -q
> 3) yum --security check-update -q
> Based on the sample output below I think I can use any of the three with
> some awk to get a list of packages.
>
> yum updateinfo list updates -q --security
> FEDORA-EPEL-2014-0525 security libyaml-0.1.5-1.el6.x86_64
> FEDORA-EPEL-2014-0990 security libyaml-0.1.6-1.el6.x86_64
>
> yum list-security --security -q
> FEDORA-EPEL-2014-0525 security libyaml-0.1.5-1.el6.x86_64
> FEDORA-EPEL-2014-0990 security libyaml-0.1.6-1.el6.x86_64
>
> yum --security check-update -q
> libyaml.x86_64 0.1.3-4.el6_6
> updates
>
> Then I can add this to nagios or cron to get a notification about available
> security updates.
>
> Do you see any advantages/disadvantages in using one of the three choices?
There are disadvantages to anything short of keeping your system
completely up to date with available updates.
> How do you do this kind of task? What can you propose to get a notification
> about available security updates?
Most/all updates within a minor version number will be to fix
something critical. And the big batches of updates that come at the
minor version releases are only tested together. While you can
cherry-pick individual package updates to install and in theory they
should run and pull in any other updates that are really needed via
rpm dependencies, you'll end up running a mix of things that no one
else has tried together.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
