Re: Apply security updates offline on Red Hat Enterprise Linux release 8.7 (Ootpa) in Production environment

[Mike Burger <mburger@xxxxxxxxxxxxxxxxx>]

Have you considered setting up a Spacewalk (free) or Satellite 
(licensed) server, in your envinronment?

This way, you could use it as an internet connected, central repository 
to pull in all of the patches, and then your internal systems could pull 
and apply their patches from this internal repository instead of 
reaching out, directly, to Red Hat's servers over the internet.

On 2023-09-11 06:04, Kaushal Shriyan wrote:
> Hi,
>
> Further to the earlier email, is there a way to list security related
> vulnerabilities for production environment offline systems which are 
> not
> connected to the Internet?
>
>
> On Sun, Sep 10, 2023 at 8:09 AM Kaushal Shriyan 
> <kaushalshriyan@xxxxxxxxx>
> wrote:
>
> > On Sun, Sep 10, 2023 at 12:58 AM Matty Sarro <msarro@xxxxxxxxx> wrote:
> >
> > > There is a plugin for yum called "downloadonly". I think 8 has it by
> > > default.
> > >
> > > You should be able to go on to a like system and run "yum update
> > > --downloadonly --downloaddir=/path/to/directory" which will download 
> > > all
> > > of
> > > the packages into /path/to directory.
> > >
> > > Then you can copy the packages to the target system in a given 
> > > directory.
> > > Then to install navigate to the directory and run "yum local install
> > > *.rpm"
> > > and it'll update.
> > >
> > > -Matty
> > >
> > > On Sat, Sep 9, 2023, 12:49 PM Kaushal Shriyan 
> > > <kaushalshriyan@xxxxxxxxx>
> > > wrote:
> > Hi Matty,
> >
> > Thanks for your response. I have run the below command. What I have
> > observed is that it is updating all the packages.
> >
> > #yum update --downloadonly --downloaddir=/root/rhel8securityupdates
> >
> > Output of above command -> https://termbin.com/tcqrh
> >
> > Is there a way to update only the security patches as per the below
> > command output?
> >
> > yum list-security --security
> > > yum -y update --security
> >
> >
> > Please guide me. Thanks in Advance.
> >
> > Best Regards,
> >
> > Kaushal
>
> Hi,
>
> Further to the earlier email, is there a way to list security related
> vulnerabilities for production environments in offline mode which are 
> not
> connected to the Internet?
>
> Best Regards,
>
> Kaushal

--
https://poplme.co/hash/lqQkxj0F/1/es

"It's always suicide-mission this, save-the-planet that. No one ever 
just
stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list