Centos system update best pratice

Support for webhosts that use CentOS
Post Reply
mxc4
Posts: 11
Joined: 2006/05/15 19:25:30
Contact:

Centos system update best pratice

Post by mxc4 » 2007/05/06 16:46:00

Hi all,

I would like to know the best practice for keeping your centos system up-to-date for security and bug patches etc. What I would like to know is the following

1. Under /etc/cron.daily there is a yum.cron job. Reading this command file it seems that the yum update should be run daily. However if I run "yum update" manually there are always packages to update. I usually only run it when upgrading our hosting panel which is very infrequent. Surely, if the system is updating itself, there should be no packages to install? Other than the odd one which was just released and the cron job has not run yet.

2. When doing a system update is it necessary to start and stop upgraded services? How do I know if I need to reboot? I assume you only need to reboot for kernel updates and the rest can be just stopping and starting services?

3.Are the yum updates security, bug updates only? My understanding that the version of the software installed is fixed and only bug fixes and security updates are patched. Similar to debian.

4.How safe are the yum updates? Do I need to worry before pushing "y"? My experience says no but would like to know others experiences.

5. If /etc/cron.daily is not run by cron daily what is the recommended schedule for running yum update. Especially for security patches.

thanks

Mark

foxb
Posts: 1927
Joined: 2006/04/20 19:03:33
Location: Montreal/QC

Centos system update best pratice

Post by foxb » 2007/05/06 20:49:10

[quote]
mxc4 wrote:
Hi all,

I would like to know the best practice for keeping your centos system up-to-date for security and bug patches etc. What I would like to know is the following

1. Under /etc/cron.daily there is a yum.cron job. Reading this command file it seems that the yum update should be run daily. However if I run "yum update" manually there are always packages to update. I usually only run it when upgrading our hosting panel which is very infrequent. Surely, if the system is updating itself, there should be no packages to install? Other than the odd one which was just released and the cron job has not run yet.
[/quote]
You need to enable daily yum update and it will run every day. So it is still possible to have some packages to update until next run.
[quote]

2. When doing a system update is it necessary to start and stop upgraded services? How do I know if I need to reboot? I assume you only need to reboot for kernel updates and the rest can be just stopping and starting services?
[/quote]
Usually it is not necessary to restart services, but it wont hurt, at least you can check log right away.
Reboot is needed only when kernel is updated
[quote]
3.Are the yum updates security, bug updates only? My understanding that the version of the software installed is fixed and only bug fixes and security updates are patched. Similar to debian.
[/quote]
Short answer yes.

Long one it depends.
[quote]
4.How safe are the yum updates? Do I need to worry before pushing "y"? My experience says no but would like to know others experiences.
[/quote]
If you know what you are doing yes, but sometimes you need to edit .conf files due version changes.
At least for CentOS Updates repo.
[quote]
5. If /etc/cron.daily is not run by cron daily what is the recommended schedule for running yum update. Especially for security patches.

thanks

Mark[/quote]

Maybe you want to subscribe to announces mailing list.

Post Reply

Return to “CentOS 4 - Webhosting Support”