Kernel updates on CentOS Linux release 7.9.2009

General support questions
Post Reply
mraymus
Posts: 5
Joined: 2021/07/14 20:44:14

Kernel updates on CentOS Linux release 7.9.2009

Post by mraymus » 2021/07/14 20:53:56

I've got several Centos 7 servers installed on Azure and Security Center is telling me that I've got a bunch of patches (see attached) that need to be applied, and yet when I run a yum -y update on these servers, nothing updates. All I'm getting is a list of things that look like they could be updated and then a message that says, "No packages marked for update". See below for a printout of what I'm seeing. Is this because I'm fully patched or do I need to do something to fix the patching on this server? Is there a way for me to get current on this version of CENTOS or do I need to go to 8?

#sudo yum -y update
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
epel/x86_64/metalink | 15 kB 00:00
* epel: sjc.edge.kernel.org
* remi-safe: mirror.sjc02.svwh.net
base | 3.1 kB 00:00
epel | 4.7 kB 00:00
extras | 2.5 kB 00:00
newrelic | 2.5 kB 00:00
openlogic | 2.9 kB 00:00
packages-microsoft-com-prod | 3.0 kB 00:00
remi-safe | 3.0 kB 00:00
updates | 2.6 kB 00:00
(1/11): base/7/x86_64/group_gz | 153 kB 00:00
(2/11): base/7/x86_64/primary_db | 6.1 MB 00:00
(3/11): epel/x86_64/group_gz | 96 kB 00:00
(4/11): epel/x86_64/updateinfo | 1.0 MB 00:00
(5/11): epel/x86_64/primary_db | 6.9 MB 00:00
(6/11): extras/7/x86_64/primary_db | 242 kB 00:00
(7/11): newrelic/x86_64/primary_db | 73 kB 00:00
(8/11): openlogic/7/x86_64/primary_db | 33 kB 00:00
(9/11): updates/7/x86_64/primary_db | 8.8 MB 00:00
(10/11): packages-microsoft-com-prod/primary_db | 472 kB 00:00
(11/11): remi-safe/primary_db | 2.0 MB 00:01
No packages marked for update
Attachments
patches.png
patches.png (8.72 KiB) Viewed 2763 times

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel updates on CentOS Linux release 7.9.2009

Post by TrevorH » 2021/07/14 22:35:09

What is the output from uname -a ?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mraymus
Posts: 5
Joined: 2021/07/14 20:44:14

Re: Kernel updates on CentOS Linux release 7.9.2009

Post by mraymus » 2021/07/14 23:23:26

Linux P3-HH-Test-Web02 3.10.0-1160.31.1.el7.x86_64 #1 SMP Thu Jun 10 13:32:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel updates on CentOS Linux release 7.9.2009

Post by TrevorH » 2021/07/14 23:43:00

OK, well that is the latest so I suspect the GUI software thingy is the problem not the lack of updates.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mraymus
Posts: 5
Joined: 2021/07/14 20:44:14

Re: Kernel updates on CentOS Linux release 7.9.2009

Post by mraymus » 2021/07/15 00:05:49

So from a security perspective, there isn't a later version of the kernel that I need to worry about? If not, then I'll just disable this warning in Azure and then I'll be compliant. As long as Azure thinks I'm out of compliance my boss is all over me about this.

mraymus
Posts: 5
Joined: 2021/07/14 20:44:14

Re: Kernel updates on CentOS Linux release 7.9.2009

Post by mraymus » 2021/07/15 00:39:25

Never mind, I think I've answered my own questions. Thanks for your help. I've opened a ticket with Azure to see if we can't get to the bottom of their alerts.

mraymus
Posts: 5
Joined: 2021/07/14 20:44:14

Re: Kernel updates on CentOS Linux release 7.9.2009

Post by mraymus » 2021/07/16 19:27:15

Followup.

Was having a conversation with a coworker regarding Centos and version 7 being "supported." I assume that if Centos 7 is supported and that we are fully patched, that there shouldn't be any security concerns with our version of the kernel. He argues that Centos 7 is the equivalent of running an older version of Windows and that just because it's supported does not mean that it is secure and that we need to get to Centos 8 or Redhat in order for these servers to actually be secure. Can anybody confirm this for me?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Kernel updates on CentOS Linux release 7.9.2009

Post by jlehtone » 2021/07/16 20:58:54

CentOS Linux 7 is derived from RHEL 7. Red Hat backports security fixes.
See: https://access.redhat.com/security/updates/backporting

Are there issues that Red Hat has fixed in 8, but deemed non-critical in 7 and hence left as is? Probably.

Are there new issues in 8 that 7 does not have nor ever did? Definitely.

Post Reply