Kernel updates on CentOS Linux release 7.9.2009
Kernel updates on CentOS Linux release 7.9.2009
I've got several Centos 7 servers installed on Azure and Security Center is telling me that I've got a bunch of patches (see attached) that need to be applied, and yet when I run a yum -y update on these servers, nothing updates. All I'm getting is a list of things that look like they could be updated and then a message that says, "No packages marked for update". See below for a printout of what I'm seeing. Is this because I'm fully patched or do I need to do something to fix the patching on this server? Is there a way for me to get current on this version of CENTOS or do I need to go to 8?
#sudo yum -y update
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
epel/x86_64/metalink | 15 kB 00:00
* epel: sjc.edge.kernel.org
* remi-safe: mirror.sjc02.svwh.net
base | 3.1 kB 00:00
epel | 4.7 kB 00:00
extras | 2.5 kB 00:00
newrelic | 2.5 kB 00:00
openlogic | 2.9 kB 00:00
packages-microsoft-com-prod | 3.0 kB 00:00
remi-safe | 3.0 kB 00:00
updates | 2.6 kB 00:00
(1/11): base/7/x86_64/group_gz | 153 kB 00:00
(2/11): base/7/x86_64/primary_db | 6.1 MB 00:00
(3/11): epel/x86_64/group_gz | 96 kB 00:00
(4/11): epel/x86_64/updateinfo | 1.0 MB 00:00
(5/11): epel/x86_64/primary_db | 6.9 MB 00:00
(6/11): extras/7/x86_64/primary_db | 242 kB 00:00
(7/11): newrelic/x86_64/primary_db | 73 kB 00:00
(8/11): openlogic/7/x86_64/primary_db | 33 kB 00:00
(9/11): updates/7/x86_64/primary_db | 8.8 MB 00:00
(10/11): packages-microsoft-com-prod/primary_db | 472 kB 00:00
(11/11): remi-safe/primary_db | 2.0 MB 00:01
No packages marked for update
#sudo yum -y update
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
epel/x86_64/metalink | 15 kB 00:00
* epel: sjc.edge.kernel.org
* remi-safe: mirror.sjc02.svwh.net
base | 3.1 kB 00:00
epel | 4.7 kB 00:00
extras | 2.5 kB 00:00
newrelic | 2.5 kB 00:00
openlogic | 2.9 kB 00:00
packages-microsoft-com-prod | 3.0 kB 00:00
remi-safe | 3.0 kB 00:00
updates | 2.6 kB 00:00
(1/11): base/7/x86_64/group_gz | 153 kB 00:00
(2/11): base/7/x86_64/primary_db | 6.1 MB 00:00
(3/11): epel/x86_64/group_gz | 96 kB 00:00
(4/11): epel/x86_64/updateinfo | 1.0 MB 00:00
(5/11): epel/x86_64/primary_db | 6.9 MB 00:00
(6/11): extras/7/x86_64/primary_db | 242 kB 00:00
(7/11): newrelic/x86_64/primary_db | 73 kB 00:00
(8/11): openlogic/7/x86_64/primary_db | 33 kB 00:00
(9/11): updates/7/x86_64/primary_db | 8.8 MB 00:00
(10/11): packages-microsoft-com-prod/primary_db | 472 kB 00:00
(11/11): remi-safe/primary_db | 2.0 MB 00:01
No packages marked for update
- Attachments
-
- patches.png (8.72 KiB) Viewed 2864 times
Re: Kernel updates on CentOS Linux release 7.9.2009
What is the output from uname -a ?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Kernel updates on CentOS Linux release 7.9.2009
Linux P3-HH-Test-Web02 3.10.0-1160.31.1.el7.x86_64 #1 SMP Thu Jun 10 13:32:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Re: Kernel updates on CentOS Linux release 7.9.2009
OK, well that is the latest so I suspect the GUI software thingy is the problem not the lack of updates.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Kernel updates on CentOS Linux release 7.9.2009
So from a security perspective, there isn't a later version of the kernel that I need to worry about? If not, then I'll just disable this warning in Azure and then I'll be compliant. As long as Azure thinks I'm out of compliance my boss is all over me about this.
Re: Kernel updates on CentOS Linux release 7.9.2009
Never mind, I think I've answered my own questions. Thanks for your help. I've opened a ticket with Azure to see if we can't get to the bottom of their alerts.
Re: Kernel updates on CentOS Linux release 7.9.2009
Followup.
Was having a conversation with a coworker regarding Centos and version 7 being "supported." I assume that if Centos 7 is supported and that we are fully patched, that there shouldn't be any security concerns with our version of the kernel. He argues that Centos 7 is the equivalent of running an older version of Windows and that just because it's supported does not mean that it is secure and that we need to get to Centos 8 or Redhat in order for these servers to actually be secure. Can anybody confirm this for me?
Was having a conversation with a coworker regarding Centos and version 7 being "supported." I assume that if Centos 7 is supported and that we are fully patched, that there shouldn't be any security concerns with our version of the kernel. He argues that Centos 7 is the equivalent of running an older version of Windows and that just because it's supported does not mean that it is secure and that we need to get to Centos 8 or Redhat in order for these servers to actually be secure. Can anybody confirm this for me?
Re: Kernel updates on CentOS Linux release 7.9.2009
CentOS Linux 7 is derived from RHEL 7. Red Hat backports security fixes.
See: https://access.redhat.com/security/updates/backporting
Are there issues that Red Hat has fixed in 8, but deemed non-critical in 7 and hence left as is? Probably.
Are there new issues in 8 that 7 does not have nor ever did? Definitely.
See: https://access.redhat.com/security/updates/backporting
Are there issues that Red Hat has fixed in 8, but deemed non-critical in 7 and hence left as is? Probably.
Are there new issues in 8 that 7 does not have nor ever did? Definitely.