how to install security patches in Centos

[miyappan]

Hi team,

how to install security patches in Centos. is there any ftp location available for downloading security patches.through yum server i want to install security patches on 100 machines. kindly suggest me on the same and share me the .rpm download link.

[TrevorH]

Just run yum update on a regular basis and you will automatically get security updates.

If you are referring to the ability to run e.g. yum --security update then you are out of luck as CentOS does not supply the necessary data in the yum repositories to allow the yum -plugin-security plugin to work at all. It does not work.

[miyappan]

is their any .rpm package available for offline installation.

[mghe]

is their any .rpm package available for offline installation.

If you want to install offline, you have to made local repo:

https://wiki.centos.org/HowTos/CreateLocalMirror

https://wiki.centos.org/HowTos/CreateLocalRepos

[miyappan]

i have created yum repo in my server. can you please tell me how to download security patches in locally.

ex : http://ftp.redhat.com/pub/redhat/linux/ ... /os/SRPMS/

[shankardeo]

Hi miyappan,

To check & update the security patches in Centos run the below command but internet connection is required.

# yum updateinfo list security all [To check the available all security updatesl ]

#yum updateinfo list serurity installed [To check the installed security patches ]

# yum -y update --security [ To installed all available security patches ]

# yum update-minimal --security -y [To only install the packages that have a security errata use]

# man yum-security [For more commands consult the manual pages of yum-security with]

Note : you will be able to run these commands with yum "updateinfo" when you have installed "yum install yum-plugin-security" on centOS 6.

If it is already installed check with rpm command

#rpm -qa |grep 'yum-plugin-security'

if it is already there you can install & check the security updates.

enjoy

[stevemowbray]

This is incorrect. As Trevor said above yum-plugin-security will not work on CentOS.

[shankardeo]

Hi stevemowbray,

I am already using CentOS 6.8 and the above mentioned all commands are working, Please install the mentioned package & check first. I hope this will work for sure.

[TrevorH]

Shankardeo: just because they do not fail does not mean they do anything useful. The necessary metadata needed for yum-plugin-security to function - i.e. to know what patches fix what - is missing entirely from the CentOS supplied yum repos. This renders yum-plugin-security a noop and if you use yum update --security then it will always tell you that nothing from CentOS needs an update thus giving you a false sense of security as the reason it doesn't is because it lacks the knowledge to know that such-and-such a patch is a security update.

The EPEL yum repo does have this metadata and yum-plugin-security will work for those packages but it will not do anything for the 6700 packages in base or the 500 packages in the updates repo.