Confirming no harm done

General support questions
Post Reply
compneurodev
Posts: 3
Joined: 2020/02/06 17:46:11

Confirming no harm done

Post by compneurodev » 2020/02/06 18:23:14

I ran "sudo yum -y update" on a shared server (centos 6.5) without understanding it would update sw and not only indexes. I was told the update command failed because of outdated repository mirrors. The link below has the command output and I want to confirm that no updates happened and the updates will not happen if the server is rebooted, right? Thanks!
Here is a copy of the terminal output: https://pastebin.com/v92YUJbT (text file was too big for attachment in this forum).
Last edited by compneurodev on 2020/02/07 01:12:13, edited 1 time in total.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Confirming no harm done

Post by TrevorH » 2020/02/06 23:45:31

Your text file failed to post but by the sounds of it, unfortunately, it sounds as though it did not work. You really do need to update that box and sooner rather than later. CentOS 6.5 is from late 2013 so is now 7 whole years out of date. In that time there have been more security vulnerabilities than I can count that were judged to be so important that they deserved their own name and website. Your current server can be trivially compromised by anyone that cares to try. So you do indeed absolutely need to get yum update to work so I would suggest running yum clean all first to clean out all the old stale metadata and then the update should work.

The only supported version of CentOS 6 is the current one: 6.10. And even that only has until the end of November before it goes out of support entirely. You also need to start planning to migrate to something newer and with more support life left. CentOS 7 goes EOL in 2024, CentOS 8 in 2029.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

compneurodev
Posts: 3
Joined: 2020/02/06 17:46:11

Re: Confirming no harm done

Post by compneurodev » 2020/02/07 01:15:49

@TrevorH Thanks for the feedback. I have copied the output into a pastebin link I now have in the original post. If you or anyone else gets a chance can you please look at the output records to confirm no update occurred and none are scheduled to? I will certainly think through what you recommended about any potential future update @TrevorH, thanks for the advice.

stevemowbray
Posts: 519
Joined: 2012/06/26 14:20:47

Re: Confirming no harm done

Post by stevemowbray » 2020/02/07 11:03:13

No updates happened. As Trevor says you MUST update the server before it's compromised, if it hasn't already been.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Confirming no harm done

Post by TrevorH » 2020/02/07 14:51:48

It sort of helps if you share the pastebin link. If using the CentOS paste.centos.org, you also need to be aware that posts have a lifetime of 24 hours (or less if you select less) so you need to paste it then share the url as quickly as possible,
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

compneurodev
Posts: 3
Joined: 2020/02/06 17:46:11

Re: Confirming no harm done

Post by compneurodev » 2020/02/07 15:18:35

@stevemowbray thanks! @TrevorH Here is the link: https://pastebin.com/v92YUJbT . I had posted it in an edit of the original message but I could have also posted it in the replay message. Apologies for the confusion and thanks again for the advice and help! :)

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Confirming no harm done

Post by TrevorH » 2020/02/07 18:02:37

Could not get metalink https://mirrors.fedoraproject.org/metal ... rch=x86_64 error was 14: problem making ssl connection
This error is a symptom of your system being so out of date. The EPEL repo uses an SSL setup that is not suported by such an old CentOS 6 so you will need to disable EPEL (yum --disablerepo=epel\* on each command until it's fixed) to get the update to proceed.

If your update fails when using --disablerepo-epel\* then you may need to update in several runs. I'd start with something like yum --disablerepo=epel\* update glibc\* yum\* rpm\* openssl\* which should update the components required to allow it to talk a more modern SSL. This command will almost certainly offer to update more than just those packages since many others will be dependent on the newer versions of those and will need to update at the same time.

Since your system is so backlevel, I would really recommend that you read all the release notes for all intervening versions between your current one and 6.10. There are release notes for both CentOS and for RHEL and you should read both. In addition, you should make sure that your backups are up to date and are verified to work. Updating from such an old version is not done often (if at all) so there may be things that are lurking that are not currently known.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply