Tuesday, March 9, 2010

RHEL patching with yum-security

Our security group is pushing us to install security-related patches within two weeks of their release. While that may not make sense for servers in a production environment, I'll admit that our traditionally infrequent cycle was not optimal either. I recently discovered yum-security, a package which extends the yum command in RHEL5. It allows my shop to appease the security guards while applying other bug fixes and enhancements with more consideration.

It has been included in the base install since RHEL 5.1. If it's not on your RHEL system, run

yum install yum-security

To list available security errata, run

yum --security check-update

To install only security-related errata, only up to the latest security errata package, patch using the following command:

yum --security update-minimal

Patching with precision should result in more secure systems with more uptime and more stability. See the yum-security man page for details and examples.