最新消息:

yum使用yum-plugin-security插件安全性升级

Linux运维 大步 2137浏览 0评论

 

前面翻译的yum的使用技巧文章,教会我们用versionlock锁定某个软件版本,不让其被yum update升级。但是,服务器的安全升级却是必须的,所以,下面介绍一个yum插件:yum-plugin-security 来进行安全性升级。

yum相关文章:

yum 命令跳过特定(指定)软件包升级方法

用exclude参数(禁止)排除指定软件包被yum升级

CentOS / RHEL:yum升级时锁定特定软件版本

yum升级中锁定指定软件版本禁止其升级(手动)

yum安装指定(特定)版本(旧版本)软件包的方法

yum –showduplicates 介绍和使用方法

1.一般系统默认安装了yum-plugin-security,如果没有,则输入命令安装yum-plugin-security :

$ sudo yum install yum-security

2. 如果是red hat 6,yum-plugin-security现在增加了了一个updateinfo命令。这个命令用来查看可安全更新的软件列表(只查看,不更新),输入下面的命令:

$ sudo yum updateinfo list security

输出:

Loaded plugins: security, versionlock
CVE-2013-1619 security gnutls-2.8.5-10.el6_4.1.x86_64
CVE-2013-1493 security java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
CVE-2013-0809 security java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
CVE-2013-0268 security kernel-uek-2.6.39-400.17.2.el6uek.x86_64
CVE-2013-0268 security kernel-uek-firmware-2.6.39-400.17.2.el6uek.noarch
CVE-2012-4929 security openssl-1.0.0-27.el6_4.2.x86_64
CVE-2013-0166 security openssl-1.0.0-27.el6_4.2.x86_64
CVE-2013-0169 security openssl-1.0.0-27.el6_4.2.x86_64
updateinfo list done

 

对于 red hat 或者 centos 5.x 版本而言,则使用下面的命令来查看可安全更新的软件列表:

$ sudo yum list updates --security

升级需要安全更新的软件包,输入命令:

$ sudo yum update --security

输出如下:

Loaded plugins: security, versionlock
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
5 package(s) needed (+0 related) for security, out of 17 available
--> Running transaction check
---> Package gnutls.x86_64 0:2.8.5-10.el6 will be updated
---> Package gnutls.x86_64 0:2.8.5-10.el6_4.1 will be an update
---> Package java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.56.1.11.8.el6_3 will be updated
---> Package java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 will be an update
---> Package kernel-uek.x86_64 0:2.6.39-400.17.2.el6uek will be installed
---> Package kernel-uek-firmware.noarch 0:2.6.39-400.17.2.el6uek will be installed
---> Package openssl.x86_64 0:1.0.0-27.el6 will be updated
---> Package openssl.x86_64 0:1.0.0-27.el6_4.2 will be an update
--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel-uek.x86_64 0:2.6.39-300.17.3.el6uek will be erased
---> Package kernel-uek-firmware.noarch 0:2.6.39-300.17.3.el6uek will be erased
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
kernel-uek x86_64 2.6.39-400.17.2.el6uek ol6_UEK_latest 27 M
kernel-uek-firmware noarch 2.6.39-400.17.2.el6uek ol6_UEK_latest 3.5 M
Updating:
gnutls x86_64 2.8.5-10.el6_4.1 ol6_latest 345 k
java-1.6.0-openjdk x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 ol6_latest 25 M
openssl x86_64 1.0.0-27.el6_4.2 ol6_latest 1.4 M
Removing:
kernel-uek x86_64 2.6.39-300.17.3.el6uek @ol6_UEK_latest 99 M
kernel-uek-firmware noarch 2.6.39-300.17.3.el6uek @ol6_UEK_latest 5.0 M

Transaction Summary
================================================================================
Install 2 Package(s)
Upgrade 3 Package(s)
Remove 2 Package(s)

Total download size: 57 M
Is this ok [y/N]: //输入y,则确认升级

 

end!

英文原文:Red Hat 6 or CentOS 6: Yum Tips – Lock Package Versions and Only Apply Security Updates

转载请注明:大步's Blog » yum使用yum-plugin-security插件安全性升级

SiteMap