[CentOS] Auto-installing security updates?
Peter Kjellstrom
cap at nsc.liu.se
Wed May 20 14:31:41 UTC 2009
On Wednesday 20 May 2009, Ralph Angenendt wrote:
> Lanny Marcus wrote:
> > The NSA manual suggests disabling yum-updatesd and doing it with a
> > cron job. update yum and then update.
>
> a) That manual was written at the time of 5.0 - yum-updatesd was broken
> then. b) It is broken again :/ c) "yum update yum" and then "yum update"
> the rest broke things for some people when going from 5.2 to 5.3.
One idea could be to let it auto-update if the list of packages is "short"
(that is not a 5.x -> 5.y). It's a bit of a hack and by no means guarantees
that all will be well.
It could be done roughly like this I suppose:
yum list updates | wc -l
if above > limit
log/tell "big update detected, please update manually"
else
log/tell "small update detected, applying automatically..."
yum -y update
/Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20090520/c22bda76/attachment.sig>
More information about the CentOS
mailing list