[CentOS] Auto-installing security updates?

Wed May 20 14:31:41 UTC 2009
Peter Kjellstrom <cap at nsc.liu.se>

On Wednesday 20 May 2009, Ralph Angenendt wrote:
> Lanny Marcus wrote:
> > The NSA manual suggests disabling yum-updatesd and doing it with a
> > cron job. update yum and then update.
>
> a) That manual was written at the time of 5.0 - yum-updatesd was broken
> then. b) It is broken again :/ c) "yum update yum" and then "yum update"
> the rest broke things for some people when going from 5.2 to 5.3.

One idea could be to let it auto-update if the list of packages is "short" 
(that is not a 5.x -> 5.y). It's a bit of a hack and by no means guarantees 
that all will be well.

It could be done roughly like this I suppose:
 yum list updates | wc -l
 if above > limit
  log/tell "big update detected, please update manually"
 else
  log/tell "small update detected, applying automatically..."
  yum -y update

/Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20090520/c22bda76/attachment-0005.sig>