Lanny Marcus wrote:
On 8/13/09, madunix madunix@gmail.com wrote:
Can any one clarify this, is auto updating at all production servers recommended or not? need to know your opinion, how do you manage the update?
The NSA Guide to the Secure Configuration of RHEL 5 indicates this is OK, but not with updatesd which they believe is not mature enough for an enterprise environment and may introduce unnecessary overhead. They suggest a cron job that calls yum to do this.
I build a bunch of these updates and test most of the ones I don't build before we release them ... and I STILL don't auto update servers in production. I may be a bit cautious, but I can't imagine I would ever set any production server, in any OS, to every update automatically.
If I was ever going to do it, CentOS would be the OS ... but with my job on the line I'll just do the updates by hand and watch the output :D
We do auto update all our CentOS Infrastructure servers via cron and they hardly ever have issues.