A long long time ago, in a previous vocation, I had all my CentOS boxes talking to a Spacewalk server. I had a script (which may or may not still work) that would take CentOS-Annouce digest and create Errata out of them. I could then use that in my server groups as a "Security Patches Only" sort of deployment.
On Dec 18, 2012, at 9:44 AM, Johnny Hughes wrote:
On 12/18/2012 10:38 AM, Terry wrote:
Hello,
We are running CentOS 5.5 on a server that is not reporting any security updates: [root@server01 ~]# yum -y --security check-update Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile
- base: bay.uchicago.edu
- extras: bay.uchicago.edu
- updates: mirror.nyi.net
Limiting package lists to security relevant ones No packages needed, for security, 261 available
However, Nexpose, our vulnerability scanner detected otherwise. Upon digging deeper, I noticed that we are on a kernel version that has a known issue fixed in a later version:
[root@server01 ~]# rpm -q kernel kernel-2.6.18-194.el5 kernel-2.6.18-194.8.1.el5
http://rhn.redhat.com/errata/RHSA-2010-0610.html http://lists.centos.org/pipermail/centos-announce/2010-August/016890.html
I appreciate anyone's insight in helping me understand this a bit better.
The yum security plugin does not currently, nor has it ever, worked on CentOS.
It is designed to work with RHN and RHEL and we have not been able to make it work on CentOS.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos