On Tue, 16 Sep 2014, Reindl Harald wrote:
Am 16.09.2014 um 15:49 schrieb kqt4at5v@gmail.com:
I am using CentOS 6.5. I am using kernel 2.6.32-431.11.2.el6.i686 and there is a newer version 2.6.32-431.29.2.el6.i686 available. Where can I find documentation that tells me the difference in the two version?
just ask your system for the changelog *and do not* skip updates that long - they are released for damned good reasons in case of a LTS distribution
Thank you, how can I query which updates that are available are security updates?
On 09/16/2014 01:00 PM, kqt4at5v@gmail.com wrote:
On Tue, 16 Sep 2014, Reindl Harald wrote:
Am 16.09.2014 um 15:49 schrieb kqt4at5v@gmail.com:
I am using CentOS 6.5. I am using kernel 2.6.32-431.11.2.el6.i686 and there is a newer version 2.6.32-431.29.2.el6.i686 available. Where can I find documentation that tells me the difference in the two version?
just ask your system for the changelog *and do not* skip updates that long - they are released for damned good reasons in case of a LTS distribution
Thank you, how can I query which updates that are available are security updates?
you can't .. other than to look at the centos-announce mailing list
On 9/16/2014 6:15 PM, Johnny Hughes wrote:
Thank you, how can I query which updates that are available are security updates?
you can't .. other than to look at the centos-announce mailing list
well, you can follow redhat's bugzilla. Its probably a full time job to compile what you're asking for.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 17.09.2014 03:15, Johnny Hughes wrote:
Thank you, how can I query which updates that are available are security updates?
you can't .. other than to look at the centos-announce mailing list
This is not completely true, because you can implement openscap (http://www.open-scap.org/page/Main_Page)
in order to get notifications about vulnerable systems /patches which fix these.
But I doubt that it is worth the effort if you don't run it for business/on more than one server.
HTH
Sven
On 09/17/2014 04:58 PM, Sven Kieske wrote:
On 17.09.2014 03:15, Johnny Hughes wrote:
Thank you, how can I query which updates that are available are security updates?
you can't .. other than to look at the centos-announce mailing list
This is not completely true, because you can implement openscap (http://www.open-scap.org/page/Main_Page)
in order to get notifications about vulnerable systems /patches which fix these.
But I doubt that it is worth the effort if you don't run it for business/on more than one server.
Except that does not work for CentOS without modifying the packages ... it does work for RHEL.
We would certainly be glad to have some community members create and maintain packages for this, as well as maintaining spacewalk security information as well.
Johnny Hughes wrote:
On 09/17/2014 04:58 PM, Sven Kieske wrote:
On 17.09.2014 03:15, Johnny Hughes wrote:
Thank you, how can I query which updates that are available are security updates?
you can't .. other than to look at the centos-announce mailing list
Not exactly correct. You can install yum-plugin-security. From rpm -qi: Description : This plugin adds the options --security, --cve, --bz and --advisory flags to yum and the list-security and info-security commands. The options make it possible to limit list/upgrade of packages to specific security relevant ones. The commands give you the security information. <snip>
We would certainly be glad to have some community members create and maintain packages for this, as well as maintaining spacewalk security information as well.
Well, I implemented spacewalk in '09, at a short term contract I was on. I hope I *NEVER* have to deal with that again.... Let's see, at the time, it *required*, and wouldn't work with *anything* other than Oracle. And to get it working, and it was not a huge server farm at that job, I had to tweak Oracle (the free version) to use 992M of its allowed 1G memory (the default was significantly lower). And the tools were *not* well documented. I think it went from 0.3.x to 0.3.x+2, or maybe 0.4; IMO, nowhere ready for prime time.
Oh, and it used cobbler, so I guess it was a complicated gui on top of cobbler....
mark
On 09/18/2014 10:37 AM, m.roth@5-cent.us wrote:
Johnny Hughes wrote:
On 09/17/2014 04:58 PM, Sven Kieske wrote:
On 17.09.2014 03:15, Johnny Hughes wrote:
Thank you, how can I query which updates that are available are security updates?
you can't .. other than to look at the centos-announce mailing list
Not exactly correct. You can install yum-plugin-security. From rpm -qi: Description : This plugin adds the options --security, --cve, --bz and --advisory flags to yum and the list-security and info-security commands. The options make it possible to limit list/upgrade of packages to specific security relevant ones. The commands give you the security information.
<snip>
yum-security also works on RHEL, but not on CentOS .. I write this stuff and release it, if there was a way, I would tell you. There isn't. yum-security also requires something we don't have and is all part of the effort I talked about before.
We would certainly be glad to have some community members create and maintain packages for this, as well as maintaining spacewalk security information as well.
Well, I implemented spacewalk in '09, at a short term contract I was on. I hope I *NEVER* have to deal with that again.... Let's see, at the time, it *required*, and wouldn't work with *anything* other than Oracle. And to get it working, and it was not a huge server farm at that job, I had to tweak Oracle (the free version) to use 992M of its allowed 1G memory (the default was significantly lower). And the tools were *not* well documented. I think it went from 0.3.x to 0.3.x+2, or maybe 0.4; IMO, nowhere ready for prime time.
Oh, and it used cobbler, so I guess it was a complicated gui on top of cobbler....
What needs to be maintained is a full database of all the CVE info. We can't use the Red Hat one and someone would need to find the time to track, test, and input said data to be able to use yum-security and generate the metadata for spacewalk security issues.
Thus takes time. We currently have 4 team members to maintain 3 active distros, maintain all the infrastructure that the teams use, do all the cloud images that people see, represent CentOS at all the trade shows, etc.
The reason the process is opened up and is community is so people can step up and do all these additive things in a SIG.
So, if you (not mark, but any of YOU) want something, figure out how it can be done and make recommendations on how to make it happen.
Take this issue ... yum security does not work unless there is:
1. Once single big repo of all RPMs in one place (Note: we don't so this, we need a modification to the process to allow it to look at vault.centos.org or maybe if all the other issues are solved, we can create a combined repo specifically for this).
2. We need a database (or other mechanism) that holds all the required info. This data needs to maintained. We currently do the mailing list of CentOS announce. If that contains all the data and all it needs is reformatting, then great ... or we may need other data.
So, what we need is for people to look at what is out there, figure out what is needed, figure out how to change programs (if required), how to maintain the data, etc.
Thanks, Johnny Hughes
-
John R Pierce -
Johnny Hughes -
kqt4at5v@gmail.com -
m.roth@5-cent.us -
Sven Kieske