On 02/25/2013 01:00 PM, Les Mikesell wrote: > On Mon, Feb 25, 2013 at 7:48 AM, Robert Moskowitz <rgm at htt-consult.com> wrote: >> I have read a couple old threads here on updates for servers, and I am >> looking for some mechanics to getting the actual updates done. I don't >> want automatic updates; I want to control when and what gets updated. > Keep in mind that to _not_ install an update, you have to know more > than the RH engineers about the code. I usually assume they had a > good reason for going to the trouble of shipping it and that they > would have to have a very, very good reason to ship anything that > would break an existing API in an update. Of course it is always good > policy to test the combination of things you run in production on a > non-critical box first. For example, an apache update MAY require that I first check what it will do to http.conf. First install it on a test server, check out what is new, then apply it. Or a firefox update, and I only run firefox anymore on the server when I am running in via vnc, and probably will never again (after setup) run firefox, so I will apply that update when I don't have something more to do. I see mysqld on my DNS server, but I have it off. Also cups is there, and I don't do printing. I have not uninstalled these, so if they get updates, I will apply them, but not when I am on the road. Now a bind or apache security update will get applied.... yes, I still tend to install desktop on my servers to get them configured, the set inittab to 3 and will rarely ever run desktop again. > >> First I have to determine that a particular server needs updates. I >> suppose a daily script that would run "yum check-updates' and emails me >> the results could work, but then I would only want the email IF there >> was something to update, at my limited use of this option does not show >> anything to trigger a notify on changes. Does anyone know of a script >> that would do this? > How about just joining the centos-announce mail list? I am on it, and I do look at the announcements. Still which rpm is used on which server? What is critical and what is not?