On Wed, Apr 8, 2015 at 8:54 AM, Rafał Radecki <radecki.rafal at gmail.com> wrote: > Hi All :) > > What is the best way to get a list of available security updates? > I found several commands for that: > 1) yum updateinfo list updates -q --security > 2) yum list-security --security -q > 3) yum --security check-update -q > Based on the sample output below I think I can use any of the three with > some awk to get a list of packages. > > yum updateinfo list updates -q --security > FEDORA-EPEL-2014-0525 security libyaml-0.1.5-1.el6.x86_64 > FEDORA-EPEL-2014-0990 security libyaml-0.1.6-1.el6.x86_64 > > yum list-security --security -q > FEDORA-EPEL-2014-0525 security libyaml-0.1.5-1.el6.x86_64 > FEDORA-EPEL-2014-0990 security libyaml-0.1.6-1.el6.x86_64 > > yum --security check-update -q > libyaml.x86_64 0.1.3-4.el6_6 > updates > > Then I can add this to nagios or cron to get a notification about available > security updates. > > Do you see any advantages/disadvantages in using one of the three choices? There are disadvantages to anything short of keeping your system completely up to date with available updates. > How do you do this kind of task? What can you propose to get a notification > about available security updates? Most/all updates within a minor version number will be to fix something critical. And the big batches of updates that come at the minor version releases are only tested together. While you can cherry-pick individual package updates to install and in theory they should run and pull in any other updates that are really needed via rpm dependencies, you'll end up running a mix of things that no one else has tried together. -- Les Mikesell lesmikesell at gmail.com