HPE Community
Operating System - Linux
1752287 Members
4395 Online
108786 Solutions
New Discussion юеВ

Re: Linux Patching Plan.- RHEL5

 
brian_31
Super Advisor

тАО09-03-2010 08:26 AM

тАО09-03-2010 08:26 AM

Linux Patching Plan.- RHEL5

Coming from the HP-UX world, our org. tend to develop patch bundles and bundle them into a depot and distribute this every quarter (for example QPK's. any other recommended patches etc). The Company wants a similar plan for linux. I am new to Redhat Linux and i would like to know some ideas. The leadership wants similar plan to HP-UX, Solaris, AIX and linux. The first 3 are already in Place and Linux needs to be done now. Please throw more ideas on this! I know redhat does not have quartely updates and may not have real patch bundles, but i would like some ideas and possibilities.

Thanks

Brian.
0 Kudos
Reply
10 REPLIES 10
Tim Nelson
Honored Contributor

тАО09-03-2010 09:53 AM

тАО09-03-2010 09:53 AM

Re: Linux Patching Plan.- RHEL5

download updates into private repository on a quarterly basis

use private repository to update all servers

tips:
install yum-downloadonly rpm
createrepo
disable rhn plugin in rhnplugin.conf
enable private repo in /etc/yum.repos.d/

I can give more specifics but I find that I learn 12 new things while reading... your call.






0 Kudos
Reply
brian_31
Super Advisor

тАО09-03-2010 01:25 PM

тАО09-03-2010 01:25 PM

Re: Linux Patching Plan.- RHEL5

Thanks Tim!

It is a good start. Please post more ideas when you find time. Thanks again!

Brian
0 Kudos
Reply
Gerardo Arceri
Trusted Contributor

тАО09-03-2010 08:13 PM

тАО09-03-2010 08:13 PM

Re: Linux Patching Plan.- RHEL5

As an HP hardware user, i always try to upgrade the firmware/HP Tools/drivers along with the OS Updates.
Just wanted to contribute with my $.02
0 Kudos
Reply
Abushad
Advisor

тАО09-03-2010 11:28 PM

тАО09-03-2010 11:28 PM

Re: Linux Patching Plan.- RHEL5

Hi brian,

You can create a repo server to implement SD in linux.
Note:This facility is only available by defualt in rhel5 onwards
download the patches/softwares into a repo folder.then run cmd
#createrepo -v

configure the machine to use as a FTP server bcz client uses ftp service to access the repo

client configuration
Edit the config file to use as a repo client.
#cp /etc/yum.repos.d/rhel-debuginfo.repo /etc/yum.repos.d/local.repo
#vi /etc/yum.repos.d/local.repo
baseurl=ftp://ipaddress of repo server/repo folder
enabled=1

now you will be able to connect to the repo server and list the patches/softwares using cmd
#yum list all

you can always install a particular patch/sw using cmd
#yum install
for updating the entire client machine with latest patches/sw available in the repo use
#yum update -y

I suggest you to test this before implementing in live servers
i successfully did the same to upgrade servers from rhel5.1 to rhel 5.4

Regards
Abushad
0 Kudos
Reply
brian_31
Super Advisor

тАО09-04-2010 06:31 AM

тАО09-04-2010 06:31 AM

Re: Linux Patching Plan.- RHEL5

Abushad

Thank you for excellent finer details! So looks like the repo server is similar to the SD-UX depot from where you could push the patches. But on what basis do you add the patches to the repo server (Repository), I mean how often? do you have single patches (for example jave leak issue etc..or may be a security fix etc..). Thanks again for a detailed post. It is really helpful and and adds more value when you share the actual commands to do..Very helpful..Thanks again!

Best Regards

Brian.
0 Kudos
Reply
Abushad
Advisor

тАО09-05-2010 11:51 PM

тАО09-05-2010 11:51 PM

Re: Linux Patching Plan.- RHEL5

Hi Brian,

Redhat releases many types of patches just like HP,SUN,IBM etc.You have to first create a login account in redhat site and register your product.You will be notified in the login account or the server itself notify you with a pop up message once a new patch is released.You may download the patch and keep in the repo for the client servers.

Regards,
Abushad
0 Kudos
Reply
dirk dierickx
Honored Contributor

тАО09-06-2010 12:18 AM

тАО09-06-2010 12:18 AM

Re: Linux Patching Plan.- RHEL5

you could look into a Satelite server (OSS version: spacewalk). it does not set policies for you, but you can easily implement policies per server groups with it.
it will also report on missing patches etc.
all in all a great tool for patch management.
0 Kudos
Reply
brian_31
Super Advisor

тАО09-06-2010 08:09 PM

тАО09-06-2010 08:09 PM

Re: Linux Patching Plan.- RHEL5

Thanks! Another term which is used is errata. Could someone explain that?

Thanks

Brian.
0 Kudos
Reply
dirk dierickx
Honored Contributor

тАО10-25-2010 12:56 AM

тАО10-25-2010 12:56 AM

Re: Linux Patching Plan.- RHEL5

errata just means a problem was detected, mostly either a bug or a security hole of various impact. you should read the reports, there is always a detailed explanation included on what is wrong and the criticality of it.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.