Understanding output from uname -a (kernel versioning and latest patch)

Question

I'm trying to see if our servers are all patched, but the patching notation on these two RHEL servers is confusing me:

hostA$ uname -a
Linux hostA 3.10.0-1062.4.1.el7.x86_64 #1 SMP Wed Sep 25 09:42:57 EDT 2019 x86_64 x86_64 x86_64 GNU/Linux
hostB$ uname -a
Linux hostB 3.10.0-1127.el7.x86_64 #1 SMP Tue Feb 18 16:39:12 EST 2020 x86_64 x86_64 x86_64 GNU/Linux

So, they are all patched to version 3.10.0, right? What is the significance of the digits after the hyphen that makes these two servers different?

Also, what is the time stamp? Is that the date/time that the patch was released from the vendor?

@Mircea Vutcovici, I am trying to see when another organization last patched servers. I'm writing ansible scripts to check hundreds at the same time. — davidhaskins, May 05 '20 at 12:48

score 3 · Accepted Answer · answered May 05 '20 at 01:20

3

Linux 3.10.0 is very different from RHEL's heavily patched 3.10.0-1127. Read the kernel.spec from the sources, and see the enormous change log.

That 1127 piece is the kernel rpms's release "number". Specific to EL (or whomever is doing the build) and not upstream kernel.org. Given most updates fix security or functional flaws, that last digit is important.

Time stamp is when the kernel was compiled. It is not a release date. Testing occurs before release. Not all test kernels get released.

Checking the kernel with uname is not Linux patch management. Most software on Linux is not the kernel, from libc all the way to applications. Some other means of reporting on and applying packages is necessary. For RHEL, this means rpm and yum based tools.

answered May 05 '20 at 01:20

John Mahowald

32,050
2
19
34

Thanks. I'm just trying to get a rough estimate of the last time each server in our environment was patched. So, maybe check the most recent date on yum history? I don't think our contractor installs much with RPMS's or stuff compiled from source (maybe a few one-offs). I believe they use yum for the majority of patch management. – davidhaskins May 05 '20 at 12:52
`yum history` is a thing, but that's not the question you asked. Get access to the update tracking tools this contractor has. There is no point in doing half measures when you might miss security updates that aren't the kernel. – John Mahowald May 06 '20 at 13:42

score 0 · Answer 2 · answered May 05 '20 at 19:51

Most package managers have a log. For RHEL/CentOS you have /var/log/yum.log and for Debian/Ubuntu: /var/log/apt/history.log The logs have also timestamps for all package manager changes (install/update/remove).

Most modern distributions can be configure to update all packages automatically. You can specify if you want only security updates or all updates.

There are also centralized tools that can manage all this updating from a web interface.

Patching is not used in Linux world with the connotation you use. You have kernel update(s), and package update(s).

It is possible to do live patching for the kernel, but I don't think you need to worry about this now. Live patching means fixing bugs in kernel without rebooting.

Understanding output from uname -a (kernel versioning and latest patch)

2 Answers2