I'm running a Centos server, and i've had issue with bugged yum updates. Currently i have a cron job, which does a yum update every 3 months, but sometimes i get an update with a bug in it, that disables some aspect of my server. For example, the latest sshd update was disastrous, because it messed up permissions for chrooted sftp users, and chrooted users couldn't change folders which they were supposed to be able to change. I didn't want to start tampering with downgrade, and i needed some kind of ftp server asap. So i installed a temporary ftp server. I'm pretty much the only administrator of this server, i don't have much free time and therefore can't check every single yum update for bugs. Is there a bot, that can do this for me? Thanks.
Asked
Active
Viewed 137 times
2 Answers
2
Centos - How to avoid bugged yum updates
- Don't allow the system to automatically update itself, have yum-cron run in checkonly mode.
- Have yum-cron mail you if there are updates available
- Review the updates
- Test the updates on a staging system
- If the tests pass then apply the updates to your production systems.
user9517
- 115,471
- 20
- 215
- 297
-
Problem is i don't have enough time to do that. – Jojo595 Jan 22 '17 at 21:04
-
Then make time. That's clearly perferable to screwing your systems. – user9517 Jan 22 '17 at 21:05
1
If you don't have a staging or test server to run these on to test them, then the best you can do is try and minimise how much work you need to do. Maybe install the yum-security plugin.
You don't mention which CentOS version but this page has instructions for 4,6 & 7:
https://access.redhat.com/solutions/10021
Perhaps you can have it mail you the results of:
yum list-security --security
and then install 24 hours later with:
yum update-minimal --security -y
That would at least give you a heads up on what is going to change e.g. you mention sshd/sftp is an important part of your setup.
gm3dmo
- 10,057
- 1
- 42
- 36