How can I check installed list of patches on OS separately for critical security plugins and all other updates. I tried "rpm -qa --last" and "yum list installed" but didn't get the desired output.
Asked
Active
Viewed 1,076 times
2 Answers
0
Use the --changelog option:
rpm -q --changelog kernel
Andrew Schulman
- 8,811
- 21
- 32
- 47
Tux_DEV_NULL
- 1,093
- 7
- 11
0
If you are using a redhat or centos release (6 or 7), you can usen openscap scanner to get a status on known vulnerabilities and check if you have the patches installed or not.
Openscap-scanner is included in standard OS repositories (for yum install), you'll just have to download the current vulnerabilities definitions as described in this page : https://www.open-scap.org/resources/documentation/perform-vulnerability-scan-of-rhel-6-machine/ (the same applies to el7 with definitions in https://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml )
tonioc
- 1,047
- 8
- 11