7

A server running on my EC2 instance (Amazon Linux AMI) falls over every night. I watched processes and this happens, every time, minutes after this command runs:

/usr/bin/python2.7 /usr/bin/yum --debuglevel 2 --security check-update

Q: Where is this configured to run? I want to disable this, and do updates manually.

Extra Q: What does check-update do in fact? It seems it only compiles a list of updates but not actually updating? What's the point of that?

haelix
  • 207
  • 3
  • 6
  • 1
    It doesn't run updates, only checks for them as per MLu's answer. You should try and figure out what is happening, because that is a light weight process that is designed to let you know which packages are updated, and more importantly which ones have patches due to security issues. – gview Sep 26 '18 at 02:20
  • I have the same problem and figured out that "check-update" takes up more than 200MB of RAM, which is why my server gets killed..While disabling it seems like a reasonable solution, I'm still wondering why "check-update" uses so much memory.. – Vlad Jan 22 '21 at 12:27

1 Answers1

6

The purpose is to generate the message that's displayed every time you SSH to the host, something like:

~ $ ssh ec2-user@xx.xx.xx.xx


       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2018.03-release-notes/
10 package(s) needed for security, out of 21 available          <<<=== This
Run "sudo yum update" to apply all updates.                     <<<=== and this
[ec2-user@ip-172-31-11-77 ~]$

It is run as part of the /etc/cron.d/update-motd cron job.

The command you want to disable is run from /etc/update-motd.d/70-available-updates - if you want to disable it edit this file and comment it out.

Do not simply remove the file because on the next patching it may be brought back.

Hope that helps :)

MLu
  • 24,849
  • 5
  • 59
  • 86
  • This is indeed how the job is wired (it would have been preferable to do something like sudo systemctl disable something.service but I guess cron jobs need to be commented out like that) – haelix Sep 29 '18 at 18:48
  • Hi, I can't found the command in /etc/update-motd (Since now no longer in /etc/cron.d/update-motd anymore). In this case, how should I disable it? – Jerry Chong Jun 23 '22 at 05:05