Applying Linux security updates using yum

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23

You can collectively (or selectively) apply OS security updates using the yum command.

The yum command requires access to a repository from which packages can be obtained. If your management server has internet access, you can use the distribution website as described in this topic. If your management server does not have internet access, you need to download the Linux ISO on a server with Internet access and create a local yum repository on the management server. For more information, see Creating a local yum repository.
Note: The Express installer automatically invokes yum if any required Linux packages are not installed. If the yum repository is not configured or cannot be reached, the installation fails with a message that packages could not be installed.

Accessing the RPM packages using the distribution website

  1. Specify the repository to which the yum command will connect.
  2. If you are using a proxy, specify the proxy for the yum command:
    1. Add the following information to the /etc/yum.conf file:
      proxy=http://host-name:port-number
      proxy_username=user-name
      proxy_password=password
    2. Clear the cache for the yum command.
      yum clean all

Using the yum command

To update all packages for which security-related errata are available (including packages with bug fixes or new features without security errata):

yum --security --exclude kernel* --exclude *podman* --exclude *containers-common* upgrade

To update all packages for which security-related errata are available (ignoring any newer packages without security errata):

yum --security --exclude kernel* --exclude *podman* --exclude *containers-common* upgrade-minimal

To update all kernel and podman packages to the latest supported versions that contain security errata, follow these examples.

For Red Hat kernel (must specify supported kernel version):

yum --security upgrade-minimal kernel-4.18.0-305.*

For Unbreakable Enterprise kernel (must specify supported uek kernel version):

yum --security upgrade-minimal kernel-uek-5.4.17-2102.*

For podman (must specify supported podman version):

yum --security upgrade-minimal podman-3.3.*

You can also update only those packages that correspond to a CVE or erratum, as in the following examples:

yum --cve CVE-2021-37576 upgrade-minimal

For Red Hat Enterprise Linux:

yum --advisory RHSA-2021:4056 upgrade-minimal

For Oracle Linux:

yum --advisory ELSA-2021-9474 upgrade-minimal