Yum Plugins - security

By Mike McGrath
October 7, 2008 | Comments: 2

I'm the type of admin that gets into a tool and as long as it keeps doing what I use it for, I don't often bother to learn much more about it. Yum is a good example of this. Since dep-hell is something I haven't seen in years yum just sort of keeps on updating my packages, installing new ones, etc. Other apps like PackageKit (a gui updater) have come along, but I've largely ignored them.

Recently, however, I discovered yum plugins and some of them are very helpful. yum-security is available in Red Hat Enterprise Linux and Fedora and can be installed by running:

yum install yum-security

If you're new to a yum plugin running "yum" will give you a list of all commands that yum can run, including those provided by plugins. The yum-security plugin can be used by running:

yum list-security

This will grab a list of potential updates and print a bit more information them then you would see with just "check-update"

On one of my Fedora 8 Boxes here are a list of some updates available:

FEDORA-2008-8377 bugfix   postgresql-libs-8.2.10-1.fc8.i386
FEDORA-2008-8377 bugfix   postgresql-plpython-8.2.10-1.fc8.i386
FEDORA-2008-8377 bugfix   postgresql-python-8.2.10-1.fc8.i386
FEDORA-2008-8377 bugfix   postgresql-server-8.2.10-1.fc8.i386
FEDORA-2008-7485 enhancement python-exif-1.0.8-1.fc8.noarch
FEDORA-2008-7586 enhancement python-formencode-1.0.1-2.fc8.noarch
FEDORA-2008-8364 security rkhunter-1.3.2-5.fc8.noarch
FEDORA-2008-8179 bugfix   samba-client-3.0.32-0.fc8.i386
FEDORA-2008-8179 bugfix   samba-common-3.0.32-0.fc8.i386
FEDORA-2008-8378 bugfix   selinux-policy-3.0.8-117.fc8.noarch
FEDORA-2008-8378 bugfix   selinux-policy-devel-3.0.8-117.fc8.noarch

The first field FEDORA-XXXX-XXXX refers to the update ID and is distribution specific. Fedora has an updates system called Bodhi that developers and contributors use to issue package updates. In this example more information about rkhunter's security update can be found at: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-8364. The update system will have information listed about what fix went out like, bugzilla, CVE or even just a comment by the packager. Users can also comment on the package and update at this location.

Alternatively one can get much of this information from yum-security itself with the "yum info-security" command:

$ yum info-security FEDORA-2008-8364
Loaded plugins: security

===============================================================================
rkhunter-1.3.2-5.fc8
===============================================================================
Update ID : FEDORA-2008-8364
Release : Fedora 8
Type : security
Status : stable
Issued : 2008-09-24 12:42:39
Bugs : 460628 - None
Files : rkhunter-1.3.2-5.fc8.noarch.rpm

This is very useful in environments that have an update schedule different from that of their distribution. By this I mean in environments where admins don't blindly run yum update regularly or automatically. If an update fails in a testing environment, it is likely it will cause the same problem in production. yum-security allows admins to quickly gather information about the updates and can them make the right decision as to whether or not to update. After all, if an update that breaks your environment only fixes a few minor bugs you weren't seeing, there's probably no reason to update it and you can take your time in finding the problem. If an update breaks your system and is a security update, then it's probably worth the time to take a closer look.

What I'm saying here is not only can yum-security provide easy access to update information, but it can fit in nicely to your update work flow. Give it a try. If it works well for you take a look at some of the other yum plugins like yum-allowdowngrade, yum-merge-conf, or yum-priorities.


You might also be interested in:

2 Comments

I can't get enough wordpress plugins....I can't keep up with all the latest releases and updates. It's almost overwhelming.

Fedora is very fast paced, if its too quick I'd suggest taking a closer look at Red Hat Enterprise Linux or CentOS. Both are supported for longer periods of time, and have fewer updates.

News Topics

Recommended for You

Got a Question?