This article will talk about how to update / upgrade Redhat Enterprise Linux to specific minor release when you use in Red Hat Subscription Manager. It will also discuss about how to prevent YUM from updating kernel and packages but only to the security updates. In many cases , you might need to tie with specific version of Redhat Enterprise Linux minor release due to application compatibility and continue to run with stable releases without upgrading. At the same time , you must update the security patches to keep the system secure from potential attacks.
Environment:
- RHEL 6 , 7
- Red Hat Subscription Manager (RHSM)
- Red Hat Network Classic
To lock RHEL to specific version:
1. Login to RHEL as root user.
2. Ensure that yum’s cache is cleared out with the command.
[root@uaans ~]# yum clean all Loaded plugins: langpacks, product-id, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Cleaning repos: InstallMedia uaans-repo Cleaning up everything [root@uaans ~]#
3.This procedure will work when your system is registered with RHSM (subscription-manager). To enable “–releasever” option, you need to register a system through subscription-manager
# subscription-manager register # subscription-manager register --auto-attach
4. If the current OS version is RHEL 6.2 and the requirement is to update to 6.5 , please use the following command to update the system to specific release. If you don’t specify “releasever” parameter ,then system will be updated to latest major release.
# yum --releasever=6.5 update
If you would like to update only the kernel ,
# yum --releasever=6.5 update kernel
Note: If the system is registered to RHN classic through rhn_register command, this option is disabled.
5. If “–releasever” parameter is not working as we expect , please confirm the setting of rhnplugin plug-in.
/etc/yum/pluginconf.d/rhnplugin.conf [main] enabled = 0 gpgcheck = 1 # You can specify options per channel, e.g.: # #[rhel-i386-server-5] #enabled = 1 # #[some-unsigned-custom-channel] #gpgcheck = 0
Update Only Security updates :
1. System Must be registered with RHSM (subscription-manager).
2. Install security plugin if you are running with RHEL 6.x servers. For RHEl 7 , YUM itself have this functionality
# yum install yum-plugin-security
3. To list all available erratas without installing those updates, run the following command.
# yum updateinfo list available
4. To list all available security updates without installing those ,
# yum updateinfo list security all # yum updateinfo list sec
5.To get a list of the currently installed security updates,
# yum updateinfo list security installed
6.To list all available security updates with verbose descriptions ,
# yum info-sec
7. To update all the secutrity patches from RHSM / Redhat satellite.
# yum -y update --security
8. To install the packages that have a security errata use,
# yum update-minimal --security -y
9. To install a security update using a CVE reference number, use the following command.
# yum update --cve CVE-2008-0947
* Replace “CVE-2008-0947” with require CVE.
10.If you want to apply only one specific advisory, use the following command.
# yum update --advisory=RHSA-2014:0159
* Replace “RHSA-2014:0159” with valid RHSA.
Hope this article is informative to you. Share it ! Comment it !! Be Sociable !!!