RadarURL
유닉스/리눅스

Linux YUM 을 이용하여 보안 업데이트를 진행해 보자

by JaeSoo posted May 22, 2014
?

단축키

Prev이전 문서

Next다음 문서

ESC닫기

크게 작게 위로 아래로 댓글로 가기 인쇄 
YUM 명령어를 이용하여 나의 시스템에 발생된 보안 업데이트를 진행해 보자
방법은 아래의 내용을 참고~!

@ yum-security plugin 설치
=======================================================
RHEL5 , RHEL6
# yum install yum-security
======================================================= 


@ 설치 가능한 보안 패치를 확인하는 방법
=======================================================
# yum list-security --security
=======================================================
# yum list-security --security
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
local                                                                                                                                  | 3.9 kB     00:00     
local/primary_db                                                                                                                       | 3.1 MB     00:00     
rhel-x86_64-server-6                                                                                                                   | 1.8 kB     00:00     
rhel-x86_64-server-6/primary                                                                                                           |  16 MB     00:01     
rhel-x86_64-server-6                                                                                                                              12316/12316
rhel-x86_64-server-6/updateinfo                                                                                                        | 2.0 MB     00:00     
RHSA-2013:1537 Low/Sec.       augeas-libs-1.0.0-5.el6.x86_64
RHSA-2014:0044 Moderate/Sec.  augeas-libs-1.0.0-5.el6_5.1.x86_64
RHSA-2013:0550 Moderate/Sec.  bind-libs-32:9.8.2-0.17.rc1.el6.3.x86_64
RHSA-2013:0689 Important/Sec. bind-libs-32:9.8.2-0.17.rc1.el6_4.4.x86_64
RHSA-2013:1114 Important/Sec. bind-libs-32:9.8.2-0.17.rc1.el6_4.5.x86_64

.
.
.

RHSA-2013:1620 Low/Sec.       xorg-x11-server-Xorg-1.13.0-23.el6.x86_64
RHSA-2013:1868 Important/Sec. xorg-x11-server-Xorg-1.13.0-23.1.el6_5.x86_64
RHSA-2013:1426 Important/Sec. xorg-x11-server-common-1.13.0-11.1.el6_4.2.x86_64
RHSA-2013:1620 Low/Sec.       xorg-x11-server-common-1.13.0-23.el6.x86_64
RHSA-2013:1868 Important/Sec. xorg-x11-server-common-1.13.0-23.1.el6_5.x86_64
RHSA-2013:0271 Critical/Sec.  xulrunner-17.0.3-1.el6_3.x86_64
RHSA-2013:0614 Critical/Sec.  xulrunner-17.0.3-2.el6_4.x86_64
RHSA-2013:0696 Critical/Sec.  xulrunner-17.0.5-1.el6_4.x86_64
RHSA-2013:0820 Critical/Sec.  xulrunner-17.0.6-2.el6_4.x86_64
RHSA-2013:0981 Critical/Sec.  xulrunner-17.0.7-1.el6_4.x86_64
RHSA-2013:1140 Critical/Sec.  xulrunner-17.0.8-3.el6_4.x86_64
RHSA-2013:1268 Critical/Sec.  xulrunner-17.0.9-1.el6_4.x86_64
RHSA-2013:1476 Critical/Sec.  xulrunner-17.0.10-1.el6_4.x86_64
RHSA-2013:0271 Critical/Sec.  yelp-2.28.1-17.el6_3.x86_64
updateinfo list done

 @ 현재 서버에 설치된 보안 패치를 확인하는 방법 
=======================================================
# yum updateinfo list security all
=======================================================
# yum list-security --security
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
RHSA-2013:1537 Low/Sec.       augeas-libs-1.0.0-5.el6.x86_64
RHSA-2014:0044 Moderate/Sec.  augeas-libs-1.0.0-5.el6_5.1.x86_64
RHSA-2013:0550 Moderate/Sec.  bind-libs-32:9.8.2-0.17.rc1.el6.3.x86_64
RHSA-2013:0689 Important/Sec. bind-libs-32:9.8.2-0.17.rc1.el6_4.4.x86_64
RHSA-2013:1114 Important/Sec. bind-libs-32:9.8.2-0.17.rc1.el6_4.5.x86_64
RHSA-2014:0043 Moderate/Sec.  bind-libs-32:9.8.2-0.23.rc1.el6_5.1.x86_64
RHSA-2013:0550 Moderate/Sec.  bind-utils-32:9.8.2-0.17.rc1.el6.3.x86_64
RHSA-2013:0689 Important/Sec. bind-utils-32:9.8.2-0.17.rc1.el6_4.4.x86_64
RHSA-2013:1114 Important/Sec. bind-utils-32:9.8.2-0.17.rc1.el6_4.5.x86_64
RHSA-2014:0043 Moderate/Sec.  bind-utils-32:9.8.2-0.23.rc1.el6_5.1.x86_64
RHSA-2013:0668 Moderate/Sec.  boost-1.41.0-15.el6_4.x86_64
RHSA-2013:0668 Moderate/Sec.  boost-date-time-1.41.0-15.el6_4.x86_64

.
.
.
RHSA-2013:1866 Moderate/Sec.  ca-certificates-2013.1.95-65.1.el6_5.noarch
RHSA-2013:1540 Low/Sec.       cheese-2.28.1-8.el6.x86_64
RHSA-2013:1540 Low/Sec.       control-center-1:2.28.1-39.el6.x86_64
RHSA-2013:1540 Low/Sec.       control-center-extra-1:2.28.1-39.el6.x86_64
RHSA-2013:1540 Low/Sec.       control-center-filesystem-1:2.28.1-39.el6.x86_64
RHSA-2013:1652 Low/Sec.       coreutils-8.4-31.el6.x86_64
updateinfo list done


@ 설치 가능한 보안 패치를 업데이트하는 방법
=======================================================
# yum update --security
=======================================================
#yum update --security
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security,
              : subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
238 package(s) needed (+0 related) for security, out of 520 available
--> Running transaction check
---> Package augeas-libs.x86_64 0:0.9.0-4.el6 will be updated
---> Package augeas-libs.x86_64 0:1.0.0-5.el6_5.1 will be an update
---> Package bind-libs.x86_64 32:9.8.2-0.17.rc1.el6 will be updated
--> Processing Dependency: libboost_math_c99l.so.5()(64bit) for package: boost-devel-1.41.0-18.el6.x86_64
.
.
.
---> Package gtk2-immodule-xim.x86_64 0:2.20.1-4.el6 will be an update
---> Package netpbm.x86_64 0:10.47.05-11.el6 will be installed
--> Processing Conflict: xorg-x11-server-Xorg-1.13.0-23.1.el6_5.x86_64 conflicts xorg-x11-drv-synaptics < 1.6.2-13
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package xorg-x11-drv-synaptics.x86_64 0:1.6.2-11.el6 will be updated
---> Package xorg-x11-drv-synaptics.x86_64 0:1.6.2-13.el6 will be an update
--> Processing Conflict: kernel-2.6.32-431.5.1.el6.x86_64 conflicts bfa-firmware < 3.2.21.1-2
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package bfa-firmware.noarch 0:3.0.3.1-1.el6 will be updated
---> Package bfa-firmware.noarch 0:3.2.21.1-2.el6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================
 Package                                        Arch                   Version                                     Repository                            Size
==============================================================================================================================================================
Installing:
 firefox                                        x86_64                 24.3.0-2.el6_5                              rhel-x86_64-server-6                  46 M
     replacing  firefox.x86_64 10.0.12-1.el6_3
 kernel                                         x86_64                 2.6.32-431.5.1.el6                          rhel-x86_64-server-6                  28 M
 .
.
.
 wireshark-gnome                                x86_64                 1.8.10-4.el6                                rhel-x86_64-server-6                 855 k
 xorg-x11-drv-synaptics                         x86_64                 1.6.2-13.el6                                rhel-x86_64-server-6                  73 k
 xorg-x11-server-Xephyr                         x86_64                 1.13.0-23.1.el6_5                           rhel-x86_64-server-6                 859 k
 Installing for dependencies:
 p11-kit                                        x86_64                 0.18.5-2.el6_5.2                            rhel-x86_64-server-6                  94 k
 p11-kit-trust                                  x86_64                 0.18.5-2.el6_5.2                            rhel-x86_64-server-6                  71 k
Updating for dependencies:
 atk                                            x86_64                 1.30.0-1.el6                                rhel-x86_64-server-6                 196 k
 libtevent                                      x86_64                 0.9.18-3.el6                                rhel-x86_64-server-6                  26 k
 python-rhsm                                    x86_64                 1.9.6-1.el6                                 rhel-x86_64-server-6                 100 k

Transaction Summary
==============================================================================================================================================================
Install      13 Package(s)
Upgrade     248 Package(s)

Total download size: 512 M
Is this ok [y/N]:

@ CVE 번호를 이용하여 특정 업데이트만 진행하는 방법
=======================================================
# yum update –cve <CVE>

e.g.

# yum update –cve CVE-2008-0947
=======================================================
# yum update –cve CVE-2013-2094
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
3 package(s) needed (+0 related) for security, out of 520 available
–> Running transaction check
—> Package kernel-devel.x86_64 0:2.6.32-431.5.1.el6 will be installed
—> Package kernel-headers.x86_64 0:2.6.32-358.el6 will be updated
—> Package kernel-headers.x86_64 0:2.6.32-431.5.1.el6 will be an update
—> Package perf.x86_64 0:2.6.32-358.el6 will be updated
—> Package perf.x86_64 0:2.6.32-431.5.1.el6 will be an update
–> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================
Package                              Arch                         Version                                   Repository                                  Size
==============================================================================================================================================================
Installing:
kernel-devel                         x86_64                       2.6.32-431.5.1.el6                        rhel-x86_64-server-6                       8.8 M
Updating:
kernel-headers                       x86_64                       2.6.32-431.5.1.el6                        rhel-x86_64-server-6                       2.8 M
perf                                 x86_64                       2.6.32-431.5.1.el6                        rhel-x86_64-server-6                       2.9 M

Transaction Summary
==============================================================================================================================================================
Install       1 Package(s)
Upgrade       2 Package(s)

Total download size: 14 M
Is this ok [y/N]:

관련 참고 : https://access.redhat.com/site/solutions/10021


출처 : http://blog.seabow.pe.kr/?p=5788

TAG •

Who's JaeSoo

profile

http://JaeSoo.com Administrator

위로 아래로 댓글로 가기 인쇄

Articles

30 31 32 33 34 35 36 37 38 39