Patch Version

Latest response

Our customers are wanting proof that we have patched every month. When is Redhat going to start releasing the minor number to month/year correlation? We need to be able to prove that, say ... XXX-696.6.3.XXX is the patches for August 2017.

Responses

Hi Wayne,

Red Hat releases bug fix-, enhancement-, kernel- and security updates once they are thoroughly tested, the same is valid for minor point releases of the operating system. There is no fixed schedule when it happens ... everything gets shipped once it's finished and ready for production usage ... so, for security reasons it is generally recommended to check for operating system updates regularly, and as a proof for your customers that you did your job, you can send them a copy from the content of the /var/log/yum.log file. :)

Regards,
Christian

rpm -qa --qf '%{name}\t is build on:\t (%{BUILDTIME:date}), installed on \t (%{installtime:date}) and version:\t %{name}-%{version}-%{release}\n'|sort -n

could be used to give a list to your security auditor

or simple:

rpm -qa --last

rpm -qa --last|grep kernel-devel|head -n1 seems to work.. is this when I ran the patches last or when RH built them?

i think its when I ran the patches.....

Hi Wayne,

correct:

rpm -qa --last shows the install date, not the build date. So it when you ran the patches last for the rpm you selected by the grep.

If you would skip the grep it shows the last patch date.

For rpm -qa --last is sorted by install date, newest (latest) install date on top, oldest install date at the bottom.

Thank you.

Dear All,

What is the commanded cycle for doing Patching of redhat 6 and redhat 7 servers ?

Hi,

There is no global best practice for running updates on your machines. It depends most of the time on your specific needs.

Hi Ravindra,

My personal recommendation is to run yum update daily ... but as Jörg said, it depends on your own needs. :)

Regards,
Christian

Dear Wayne, Dear all,

If you need some sort of patchmanagement which runs updates on your machines at specific datetimes, you may have a loot at Patchmanagement for RHEL with Ansible.

It offers a way to install updates in a systematic way on a regular basis. To do that it generates a list with the RHSA information which could be used to report which advisories had been installed during a patch cycle.

Regards, Joerg

Dear Jorg and Chris,

Thanks for the prompt reply, certainly i will look at Patch management for RHEL with Ansible.

we have separate third Party tool to perform Patch management on the RHEL servers, where i have option to apply CRITICAL, IMPORTANT, MODERATE and LOW category Patches. Till now we are applying all categories Patches to Redhat servers however we have seen that this practise is making OS too heavy so we are planning to apply on CRITICAL and IMPORTANT Patches Only.
Is it a good Option to go with ?

Hi Ravindra,

Applying critical and important patches is a good way to go (security wise) of course ... however, normally there don't get too many other OS patches released, so when you update the system regularly on a daily or weekly basis, it won't make much difference. Hence I recommend to apply all patches, which makes your system being in a permanent state of maximum security. :)

Regards,
Christian

Hi Ravindra,

I do not undestand what you mean by "is making the OS too heavy". When using yum to update the system yum cleans up packages not needed anymore.

With our patchmanagement we install only the RHSA patches automatically on all servers. But our Sysadmins for the specific systems install all updates on a regular basis. The patchmanagement is in place to make sure that the security patch level does not get too old. But you could use the patchmanagement to install all kinds of RH{B,E,S}H updates.

Regards, Joerg

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.