Security patch update for red hate 7.6 to the latest offline

Latest response

i have red hat 7.6 , and i need to update to the latest security patch level
i do not have an internet connection nor a satellite server
and i need to install the latest security patches , without upgrading from red hat 7.6 to 8.1
is there an ISO image for all these security patches that i can download , and then mount it , and do

yum -y update --security

or
can i mount the iso image of red hat 8.1 , and perform the

yum -y update --security

Responses

can any one help , please

Hi Osama,

If you really want to upgrade to the latest security patch level, you should upgrade the system to the current 7.7 edition. :)
Red Hat does not offer ISO's for updates, but you can use the Red Hat Package Browser to download updated packages.

Regards,
Christian

that is really bad the developer claims that his application can run only on red hat 7.6 and lower versions of red hat !!?? and the security team is scanning according to the latest release of every thing . so i need an easy way to upgrade all packages without upgrading the kernel packages .

Hi Osama,

If it's just about to upgrade everything except for the kernel, there is a convenient possibility. :)

sudo yum update --exclude=kernel*

Regards,
Christian

Was there an answer for Osama here? Real world limitations force situations and the system has a purpose and its purpose is not to be on the latest OS release. Yes, it would be nice to upgrade the OS but its not an option, so now how does one update a RHEL offline system with security patches?

Hi Colleen,

There were answers - and even you might not like the content, they still are valid answers. My friend and Red Hat
Accelerators colleague RJ Hinton added a lot of useful instructions yesterday (see his post below). If you want to stick with an older RHEL release - you may want to consider purchasing an EUS subscription, and set the release server to that specific older release ... and a locally (synced) repository might be what you can consider as well. :)

Regards,
Christian

To the original poster Osama Abdelrahman

You do not have to upgrade your RHEL 7 system to RHEL8. RHEL 7 will be supported until 2024 or so. You have the option of going to RHEL 7.7, but (your post is not clear), if you really have to stay at RHEL 7.6, there is an option I cite below. UPDATED This is a link explaining the EUS Extended Update Support for your RHEL 7.6 if you want updates but cannot go to RHEL 7.7.

I read your original post where you asked (quoting you)

i have red hat 7.6 , and i need to update to the latest security patch level
i do not have an internet connection nor a satellite server
and i need to install the latest security patches , without upgrading from red hat 7.6 to 8.1
is there an ISO image for all these security patches that i can download , and then mount it , and do
  • There is a chance you can get by with just an ISO yum repository from a RHEL dvd of 7.6, however, if your developer says you need further updates (and not 7.7), then you will probably need to buy extended updates, or try what Christian Labisch says. Attempting to get all updates to the end point of 7.6 may prove difficult. I'd really recommend opening a case with Red Hat on this matter.
  • If you have to stay at RHEL 7.6 see, this Red Hat solution at https://access.redhat.com/solutions/238533 will in principle give the overall generic method if you really have to stay at 7.6 which would include a purchase of extended support for RHEL 7.6 which is certainly an option. This seems to include a subscription and access to a Red Hat Satellite server. Please also see this discussion if staying at RHEL 7.6 is important to you
  • If you have the liberty to go from RHEL 7.6 to the current supported version of 7.7, you probably ought to upgrade to 7.7 first (Ask Red Hat in a ticket), but you can isolate your updates to just security if that's something you have to do. You can perform a restricted security related upgrade such as yum update --security as mentioned in this solution. However, if you have the liberty to go to RHEL 7.7 and not be limited to only security-related updates, I'd recommend what Christian Labisch said above and do a total yum update. In any option you perform please submit a case with Red Hat so they can guide you through this matter and explain this thoroughly to you in a case, and perhaps in your own language in case what we say here is unclear.
  • What Christian Labisch said above about upgrading everything but the kernel may be relevant to you. Evaluate with your developer. You can do a yum update and exclude rpms with the "--exclude" switch.
  • Chaining yourself to an older version of RHEL will require you to acquire extended support if you want continuing updates because the most current edition of RHEL 7 is not 7.6, but 7.7 (this is something by Red Hat, and we are not employees of Red Hat, again, I recommend opening a case with Red Hat on this).

You have various options, please open a case with Red Hat directly (this is the public discussion forum) and when you open the case, please link this discussion in the case.

Kind Regards,
RJ

Hi RJ,

Thank you for having provided these useful (as always) recommendations ! :)

Regards,
Christian

Hi Osama,

What I forgot to say explicitly : Do NOT mix packages from the RHEL 7 repositories with packages from the RHEL 8 repositories. :)

Regards,
Christian

Osama, I totally agree with Christian - never mix RPMS from one major release to another. (do not mix RHEL 7 with RHEL8)

Kind Regards,
RJ

Thanks RJ ! Hope we could clarify everything, so that Osama and other users can weigh and decide what to do. :)

Regards,
Christian

Trying to learn a few things myself here. Isn't Christian Labisch's solution an online solution and didn't Osama say offline? I only bring this up because I just went through a situation were I had to dump my 7.7 and rebuild it so I went to 7.9 and now I have an extremely long list of updates that need to be done. I normally just get the files one at a time but I usually on have a few files to get. So now I'm trying to figure out how to get all the updates in a more convenient way.

P.S. I'm somewhat of a newbie when it comes to Linux so I hope what I wrote makes sense.

Hi Bernard,

Even if the system itself is offline, you will have to download the packages somehow at least. Well, you can use another machine and copy the packages to your system ... BUT : Upgrading from one minor release to another
generally means that nearly all packages will get replaced with the new ones - it's a matter of how much effort
someone wants to put into what. For offline systems a clean install from the dvd.iso might be an option here. :)

Regards,
Christian

Hi Christian,

I completely agree with everything you said, I've always found it much easier to update everything by going from say 7.8 to 7.9, but right now I am on 7.9 so there is no minor version to use as a way to update my system. It would be nice if there was a way of capturing all the files needed to make your system current.

Hi Bernard,

RHEL 7.9 is the latest version of RHEL 7, and this means you do have a current stable system, which will receive
security updates until it reaches EOL - migrating to the next major edition is another thing. If you want to move
to RHEL 8 (which brings along many new features), I'd recommend a fresh installation of the system anyway ! :)

Regards,
Christian