Critical Updates Is it safe?

Latest response

I have an old Redhat 4 server which hasn't been updated in years.  Is it safe to apply all "critical updates"?  Any feedback would be appreciated as I am patching today.

 

Thanks.

Responses

What is your definition of "safe"? :-) It's probably better to have security patches installed rather than not.

Also, if you don't have an Extended Lifecycle Support Add-On (ELS), you'll only get kernel updates up through RHEL 4.9 Errata 3 (6-Dec-2011), and some user space until the end of Production Phase 3 (29-Feb-2012). Any fixes beyond that will need the ELS Add-On.

 

References:

https://access.redhat.com/support/policy/updates/errata/

https://access.redhat.com/knowledge/articles/3078

/ have the same question of the definition of "safe". :)

Probably you mean everything including system level and your application level still work well after upgrading (in your word, patching).

I would like to suggest you make sure what are runing in your RHEL4 system. Is there everything shipped by Red Hat or is there something created by yourself or third-party vendor. The first scenario is less rick than the second one in the most situation. For example, if you have Oracle database running in you system, upgrading kernel may not guarantee the integration of it.

For most cases, I suggest you set up a test environment with the same hardware, system, application as the product one. Doing upgrade in your test environment and confirm that upgrading is no harm to your environment and carry on upgrade in your product environment later.

HTH!

Best Regards,

Jaylin

I would suggest to make a full backup of this machine and check application support before applying the patches. If it's a virtual machine, you can easily creates clones/snapshots. If it's a "real" machine you could work with LVM copies or bitwise cloning.

I remember having similar problems with a old "forgotten" server - applying _all_ patches would have forced breaking the application vendors support matrix. I don't know why, but some vendors only support special release levels of RHEL (e.g. special Oracle database clients).

If so, you could update to the latest supported release level and install all further updates ignoring release/kernel updates:

# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.1 (Santiago)
# yum --exclude=kernel* --exclude=redhat-* update

Make sure you don't install any redhat-release or kernel patches to avoid upgrading the release.

Like Zhaolin ZHOU said, it's the best to a test before. The best way to ensure, that everything is working fine after the update is to clone/copy the system as a test environment and do the update before crashing your production.

 

Best regards,

Christian.

thanks for all the replies.  I ended up updating security patches only and everything was fine; although I did take a snapshot in case something went wrong.  Thanks again. :)

Old time UNIX crowd prefer to wait a while after a patch is released to use it. Unless there is a compelling reason to do it now. There are always cowboys and people with test labs who will test it out and do a lot of research for you.

Most of the patches are well tested, but each environment is different with different apps and application versions.

So it is best to wait a couple of months or test it in a clone environment first...and wait a few weeks of working that environment to make sure there are no undocumented enhancements.