一、安装yum-security
这个方法是使用的yum方式更新安全补丁,不需要再去官网上来回查看了,还以自动安装更新。
安装yum-security,这个软件可以检查并更新安全补丁,挺方便
|
1
|
[root@zabbix_server-12-155 ~]
# yum -y install yum-security
|
1、检查是否有可用安全补丁
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@zabbix_server-12-155 ~]
# yum --security check-update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* epel: mirrors.ustc.edu.cn
* extras: mirrors.btte.net
* updates: mirrors.nwsuaf.edu.cn
* webtatic: uk.repo.webtatic.com
Limiting package lists to security relevant ones
epel
/updateinfo
| 750 kB 00:00
3 package(s) needed
for
security, out of 229 available
firebird-libfbclient.x86_64 2.5.7.27050.0-1.el6 epel
zabbix22.x86_64 2.2.18-1.el6 epel
zabbix22-agent.x86_64
|
2、列出可以升级的安全补丁
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@zabbix_server-12-155 ~]
# yum list-security
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* epel: mirrors.ustc.edu.cn
* extras: mirrors.btte.net
* updates: mirrors.nwsuaf.edu.cn
* webtatic: uk.repo.webtatic.com
FEDORA-EPEL-2017-dd0d0467e9 enhancement GeoIP-GeoLite-data-2017.07-1.el6.noarch
FEDORA-EPEL-2017-dd0d0467e9 enhancement GeoIP-GeoLite-data-extra-2017.07-1.el6.noarch
FEDORA-EPEL-2017-3f527c60d9 security firebird-libfbclient-2.5.7.27050.0-1.el6.x86_64
FEDORA-EPEL-2017-94b8514427 security zabbix22-2.2.18-1.el6.x86_64
FEDORA-EPEL-2017-94b8514427 security zabbix22-agent-2.2.18-1.el6.x86_64
updateinfo list
done
|
3、查看具体升级包的详细修复信息
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@zabbix_server-12-155 ~]
# yum info-security FEDORA-EPEL-2017-94b8514427
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* epel: mirrors.ustc.edu.cn
* extras: mirrors.btte.net
* updates: mirrors.nwsuaf.edu.cn
* webtatic: uk.repo.webtatic.com
===============================================================================
zabbix22-2.2.18-1.el6
===============================================================================
Update ID : FEDORA-EPEL-2017-94b8514427
Release : Fedora EPEL 6
Type : security
Status : stable
Issued : 2017-07-11 18:54:44
Updated : 2017-06-24 10:46:38 Bugs : 1448395 - CVE-2017-2824 zabbix22: zabbix: Multiple vulnerabilities [epel-all]
Description : - http:
//www
.zabbix.com
/rn2
.2.18
: -
: https:
//www
.zabbix.com
/documentation/2
.2
/manual/introduction/whatsnew2218
updateinfo info
done
|
4、安装升级补丁包
这是用的是upgrade而不是update,以下两者区别:
Linux升级命令有两个分别是yum upgrade和yum update, 这个两个命令是有区别的:
yum -y update
升级所有包同时也升级软件和系统内核
yum -y upgrade
只升级所有包,不升级软件和系统内核
开始升级所有软件的安全补丁:
|
1
|
[root@zabbix_server-12-155 ~]
# yum -y --security upgrade
|
二、自动更新安全补丁
|
1
|
[root@zabbix_server-12-155 ~]
# yum -y install yum-cron
|
默认情况下zai /etc/sysconfig/yum-cron 配置文件中把下面两个参数改为yes
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# Don't install, just check (valid: yes|no)
CHECK_ONLY=
yes
# Check to see if you can reach the repos before updating (valid: yes|no)
CHECK_FIRST=
yes
# Don't install, just check and download (valid: yes|no)
# Implies CHECK_ONLY=yes (gotta check first to see what to download)
DOWNLOAD_ONLY=
yes
开机自动启动
[root@zabbix_server-12-155 ~]
# service yum-cron start
Enabling nightly yum update: [ OK ]
[root@zabbix_server-12-155 ~]
# chkconfig yum-cron on
[root@zabbix_server-12-155 ~]
# chkconfig yum-cron --list
yum-
cron
0:off 1:off 2:on 3:on 4:on 5:on 6:off
|
以后可以自动更新补丁了
本文转自 wangpengtai 51CTO博客,原文链接:http://blog.51cto.com/wangpengtai/1962802,如需转载请自行联系原作者
![[OS-Linux] CentOS 7.x 使用密钥登录安全设置](https://ucc.alicdn.com/images/user-upload-01/59fb86bc748643d3aa692ff5c67e2182.png?x-oss-process=image/resize,h_160,m_lfit)
