This guide intends to teach you to Check and Install Security Updates on Centos 7.
Linux’s security updates are packages and system component updates that patch a security hole or improve the robustness of the system. Some of those updates are quite critical and should be applied almost immediately to protect your server from severe vulnerabilities such as the recently discovered Log4J exploit.
Steps To Check and Install Security Updates on Centos 7
To complete this guide, you must log in to your server as a root or non-root user with sudo privileges and follow the steps below. To do this, you can follow our guide on Initial Server Setup with Centos 7.
List Available Security Errata on Centos 7
Yum Security Plugin is available on the Centos 7. You can use the following command to list the available security errata. Red Hat Linux errata are package updates, bug fixes, and security patches for Red Hat Linux.
yum updateinfo list available
If you want to know the total number of security errata you need to download, you can use the command below:
yum updateinfo list available | wc -l
List Security Update on Centos 7
At this point, you can get a list of all RPMs from the security update list without installing them by using the following command:
yum updateinfo list security all
To view all the RPMs from the currently installed security updates, run the following command:
yum updateinfo list security installed
To view all the security update lists together with detailed information on the issues they are applying, use the command below:
You can get more information about any security update before applying the patch, you can use the command below:
yum updateinfo [Patch-ID]
To install a security patch for a particular advisory, you can use the following command:
yum update --advisory=[Patch-ID]
List Vulnerabilities with CVE on Centos 7
Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed information security issues. A CVE number uniquely identifies one vulnerability from the list. CVE provides a convenient, reliable way for vendors, enterprises, academics, and all other interested parties to exchange information about cybersecurity issues.
To get a full list of all reported CVEs that could impact your Centos system, run the following command:
yum updateinfo list cves
To install a security patch for a particular CVE, use the syntax below:
yum update --cve [CVE-ID]
Install all Available Security Updates on Centos 7
To install all the available security updates provided by Red Hat for your system, you can use the following command:
yum -y update --security
Note: This command will install the most recent version of any package that contains at least one security errata, and it can also install non-security errata if they provide a more recent version of the program.
If you want to install only packages with security errata use, run the command below:
yum update-minimal --security
At this point, you have learned to Check and Install Security Updates on Centos 7.
Hope you enjoy it. You may be interested in these articles: