服务器的安全升级却是必须的,所以,下面介绍一个yum插件:yum-plugin-security 来进行安全性升级。
1.一般系统默认安装了yum-plugin-security,如果没有,则输入命令安装yum-plugin-security :
$ sudo yum install yum-security
2. 如果是red hat 6,yum-plugin-security现在增加了了一个updateinfo命令。这个命令用来查看可安全更新的软件列表(只查看,不更新),输入下面的命令:
$ sudo yum updateinfo list security
输出:
Loaded plugins: security, versionlock
CVE-2013-1619 security gnutls-2.8.5-10.el6_4.1.x86_64
CVE-2013-1493 security java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
CVE-2013-0809 security java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
CVE-2013-0268 security kernel-uek-2.6.39-400.17.2.el6uek.x86_64
CVE-2013-0268 security kernel-uek-firmware-2.6.39-400.17.2.el6uek.noarch
CVE-2012-4929 security openssl-1.0.0-27.el6_4.2.x86_64
CVE-2013-0166 security openssl-1.0.0-27.el6_4.2.x86_64
CVE-2013-0169 security openssl-1.0.0-27.el6_4.2.x86_64
updateinfo list done
CVE-2013-1619 security gnutls-2.8.5-10.el6_4.1.x86_64
CVE-2013-1493 security java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
CVE-2013-0809 security java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
CVE-2013-0268 security kernel-uek-2.6.39-400.17.2.el6uek.x86_64
CVE-2013-0268 security kernel-uek-firmware-2.6.39-400.17.2.el6uek.noarch
CVE-2012-4929 security openssl-1.0.0-27.el6_4.2.x86_64
CVE-2013-0166 security openssl-1.0.0-27.el6_4.2.x86_64
CVE-2013-0169 security openssl-1.0.0-27.el6_4.2.x86_64
updateinfo list done
对于 red hat 或者 centos 5.x 版本而言,则使用下面的命令来查看可安全更新的软件列表:
$ sudo yum list updates --security
升级需要安全更新的软件包,输入命令:
$ sudo yum update --security
输出如下:
Loaded plugins: security, versionlock
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
5 package(s) needed (+0 related) for security, out of 17 available
--> Running transaction check
---> Package gnutls.x86_64 0:2.8.5-10.el6 will be updated
---> Package gnutls.x86_64 0:2.8.5-10.el6_4.1 will be an update
---> Package java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.56.1.11.8.el6_3 will be updated
---> Package java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 will be an update
---> Package kernel-uek.x86_64 0:2.6.39-400.17.2.el6uek will be installed
---> Package kernel-uek-firmware.noarch 0:2.6.39-400.17.2.el6uek will be installed
---> Package openssl.x86_64 0:1.0.0-27.el6 will be updated
---> Package openssl.x86_64 0:1.0.0-27.el6_4.2 will be an update
--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel-uek.x86_64 0:2.6.39-300.17.3.el6uek will be erased
---> Package kernel-uek-firmware.noarch 0:2.6.39-300.17.3.el6uek will be erased
--> Finished Dependency Resolution</p> <p> Dependencies Resolved</p> <p> ================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
kernel-uek x86_64 2.6.39-400.17.2.el6uek ol6_UEK_latest 27 M
kernel-uek-firmware noarch 2.6.39-400.17.2.el6uek ol6_UEK_latest 3.5 M
Updating:
gnutls x86_64 2.8.5-10.el6_4.1 ol6_latest 345 k
java-1.6.0-openjdk x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 ol6_latest 25 M
openssl x86_64 1.0.0-27.el6_4.2 ol6_latest 1.4 M
Removing:
kernel-uek x86_64 2.6.39-300.17.3.el6uek @ol6_UEK_latest 99 M
kernel-uek-firmware noarch 2.6.39-300.17.3.el6uek @ol6_UEK_latest 5.0 M</p> <p> Transaction Summary
================================================================================
Install 2 Package(s)
Upgrade 3 Package(s)
Remove 2 Package(s)</p> <p> Total download size: 57 M
Is this ok [y/N]: //输入y,则确认升级
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
5 package(s) needed (+0 related) for security, out of 17 available
--> Running transaction check
---> Package gnutls.x86_64 0:2.8.5-10.el6 will be updated
---> Package gnutls.x86_64 0:2.8.5-10.el6_4.1 will be an update
---> Package java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.56.1.11.8.el6_3 will be updated
---> Package java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 will be an update
---> Package kernel-uek.x86_64 0:2.6.39-400.17.2.el6uek will be installed
---> Package kernel-uek-firmware.noarch 0:2.6.39-400.17.2.el6uek will be installed
---> Package openssl.x86_64 0:1.0.0-27.el6 will be updated
---> Package openssl.x86_64 0:1.0.0-27.el6_4.2 will be an update
--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel-uek.x86_64 0:2.6.39-300.17.3.el6uek will be erased
---> Package kernel-uek-firmware.noarch 0:2.6.39-300.17.3.el6uek will be erased
--> Finished Dependency Resolution</p> <p> Dependencies Resolved</p> <p> ================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
kernel-uek x86_64 2.6.39-400.17.2.el6uek ol6_UEK_latest 27 M
kernel-uek-firmware noarch 2.6.39-400.17.2.el6uek ol6_UEK_latest 3.5 M
Updating:
gnutls x86_64 2.8.5-10.el6_4.1 ol6_latest 345 k
java-1.6.0-openjdk x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 ol6_latest 25 M
openssl x86_64 1.0.0-27.el6_4.2 ol6_latest 1.4 M
Removing:
kernel-uek x86_64 2.6.39-300.17.3.el6uek @ol6_UEK_latest 99 M
kernel-uek-firmware noarch 2.6.39-300.17.3.el6uek @ol6_UEK_latest 5.0 M</p> <p> Transaction Summary
================================================================================
Install 2 Package(s)
Upgrade 3 Package(s)
Remove 2 Package(s)</p> <p> Total download size: 57 M
Is this ok [y/N]: //输入y,则确认升级
end!
