服務器的安全升級卻是必須的,所以,下面介紹一個yum插件:yum-plugin-security 來進行安全性升級。
1.一般系統默認安裝了yum-plugin-security,如果沒有,則輸入命令安裝yum-plugin-security :
$ sudo yum install yum-security
2. 如果是red hat 6,yum-plugin-security現在增加了了一個updateinfo命令。這個命令用來查看可安全更新的軟件列表(只查看,不更新),輸入下面的命令:
$ sudo yum updateinfo list security
輸出:
Loaded plugins: security, versionlock
CVE-2013-1619 security gnutls-2.8.5-10.el6_4.1.x86_64
CVE-2013-1493 security java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
CVE-2013-0809 security java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
CVE-2013-0268 security kernel-uek-2.6.39-400.17.2.el6uek.x86_64
CVE-2013-0268 security kernel-uek-firmware-2.6.39-400.17.2.el6uek.noarch
CVE-2012-4929 security openssl-1.0.0-27.el6_4.2.x86_64
CVE-2013-0166 security openssl-1.0.0-27.el6_4.2.x86_64
CVE-2013-0169 security openssl-1.0.0-27.el6_4.2.x86_64
updateinfo list done
對于 red hat 或者 centos 5.x 版本而言,則使用下面的命令來查看可安全更新的軟件列表:
$ sudo yum list updates --security
升級需要安全更新的軟件包,輸入命令:
$ sudo yum update --security
輸出如下:
Loaded plugins: security, versionlock
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
5 package(s) needed (+0 related) for security, out of 17 available
--> Running transaction check
---> Package gnutls.x86_64 0:2.8.5-10.el6 will be updated
---> Package gnutls.x86_64 0:2.8.5-10.el6_4.1 will be an update
---> Package java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.56.1.11.8.el6_3 will be updated
---> Package java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 will be an update
---> Package kernel-uek.x86_64 0:2.6.39-400.17.2.el6uek will be installed
---> Package kernel-uek-firmware.noarch 0:2.6.39-400.17.2.el6uek will be installed
---> Package openssl.x86_64 0:1.0.0-27.el6 will be updated
---> Package openssl.x86_64 0:1.0.0-27.el6_4.2 will be an update
--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel-uek.x86_64 0:2.6.39-300.17.3.el6uek will be erased
---> Package kernel-uek-firmware.noarch 0:2.6.39-300.17.3.el6uek will be erased
--> Finished Dependency Resolution/p>
p> Dependencies Resolved/p>
p> ================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
kernel-uek x86_64 2.6.39-400.17.2.el6uek ol6_UEK_latest 27 M
kernel-uek-firmware noarch 2.6.39-400.17.2.el6uek ol6_UEK_latest 3.5 M
Updating:
gnutls x86_64 2.8.5-10.el6_4.1 ol6_latest 345 k
java-1.6.0-openjdk x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 ol6_latest 25 M
openssl x86_64 1.0.0-27.el6_4.2 ol6_latest 1.4 M
Removing:
kernel-uek x86_64 2.6.39-300.17.3.el6uek @ol6_UEK_latest 99 M
kernel-uek-firmware noarch 2.6.39-300.17.3.el6uek @ol6_UEK_latest 5.0 M/p>
p> Transaction Summary
================================================================================
Install 2 Package(s)
Upgrade 3 Package(s)
Remove 2 Package(s)/p>
p> Total download size: 57 M
Is this ok [y/N]: //輸入y,則確認升級
end!
