You are previewing Linux® Patch Management: Keeping Linux® Systems Up To Date.
O'Reilly logo
Linux® Patch Management: Keeping Linux® Systems Up To Date

Book Description

The Start-to-Finish Patch Management Guide for Every Linux® Environment

To keep your Linux systems secure, reliable, and productive, you must stay current with patches and updates. But, until now, it has been difficult to find usable, trustworthy guidance on managing patches in Linux production environments. Linux Patch Management fills that gap, offering Linux professionals start-to-finish solutions, strategies, and examples for every environment, from single computers to enterprise-class networks.

Michael Jang presents patching solutions for Red Hat, Fedora, SUSE, Debian, and other distributions. He systematically covers both distribution-specific tools and widely used community tools, such as apt and yum. This book’s streamlined patch management techniques minimize impacts on users, networks, and administrators, and address applications as well as the underlying OS. Whatever your role in managing Linux systems, Linux Patch Management will reduce your costs, enhance the availability of your systems, and dramatically improve your personal efficiency.

  • Consolidating patches on a Red Hat network, including cached updates, as well as patching systems based on RHEL rebuild distributions

  • Working with SUSE’s update systems, including YaST Online Update and Zenworks Linux Management

  • Making the most of apt commands and the GUI-based Synaptic Package Manager

  • Configuring apt for RPM distributions such as Fedora and SUSE Linux

  • Creating repositories that can manage gigabytes of patches on diverse Linux systems

  • Updating networks of Linux computers without overloading WAN or Internet connections

  • Configuring yum clients, including coverage of emerging GUI tools such as Yum Extender

Bruce Perens’ Open Source Series is a definitive series of Linux and open source books by the world’s leading Linux professionals. Bruce Perens is the primary author of The Open Source Definition, the formative document of the open source movement, and the former Debian GNU/Linux Project Leader.

Series Editor Bruce Perens is an open source evangelist, developer, and consultant whose software is a major component of most commercial embedded Linux offerings. He founded or cofounded Linux Standard Base, Open Source Initiative, and Software in the Public Interest. As Debian GNU/Linux Project Leader, he was instrumental in getting the system on two U.S. space shuttle flights.

© Copyright Pearson Education. All rights reserved.

Table of Contents

  1. Copyright
    1. Dedication
  2. Bruce Perens’ Open Source Series
  3. About the Author
  4. Preface
    1. What This Book Is About
    2. What You Need to Know Before Reading This Book
    3. Who You Are, and Why and How You Should Read This Book
    4. How This Book Is Laid Out
    5. Conventions Used
  5. Acknowledgments
  6. 1. Patch Management Systems
    1. 1.1. Basic Patch Concepts
      1. 1.1.1. What Is a Patch?
        1. Security Fixes
        2. Service Upgrades
        3. Bug Fixes
        4. Kernel Patches
        5. Kernel Upgrades
        6. Risks
      2. 1.1.2. Patch Sources
        1. The Native Linux Distribution
        2. Service Developers
        3. Third Parties
      3. 1.1.3. Patch Testing
        1. Testing Patch Installations
        2. Testing a New Kernel
        3. Testing Application Patches
        4. Testing Service Patches
        5. Patch Troubleshooting
    2. 1.2. Distribution-Specific Repositories
      1. 1.2.1. Red Hat Enterprise Linux Updates
        1. Register with the Red Hat Network
        2. Examine Available Red Hat Enterprise Linux Distributions
        3. Purchase One or More Subscriptions for RHEL
        4. Activate Your Subscription
        5. Download the CDs for RHEL
        6. Installing Red Hat Enterprise Linux
        7. The Update Agent
        8. Updating Red Hat Enterprise Linux Using the Update Agent
        9. Configuring the Update Agent Settings
        10. Update Agent Command Line Options
        11. Aggregating Red Hat Enterprise Linux Updates
          1. Quarterly Updates
          2. Proxy Servers
          3. Satellite Servers
          4. Creative Options
      2. 1.2.2. Novell/SUSE
        1. YaST Online Update
        2. SUSE Linux Enterprise Server Updates
        3. Downloading SUSE Linux
      3. 1.2.3. Debian
        1. Installing Debian
        2. Many Regional Mirrors
        3. The apt System
      4. 1.2.4. Other Linux Distributions
    3. 1.3. Community-Based Sources
      1. 1.3.1. Fedora Linux
      2. 1.3.2. Red Hat Rebuilds
    4. 1.4. Configuring Your Lan
      1. 1.4.1. Linux Patch Management in a Network
      2. 1.4.2. Rigorous Hardware Requirements
        1. Storage/CPU/Network Specifications
        2. Amount of Data
      3. 1.4.3. Source Packages
      4. 1.4.4. More Than One Repository
      5. 1.4.5. Keeping Your Repository Updated
    5. 1.5. Summary
  7. 2. Consolidating Patches on a Red Hat/Fedora Network
    1. 2.1. Creating Your Own Fedora Repository
      1. 2.1.1. Installation Requirements
        1. Hardware
        2. Hard Drive Partitions
        3. Space Requirements
        4. Creating a Dedicated Partition During Installation
        5. Creating a Dedicated Partition After Installation
        6. Configuring Fedora for a New Repository Computer
      2. 2.1.2. Creating a Repository
        1. Selecting a Service
        2. Planning the Tree
        3. Downloading and Synchronizing
    2. 2.2. Configuring a Red Hat Network Proxy
      1. 2.2.1. Configuring the Proxy Server
        1. Specialized Installation Requirements
        2. Configuration Suggestions
        3. Firewall Provisions
        4. Synchronizing Time
        5. Configuring the Proxy as a Router
        6. Registration Required
        7. Getting to the Right Channel
        8. Installing Proxy Packages
        9. Provisioning a Proxy Subscription
        10. Configuring the Proxy Server
        11. Creating the Certificate Keys
      2. 2.2.2. Configuring the Proxy Client
        1. Copying the Certificate Key
        2. Reconfiguring the Update Agent
        3. Automating Updates (Local and Remote)
        4. Potential Problems
    3. 2.3. Configuring Red Hat Rebuilds
      1. 2.3.1. CentOS
      2. 2.3.2. Lineox
      3. 2.3.3. Other Rebuilds
    4. 2.4. Summary
  8. 3. SUSE’s Update Systems and rsync Mirrors
    1. 3.1. The YaST Update System
      1. 3.1.1. The YaST Package Manager
      2. 3.1.2. Change Source of Installation
        1. Supplementary Packages
        2. Authenticated Network Server
        3. NFS Server
        4. Local Media
        5. Local Directory
      3. 3.1.3. Installation Into Directory
      4. 3.1.4. Patch CD Update
      5. 3.1.5. System Update
        1. Update Options
        2. Packages
        3. Backup
        4. Language
      6. 3.1.6. UML Installation
      7. 3.1.7. YOU Server Configuration
      8. 3.1.8. A Local YaST Online Update
        1. Updating the Local Server
        2. Sharing the Update Directory
        3. Updating Neighboring Servers
    2. 3.2. Configuring YaST Patch Management for a LAN
      1. 3.2.1. Creating a Local Mirror with YaST Online Update Server
        1. Selecting a Mirror
        2. Synchronizing
        3. YaST Online Update Server Troubleshooting
      2. 3.2.2. Creating a Local Mirror with rsync
        1. Pointing Updates to the Mirror
        2. Sharing the Update Directory
        3. Updating Neighboring Servers
    3. 3.3. ZENworks Linux Management
      1. 3.3.1. Supported Clients and Servers
      2. 3.3.2. Installing the ZLM Server
      3. 3.3.3. Configuring the Web interface
      4. 3.3.4. Configuring Administrators
      5. 3.3.5. Adding Clients
      6. 3.3.6. Setting Up Activations
      7. 3.3.7. Creating Groups
      8. 3.3.8. Configuring Channels
      9. 3.3.9. Creating Transactions
    4. 3.4. Summary
  9. 4. Making apt Work for You
    1. 4.1. Fundamentals of APT
      1. 4.1.1. Installing apt on a Debian-Based Distribution
      2. 4.1.2. Installing apt on a RPM-Based Distribution
      3. 4.1.3. Configuring apt on Your Computer
        1. Basic Repository Categories
        2. Repository Selection Tools
        3. sources.list Results
      4. 4.1.4. The Basic apt Commands
        1. apt-get and aptitude
        2. apt-cdrom
        3. apt-file
        4. apt-ftparchive / dpkg-scanpackages
        5. apt-howto
        6. apt-listbugs
      5. 4.1.5. The aptitude System
        1. Running Aptitude
        2. Aptitude Menu Organization
        3. Configuring Aptitude Patch Management
        4. Patch Management with Aptitude
        5. Making Changes with Aptitude
      6. 4.1.6. Running the Synaptic Package Manager
        1. Keeping Synaptic Updated
        2. Configuring Synaptic
        3. Selecting Packages
        4. Making Changes
    2. 4.2. Creating Your APT Repository
      1. 4.2.1. Debian Repository Mirror Options
      2. 4.2.2. A Complete Debian Repository
        1. Debian Directories
        2. A Basic rsync Script
      3. 4.2.3. Creating a Debian Mirror
        1. Using Local Packages
        2. Configuring debmirror
        3. Configuring apt-mirror
    3. 4.3. Summary
  10. 5. Configuring apt for RPM Distributions
    1. 5.1. A History of APT for RPM
      1. 5.1.1. Reduced Dependency Trouble
      2. 5.1.2. The Conectiva Approach
      3. 5.1.3. An Overview of apt for RPM-Based Distributions
    2. 5.2. Configuring APT for RPM
      1. 5.2.1. Package Options
      2. 5.2.2. Configuring apt
      3. 5.2.3. Selecting Sources
      4. 5.2.4. Configuring apt for Fedora Linux
        1. Synaptic with Fedora
      5. 5.2.5. Configuring apt for SUSE Linux
      6. 5.2.6. Configuring apt for a Red Hat Rebuild
        1. atrpms.list
        2. dag.list
        3. freshrpms.list and os.list
        4. newrpms.list
    3. 5.3. Setting Up a Local Repository
      1. 5.3.1. Mirroring a Remote Repository
      2. 5.3.2. Creating an apt Repository
        1. Organizing a Repository Like a Mirror
        2. Organizing a Customized Repository
        3. Processing an RPM-based Repository
    4. 5.4. The APT Commands in Detail
      1. 5.4.1. Analyzing apt-cache in Detail
        1. apt-cache showpkg
        2. apt-cache showsrc
        3. apt-cache show
        4. apt-cache depends / rdepends
        5. apt-cache pkgnames
      2. 5.4.2. Analyzing apt-get in Detail
        1. apt-get switches
        2. apt-get upgrade
        3. apt-get dist-upgrade
        4. apt-get check
      3. 5.4.3. Debian-Only apt Commands
      4. 5.4.4. RPM-Only apt Commands
    5. 5.5. Summary
  11. 6. Configuring a yum Client
    1. 6.1. The Basic yum Process
      1. 6.1.1. Yellow Dog and yum
      2. 6.1.2. yup and yum
      3. 6.1.3. Repositories and Headers
      4. 6.1.4. Required yum Packages
    2. 6.2. Sample yum Clients
      1. 6.2.1. Fedora
        1. Fedora’s Red Hat Update Agent and yum
        2. Troubleshooting
      2. 6.2.2. Red Hat Enterprise Linux
      3. 6.2.3. Red Hat Enterprise Linux Rebuilds
    3. 6.3. Special yum Commands
      1. 6.3.1. Caching Available Packages by yum
      2. 6.3.2. Checking Available Updates by yum
      3. 6.3.3. Finding a Needed File
      4. 6.3.4. Identifying a Needed Package
      5. 6.3.5. Listing Available Packages
      6. 6.3.6. Getting More Information
      7. 6.3.7. Updates or Installations by yum
      8. 6.3.8. Deletions by yum
      9. 6.3.9. Cleaning yum Caches
      10. 6.3.10. Group Management by yum
        1. Finding Available Groups
        2. What’s in a Group?
      11. 6.3.11. The yum Command Options
    4. 6.4. Configuring Automatic Updates
      1. 6.4.1. Finding the Right Update Command
      2. 6.4.2. Automating the Process
        1. The Original yum cron Job
        2. The Newer yum cron Jobs
        3. Activating the yum cron Jobs
      3. 6.4.3. Other Automated Updates
    5. 6.5. A yum GUI Tool
      1. 6.5.1. Basic Configuration
      2. 6.5.2. Adding More Repositories
      3. 6.5.3. Installing Packages
      4. 6.5.4. Updating Packages
      5. 6.5.5. Removing Packages
      6. 6.5.6. Using Your Own Commands
    6. 6.6. Summary
  12. 7. Setting Up a yum Repository
    1. 7.1. Getting the Packages
      1. 7.1.1. Strategy
      2. 7.1.2. Creating a yum Directory Tree
      3. 7.1.3. Start with a Distribution
      4. 7.1.4. Installing yum
      5. 7.1.5. Synchronizing Updates
    2. 7.2. Managing Headers
      1. 7.2.1. Header Creation Commands
        1. yum-arch
        2. createrepo
      2. 7.2.2. Adding the Headers
        1. yum-arch
        2. createrepo
    3. 7.3. Configuring a Local yum Server
      1. 7.3.1. Configuring an FTP yum Server
      2. 7.3.2. Configuring a yum Client for an FTP-Based yum Repository
      3. 7.3.3. Configuring an NFS yum Server
      4. 7.3.4. Configuring an NFS yum Client
    4. 7.4. Adding Other Repositories
      1. 7.4.1. Using Distribution Installation Files
      2. 7.4.2. Keeping Extras with yum
      3. 7.4.3. Adding Development Repositories
      4. 7.4.4. Other Distribution Repositories
      5. 7.4.5. Third-Party Repositories
    5. 7.5. Maintaining the Repository
      1. 7.5.1. Updating Packages
      2. 7.5.2. Cleaning Header Information
    6. 7.6. Creating an Enterprise Repository
      1. 7.6.1. Creating a RHEL Update Repository
        1. Assign Desired Channels from the Red Hat Network
        2. Configure the Update Agent to Keep Downloaded RPMs
        3. Configure the Repository with Appropriate Partitions
        4. Download Desired RPMs from the Repository
        5. Add RPMs from the Installation CDs
      2. 7.6.2. Yummifying the RHEL Update Repository
      3. 7.6.3. Sharing the RHEL Repository
      4. 7.6.4. Configuring Updates to the RHEL Repository
      5. 7.6.5. Configuring Clients to Use the RHEL Repository
    7. 7.7. Summary