云网牛站
所在位置:首页 > Linux安全 > 在Red Hat(RHEL)和CentOS系统上检查可用的安全更新

在Red Hat(RHEL)和CentOS系统上检查可用的安全更新

2019-05-27 15:00:31作者:高风科稿源:云网牛站

本文介绍在Red Hat(RHEL)和CentOS操作系统上检查可用安全更新的方法。

 

根据你的组织策略,由于各种原因,你可能只需要推送安全更新。怎么做才能限制yum仅执行安全更新?可以通过yum包管理器轻松完成,参考软件包管理基础:apt,yum,dnf,pkg。如果发现安全漏洞,则必须更新受影响的软件,以限制系统上的任何潜在安全风险。

 

对于RHEL/CentOS 6系统,运行以下Yum命令以安装yum安全性插件:

# yum -y install yum-plugin-security

该插件已经是yum本身的一部分,所以不需要在RHEL 7、8/CentOS 7、8上安装它。

 

列出所有可用的错误(包括安全性、错误修复和产品增强)而不安装它们:

# yum updateinfo list available

Loaded plugins: changelog, package_upload, product-id, search-disabled-repos,

 : subscription-manager, verify, versionlock

RHSA-2014:1031 Important/Sec. 389-ds-base-1.3.1.6-26.el7_0.x86_64

RHSA-2015:0416 Important/Sec. 389-ds-base-1.3.3.1-13.el7.x86_64

RHBA-2015:0626 bugfix         389-ds-base-1.3.3.1-15.el7_1.x86_64

RHSA-2015:0895 Important/Sec. 389-ds-base-1.3.3.1-16.el7_1.x86_64

RHBA-2015:1554 bugfix         389-ds-base-1.3.3.1-20.el7_1.x86_64

RHBA-2015:1960 bugfix         389-ds-base-1.3.3.1-23.el7_1.x86_64

RHBA-2015:2351 bugfix         389-ds-base-1.3.4.0-19.el7.x86_64

RHBA-2015:2572 bugfix         389-ds-base-1.3.4.0-21.el7_2.x86_64

RHSA-2016:0204 Important/Sec. 389-ds-base-1.3.4.0-26.el7_2.x86_64

RHBA-2016:0550 bugfix         389-ds-base-1.3.4.0-29.el7_2.x86_64

RHBA-2016:1048 bugfix         389-ds-base-1.3.4.0-30.el7_2.x86_64

RHBA-2016:1298 bugfix         389-ds-base-1.3.4.0-32.el7_2.x86_64

 

要计算erratas的数量,请运行以下命令:

# yum updateinfo list available | wc -l

11269

 

列出所有可用的安全更新而不安装它们。它用于显示有关系统上已安装和可用建议的信息:

# yum updateinfo list security all

Loaded plugins: changelog, package_upload, product-id, search-disabled-repos,

 : subscription-manager, verify, versionlock

RHSA-2014:1031 Important/Sec. 389-ds-base-1.3.1.6-26.el7_0.x86_64

RHSA-2015:0416 Important/Sec. 389-ds-base-1.3.3.1-13.el7.x86_64

RHSA-2015:0895 Important/Sec. 389-ds-base-1.3.3.1-16.el7_1.x86_64

RHSA-2016:0204 Important/Sec. 389-ds-base-1.3.4.0-26.el7_2.x86_64

RHSA-2016:2594 Moderate/Sec.  389-ds-base-1.3.5.10-11.el7.x86_64

RHSA-2017:0920 Important/Sec. 389-ds-base-1.3.5.10-20.el7_3.x86_64

RHSA-2017:2569 Moderate/Sec.  389-ds-base-1.3.6.1-19.el7_4.x86_64

RHSA-2018:0163 Important/Sec. 389-ds-base-1.3.6.1-26.el7_4.x86_64

RHSA-2018:0414 Important/Sec. 389-ds-base-1.3.6.1-28.el7_4.x86_64

RHSA-2018:1380 Important/Sec. 389-ds-base-1.3.7.5-21.el7_5.x86_64

RHSA-2018:2757 Moderate/Sec.  389-ds-base-1.3.7.5-28.el7_5.x86_64

RHSA-2018:3127 Moderate/Sec.  389-ds-base-1.3.8.4-15.el7.x86_64

RHSA-2014:1031 Important/Sec. 389-ds-base-libs-1.3.1.6-26.el7_0.x86_64

 

打印所有可用的安全包(它打印所有类型的包,如已安装和未安装):

# yum updateinfo list security all | grep -v "i"

RHSA-2014:1031 Important/Sec. 389-ds-base-1.3.1.6-26.el7_0.x86_64

RHSA-2015:0416 Important/Sec. 389-ds-base-1.3.3.1-13.el7.x86_64

RHSA-2015:0895 Important/Sec. 389-ds-base-1.3.3.1-16.el7_1.x86_64

RHSA-2016:0204 Important/Sec. 389-ds-base-1.3.4.0-26.el7_2.x86_64

RHSA-2016:2594 Moderate/Sec.  389-ds-base-1.3.5.10-11.el7.x86_64

RHSA-2017:0920 Important/Sec. 389-ds-base-1.3.5.10-20.el7_3.x86_64

RHSA-2017:2569 Moderate/Sec.  389-ds-base-1.3.6.1-19.el7_4.x86_64

RHSA-2018:0163 Important/Sec. 389-ds-base-1.3.6.1-26.el7_4.x86_64

RHSA-2018:0414 Important/Sec. 389-ds-base-1.3.6.1-28.el7_4.x86_64

RHSA-2018:1380 Important/Sec. 389-ds-base-1.3.7.5-21.el7_5.x86_64

RHSA-2018:2757 Moderate/Sec.  389-ds-base-1.3.7.5-28.el7_5.x86_64

 

要计算可用安全包的数量,请运行以下命令:

# yum updateinfo list security all | wc -l

3522

 

它用于列出yum中updateinfo.xml数据中的所有相关勘误通知信息,这包括bugzillas,CVE,安全更新和新的:

# yum updateinfo list security

or

# yum updateinfo list sec

Loaded plugins: changelog, package_upload, product-id, search-disabled-repos,

 : subscription-manager, verify, versionlock

RHSA-2018:3665 Important/Sec. NetworkManager-1:1.12.0-8.el7_6.x86_64

RHSA-2018:3665 Important/Sec. NetworkManager-adsl-1:1.12.0-8.el7_6.x86_64

RHSA-2018:3665 Important/Sec. NetworkManager-bluetooth-1:1.12.0-8.el7_6.x86_64

RHSA-2018:3665 Important/Sec. NetworkManager-config-server-1:1.12.0-8.el7_6.noarch

RHSA-2018:3665 Important/Sec. NetworkManager-glib-1:1.12.0-8.el7_6.x86_64

RHSA-2018:3665 Important/Sec. NetworkManager-libnm-1:1.12.0-8.el7_6.x86_64

RHSA-2018:3665 Important/Sec. NetworkManager-ppp-1:1.12.0-8.el7_6.x86_64

RHSA-2018:3665 Important/Sec. NetworkManager-team-1:1.12.0-8.el7_6.x86_64

RHSA-2018:3665 Important/Sec. NetworkManager-tui-1:1.12.0-8.el7_6.x86_64

RHSA-2018:3665 Important/Sec. NetworkManager-wifi-1:1.12.0-8.el7_6.x86_64

RHSA-2018:3665 Important/Sec. NetworkManager-wwan-1:1.12.0-8.el7_6.x86_64

 

显示与安全性相关的所有更新,并获取有关是否存在安全更新的返回码:

# yum --security check-update

Loaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify, versionlock

rhel-7-server-rpms   | 2.0 kB  00:00:00

--> policycoreutils-devel-2.2.5-20.el7.x86_64 from rhel-7-server-rpms excluded (updateinfo)

--> smc-raghumalayalam-fonts-6.0-7.el7.noarch from rhel-7-server-rpms excluded (updateinfo)

--> amanda-server-3.3.3-17.el7.x86_64 from rhel-7-server-rpms excluded (updateinfo)

--> 389-ds-base-libs-1.3.4.0-26.el7_2.x86_64 from rhel-7-server-rpms excluded (updateinfo)

--> 1:cups-devel-1.6.3-26.el7.i686 from rhel-7-server-rpms excluded (updateinfo)

--> openwsman-client-2.6.3-3.git4391e5c.el7.i686 from rhel-7-server-rpms excluded (updateinfo)

--> 1:emacs-24.3-18.el7.x86_64 from rhel-7-server-rpms excluded (updateinfo)

--> augeas-libs-1.4.0-2.el7_4.2.i686 from rhel-7-server-rpms excluded (updateinfo)

--> samba-winbind-modules-4.2.3-10.el7.i686 from rhel-7-server-rpms excluded (updateinfo)

--> tftp-5.2-11.el7.x86_64 from rhel-7-server-rpms excluded (updateinfo)

.

.

35 package(s) needed for security, out of 115 available

NetworkManager.x86_64                        1:1.12.0-10.el7_6            rhel-7-server-rpms

NetworkManager-adsl.x86_64                   1:1.12.0-10.el7_6            rhel-7-server-rpms

NetworkManager-bluetooth.x86_64              1:1.12.0-10.el7_6            rhel-7-server-rpms

NetworkManager-config-server.noarch          1:1.12.0-10.el7_6            rhel-7-server-rpms

NetworkManager-glib.x86_64                   1:1.12.0-10.el7_6            rhel-7-server-rpms

NetworkManager-libnm.x86_64                  1:1.12.0-10.el7_6            rhel-7-server-rpms

NetworkManager-ppp.x86_64                    1:1.12.0-10.el7_6            rhel-7-server-rpms

 

列出所有可用的安全更新,并详细说明问题:

# yum info-sec

在Red Hat(RHEL)和CentOS系统上检查可用的安全更新

 

如果你想了解有关给定建议的更多信息,请运行以下命令:

# yum updateinfo RHSA-2019:0163

在Red Hat(RHEL)和CentOS系统上检查可用的安全更新

 

同样,你可以使用以下命令查看影响系统的CVE:

# yum updateinfo list cves

Loaded plugins: changelog, package_upload, product-id, search-disabled-repos,

 : subscription-manager, verify, versionlock

CVE-2018-15688 Important/Sec. NetworkManager-1:1.12.0-8.el7_6.x86_64

CVE-2018-15688 Important/Sec. NetworkManager-adsl-1:1.12.0-8.el7_6.x86_64

CVE-2018-15688 Important/Sec. NetworkManager-bluetooth-1:1.12.0-8.el7_6.x86_64

CVE-2018-15688 Important/Sec. NetworkManager-config-server-1:1.12.0-8.el7_6.noarch

CVE-2018-15688 Important/Sec. NetworkManager-glib-1:1.12.0-8.el7_6.x86_64

CVE-2018-15688 Important/Sec. NetworkManager-libnm-1:1.12.0-8.el7_6.x86_64

CVE-2018-15688 Important/Sec. NetworkManager-ppp-1:1.12.0-8.el7_6.x86_64

CVE-2018-15688 Important/Sec. NetworkManager-team-1:1.12.0-8.el7_6.x86_64

 

同样,你可以通过运行以下命令来查看属于bugfixs的包:

# yum updateinfo list bugfix | less

Loaded plugins: changelog, package_upload, product-id, search-disabled-repos,

 : subscription-manager, verify, versionlock

RHBA-2018:3349 bugfix NetworkManager-1:1.12.0-7.el7_6.x86_64

RHBA-2019:0519 bugfix NetworkManager-1:1.12.0-10.el7_6.x86_64

RHBA-2018:3349 bugfix NetworkManager-adsl-1:1.12.0-7.el7_6.x86_64

RHBA-2019:0519 bugfix NetworkManager-adsl-1:1.12.0-10.el7_6.x86_64

RHBA-2018:3349 bugfix NetworkManager-bluetooth-1:1.12.0-7.el7_6.x86_64

RHBA-2019:0519 bugfix NetworkManager-bluetooth-1:1.12.0-10.el7_6.x86_64

RHBA-2018:3349 bugfix NetworkManager-config-server-1:1.12.0-7.el7_6.noarch

RHBA-2019:0519 bugfix NetworkManager-config-server-1:1.12.0-10.el7_6.noarch

 

获取需要在系统上安装的建议摘要:

# yum updateinfo summary

Loaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify, versionlock

rhel-7-server-rpms   | 2.0 kB  00:00:00

Updates Information Summary: updates

13 Security notice(s)

9 Important Security notice(s)

3 Moderate Security notice(s)

1 Low Security notice(s)

35 Bugfix notice(s)

1 Enhancement notice(s)

updateinfo summary done

 

要仅打印特定模式的安全建议,请运行以下命令,同样,你可以单独检查重要或中等安全建议信息:

# yum updateinfo list sec | grep -i "Low"

RHSA-2019:0201 Low/Sec.       libgudev1-219-62.el7_6.3.x86_64

RHSA-2019:0201 Low/Sec.       systemd-219-62.el7_6.3.x86_64

RHSA-2019:0201 Low/Sec.       systemd-libs-219-62.el7_6.3.x86_64

RHSA-2019:0201 Low/Sec.       systemd-sysv-219-62.el7_6.3.x86_64

 

相关主题

在Ubuntu 18.04服务器上设置自动安全更新(无人值守升级)

精选文章
热门文章