Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 2. Installing security updates
In RHEL, you can install a specific security advisory and all available security updates. You can also configure the system to download and install security updates automatically.
2.1. Installing all available security updates
To keep the security of your system up to date, you can install all currently available security updates using the yum utility.
Prerequisites
- A Red Hat subscription is attached to the host.
Procedure
Install security updates using
yumutility:yum update --security
# yum update --securityCopy to Clipboard Copied! Toggle word wrap Toggle overflow Without the
--securityparameter,yum updateinstalls all updates, including bug fixes and enhancements.Confirm and start the installation by pressing y:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Optional: List processes that require a manual restart of the system after installing the updated packages:
yum needs-restarting
# yum needs-restarting 1107 : /usr/sbin/rsyslogd -n 1199 : -bashCopy to Clipboard Copied! Toggle word wrap Toggle overflow The previous command lists only processes that require a restart, and not services. That is, you cannot restart processes listed using the
systemctlutility. For example, thebashprocess in the output is terminated when the user that owns this process logs out.
2.2. Installing a security update provided by a specific advisory
In certain situations, you might want to install only specific updates. For example, if a specific service can be updated without scheduling a downtime, you can install security updates for only this service, and install the remaining security updates later.
Prerequisites
- A Red Hat subscription is attached to the host.
You know the ID of the security advisory that you want to update.
For more information, see the Identifying the security advisory updates section.
Procedure
Install a specific advisory, for example:
yum update --advisory=RHSA-2019:0997
# yum update --advisory=RHSA-2019:0997Copy to Clipboard Copied! Toggle word wrap Toggle overflow Alternatively, update to apply a specific advisory with a minimal version change by using the
yum upgrade-minimalcommand, for example:yum upgrade-minimal --advisory=RHSA-2019:0997
# yum upgrade-minimal --advisory=RHSA-2019:0997Copy to Clipboard Copied! Toggle word wrap Toggle overflow Confirm and start the installation by pressing
y:Copy to Clipboard Copied! Toggle word wrap Toggle overflow Optional: List the processes that require a manual restart of the system after installing the updated packages:
yum needs-restarting
# yum needs-restarting 1107 : /usr/sbin/rsyslogd -n 1199 : -bashCopy to Clipboard Copied! Toggle word wrap Toggle overflow The previous command lists only processes that require a restart, and not services. This means that you cannot restart all processes listed by using the
systemctlutility. For example, thebashprocess in the output is terminated when the user that owns this process logs out.
2.3. Installing security updates automatically
You can configure your system so that it automatically downloads and installs all security updates.
Prerequisites
- A Red Hat subscription is attached to the host.
-
The
dnf-automaticpackage is installed.
Procedure
In the
/etc/dnf/automatic.conffile, in the[commands]section, make sure theupgrade_typeoption is set to eitherdefaultorsecurity:[commands] # What kind of upgrade to perform: # default = all available upgrades # security = only the security upgrades upgrade_type = security
[commands] # What kind of upgrade to perform: # default = all available upgrades # security = only the security upgrades upgrade_type = securityCopy to Clipboard Copied! Toggle word wrap Toggle overflow Enable and start the
systemdtimer unit:systemctl enable --now dnf-automatic-install.timer
# systemctl enable --now dnf-automatic-install.timerCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
Verify that the timer is enabled:
systemctl status dnf-automatic-install.timer
# systemctl status dnf-automatic-install.timerCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}