Home > Uncategorized > Great post: “My First 5 Minutes On A Server; Or, Essential Security for Linux Servers” and how to auto-update packages on CentOS6

Great post: “My First 5 Minutes On A Server; Or, Essential Security for Linux Servers” and how to auto-update packages on CentOS6

From hackernews: My First 5 Minutes On A Server; Or, Essential Security for Linux Servers.

Covers configuring public key auth, fail2ban, auto updates and a few more things.

Configure roll back:
Before you implement an auto update feature, you should look into configuring rollback.

Since I always use centos and never deb*, I don’t use apt-get, but yum.

1) Configure yum:

echo tsflags=repackage >> /etc/yum.conf
echo "%_repackage_all_erasures 1" >> /etc/rpm/macros

2) Usage examples:

rpm -Uhv --rollback 'last Monday'
rpm -Uhv --rollback '2 hours ago'
rpm -Uhv --rollback '10 Jan 2007 16:30'
rpm -Uhv --rollback 'march 17'
rpm -Uhv --rollback '9:00 am'
rpm -Uhv --rollback '4:30 pm last Monday'
rpm -Uhv --rollback 'yesterday'

NOTE: rollback was removed starting in 4.6.0 as it was deemed “too unreliable to be generally useful.”

3) Additionally, the following allows you to roll back to specific version of a package:

yum downgrade [package name]

Configure auto update in yum:

1) Install and configure yum-cron:

yum -y install yum-cron
chkconfig yum-cron on
service yum-cron start

2) To configure nuances of yum-cron:

/etc/cron.daily/0yum.cron
/etc/yum/yum-daily.yum #script run daily by 0yum.cron
/etc/yum/yum-weekly.yum #script run weekly by 0yum.cron
/etc/sysconfig/yum-cron

Reference:

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: