一、安装yum-security
这个方法是使用的yum方式更新安全补丁,不需要再去官网上来回查看了,还以自动安装更新。
安装yum-security,这个软件可以检查并更新安全补丁,挺方便
[root@zabbix_server-12-155~]#yum-yinstallyum-security
1、检查是否有可用安全补丁
[root@zabbix_server-12-155~]#yum--securitycheck-update Loadedplugins:fastestmirror,security Loadingmirrorspeedsfromcachedhostfile *base:mirrors.btte.net *epel:mirrors.ustc.edu.cn *extras:mirrors.btte.net *updates:mirrors.nwsuaf.edu.cn *webtatic:uk.repo.webtatic.com Limitingpackageliststosecurityrelevantones epel/updateinfo|750kB00:00 3package(s)neededforsecurity,outof229available firebird-libfbclient.x86_642.5.7.27050.0-1.el6epel zabbix22.x86_642.2.18-1.el6epel zabbix22-agent.x86_64
2、列出可以升级的安全补丁
[root@zabbix_server-12-155~]#yumlist-security Loadedplugins:fastestmirror,security Loadingmirrorspeedsfromcachedhostfile *base:mirrors.btte.net *epel:mirrors.ustc.edu.cn *extras:mirrors.btte.net *updates:mirrors.nwsuaf.edu.cn *webtatic:uk.repo.webtatic.com FEDORA-EPEL-2017-dd0d0467e9enhancementGeoIP-GeoLite-data-2017.07-1.el6.noarch FEDORA-EPEL-2017-dd0d0467e9enhancementGeoIP-GeoLite-data-extra-2017.07-1.el6.noarch FEDORA-EPEL-2017-3f527c60d9securityfirebird-libfbclient-2.5.7.27050.0-1.el6.x86_64 FEDORA-EPEL-2017-94b8514427securityzabbix22-2.2.18-1.el6.x86_64 FEDORA-EPEL-2017-94b8514427securityzabbix22-agent-2.2.18-1.el6.x86_64 updateinfolistdone
3、查看具体升级包的详细修复信息
[root@zabbix_server-12-155~]#yuminfo-securityFEDORA-EPEL-2017-94b8514427 Loadedplugins:fastestmirror,security Loadingmirrorspeedsfromcachedhostfile *base:mirrors.btte.net *epel:mirrors.ustc.edu.cn *extras:mirrors.btte.net *updates:mirrors.nwsuaf.edu.cn *webtatic:uk.repo.webtatic.com =============================================================================== zabbix22-2.2.18-1.el6 =============================================================================== UpdateID:FEDORA-EPEL-2017-94b8514427 Release:FedoraEPEL6 Type:security Status:stable Issued:2017-07-1118:54:44 Updated:2017-06-2410:46:38Bugs:1448395-CVE-2017-2824zabbix22:zabbix:Multiplevulnerabilities[epel-all] Description:-http://www.zabbix.com/rn2.2.18 :- :https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2218 updateinfoinfodone
4、安装升级补丁包
这是用的是upgrade而不是update,以下两者区别:
Linux升级命令有两个分别是yum upgrade和yum update,这个两个命令是有区别的:
yum -y update
yum -y upgrade
开始升级所有软件的安全补丁:
[root@zabbix_server-12-155~]#yum-y--securityupgrade
二、自动更新安全补丁
[root@zabbix_server-12-155~]#yum-yinstallyum-cron
默认情况下zai /etc/sysconfig/yum-cron 配置文件中把下面两个参数改为yes
#Don'tinstall,justcheck(valid:yes|no) CHECK_ONLY=yes #Checktoseeifyoucanreachthereposbeforeupdating(valid:yes|no) CHECK_FIRST=yes #Don'tinstall,justcheckanddownload(valid:yes|no) #ImpliesCHECK_ONLY=yes(gottacheckfirsttoseewhattodownload) DOWNLOAD_ONLY=yes 开机自动启动 [root@zabbix_server-12-155~]#serviceyum-cronstart Enablingnightlyyumupdate:[OK] [root@zabbix_server-12-155~]#chkconfigyum-cronon [root@zabbix_server-12-155~]#chkconfigyum-cron--list yum-cron0:off1:off2:on3:on4:on5:on6:off
以后可以自动更新补丁了