PCQuest : Linux and OpenSource : Patch Management on Linux

Patch Management on Linux

Network updates made easy

Wednesday, December 01, 2004

Print Comment Email Digg Del.icio.us Reddit Twitter

For Windows, you have the SUS (Software Updates Services) to manage patches and updates. It runs on a Windows server and downloads the latest updates to a local disk and then allows its clients, also running Windows, to pull them from there as needed. However, for Linux there is no such service available that manages patching for its network.

But there is a way out. Linux has yum (Yellow dog Updater, Modified) that performs patch management for a Linux machine, and maintains copies of downloaded updates. In this article we will see how to use it to trick other Linux machines on a network into fetching their updates from here. The local copy is called a 'repository' and we need to create two of them- a base and an update. The base repository will contain all the RPMs, while the downloaded updates will go into the other one.

Here we've used Fedora Core 2 (FC 2) as our OS. Perform a 'Full Install' of FC 2 on a machine. We will be using this system as our local 'patch server'. We are assuming the IP address of this machine to be 192.168.0.1. When done, follow the given steps.

Create a local base repository
Open a terminal window and execute the following commands to create the local repository.

# mkdir /var/www/html/yum
# mkdir -p /var/www/html/yum/Fedora/Core/2/base

Now, copy all the RPM files from all the FC 2 installation CDs to the directory created above. Repeat the commands below for each CD.

# mount /mnt/cdrom
# cp /mnt/cdrom/Fedora/RPMS/*.rpm /var/www/html/yum/Fedora/Core/2/base
# umount /mnt/cdrom

When you run up2date from a client, it automatically searches for the update server and installs all updates

Now, issue the following commands to let YUM update its database with this list of packages.

# cd /var/www/html/yum/Fedora/Core/2/base
# yum-arch .

Note: there is a '.' at the end of the yum-arch command.

Create a local update repository
Now you need to create an 'updates' directory under the '.../Fedora/Core/2/' directory. yum will download the latest updates from the Internet to this folder. Also, run RSYNC to download the updates to this folder.

# mkdir -p /var/www/html/yum/Fedora/Core/2/updates
# rsync * -avz rsync://rpmfind.net/linux/fedora/core/updates/2/i386 /var/www/html/yum/Fedora/Core/2/updates

#yum-arch .

Note: Again, there is a '.' at the end of the 'yum-arch' command.

To use automated update downloads, schedule the above 'rsync' and 'yum-arch' commands in a CRON job. If you find difficulty running 'rsync' then manually download the RPM updates from the Fedora site and copy them to /var/www/html/yum/Fedora/ Core/2/updates folder.

Starting the WWW service on the
update server
After creating the repository, you need to start the Apache server, so that the update repository can be accessible to all the users.

# service httpd start

Configuring Fedora clients
There are two ways that allow you to update local Fedora clients to download updates from our new server. The first is 'yum' (command line) and second 'up2date' (graphical). Up2date uses yum anyway.

To continue with yum as your solution, open the /etc/yum.conf file in VI and change the entries as below.

[main]
cachedir=/var/ cache/yum
debuglevel=2
logfile=/var/log /yum.log
pkgpolicy=newest
distroverpkg=redhat-release
tolerant=1
exactarch=1
retries=20

[base]
name=Fedora Core(Local) $releasever - $basearch - Base
baseurl=http://192.168.0.1/yum/Fedora/Core/2/base
[updates-released]
name=Fedora Core(Local) $releasever - $basearch - Released Updates
baseurl=http://192.168.0.1/yum/Fedora/Core/2/updates

Save this file and issue the command as follows, to update.

# yum update

To use the GUI tool, first open /etc/sysconfig /rhn/sources file, add the following entries and save this file.

yum Local-Fedora-Base http://192.168.0.1/yum/Fedora/Core/2/base
yum Local-Fedora-Update http://192.168.0.1/yum/Fedora/Core/2/updates

Updating clients
Open a terminal window from your GUI interface and issue 'up2date'. This will open the 'Update Manager'. Here click on the Forward button and you get a list of update channels that you have added above in the (sources) file. Select the Local channels and click on the Forward button. This will check with the update server we created above and download updates from it.

Again, you can place this up2date command in a CRON job to download and install updates automatically.

Sanjay Majumder

Page(s) 1




	Debian: On Popular Demand
	Secure Your Mail Server
	Internet on CDMA
	Firewall Builder

Untitled Document

ZTE:Leading CDMA Technology

Extraordinary Networks:Freedom of Choice

	Other CyberMedia web sites [Dataquest] [Voice&Data] [CIOL] [Living Digital] [IDC India] [DQ Channels] [the DQweek] [CyberMedia India] [Global Services Media] [CyberMedia Events] [Cybermedia Digital] [CyberAstro] [BioSpectrum] [BioSpectrum Asia] [Computer Shopper] [College Buying Guide] [Voice&DataConnect]