0

Any one has any idea why Google or Redhat has enable yum-cron on RHEL7 VMs on GCP. yum-cron-3.4.3-167.el7.noarch is preinstalled and is enabled on the VM. Client never wants their systems to be automatically patched. This is disastrous.

because of this the whole group of server went down as the servers were on schedule reboot and there was a bug in shim-x64-15-7.el7_8.x86_64.

Can any one suggest this issue to Google or RHEL who-so-ever is responsible for this mistake.

Screenshot attached for reference:

systemctl is-enabled yum-cron.service

systemctl status yum-cron.service

d.s
  • 110
  • 8

1 Answers1

3

I don’t know why GCP specifically did that but in general automated updates are good for the kind of user that doesn’t realize they are happening.

Omitting security updates is bad. Period.

When you are neither skilled enough to realize that automated updates are happening nor to stop them, then you would probably not have been updating your systems either. You would have been part of the problem of insecure, outdated and easily exploited systems.

Doing that by design is bad too but when you are skilled enough to realize that those automated updates are happening you can make a slightly more informed decision (arguably still not a good decision) to stop them and instead plan for controlled updates.

Omitting security updates is bad. Delaying their deployment for too long is also bad.

Bob
  • 5,335
  • 5
  • 24
  • 1
    Scheduled reboots without actually having updated anything, (or intended to update anything) as the OP was doing, are bad too. – Michael Hampton Aug 20 '20 at 11:48
  • I know avoiding a security patch is bad, but patching customer environment(including Prod environment) without customers knowledge is very bad. Google should mention such modifications somewhere(in provisioning page), so that the customer is well aware and can decide if such modifications are suitable for his environment. – d.s Aug 26 '20 at 10:36