yum-security for CentOS?

Question

Last time I checked I was able to install yum-security in CentOS but since it doesn't use the official redhat mirrors I was unable to get it to actually work. Is there a way to make yum-security work or is there an alternative to yum-security on CentOS?

For reference, [related question](https://serverfault.com/q/762006/1223) from 2016. — hlovdal, Jan 28 '22 at 11:54

Greg Dubicki · Answer 1 · 2020-10-10T17:38:14.643

For Centos 6, Centos 7 and Centos 8 the easiest way is to use Steve Meier's Updateinfo: a yum repository with CentOS Errata information.

It's a ready yum repo served and updated by the author of the CEFS project.

It is a paid service but as of now it costs only a mere $3 per month for an unlimited number of servers (but using a mirror for a big fleet is recommended).

Note that it's the same thing as you can do yourself according to dsmsk80's answer here. But don't you prefer to support the enthusiast who made this solution possible instead? :)

score 0 · Answer 2 · answered Aug 19 '16 at 13:11

0

No, there is no easy alternative to this redhat feature with centos.

The only alternative I know so far is to manually list the rpms affected by one or more CVE and update only them.

answered Aug 19 '16 at 13:11

bgtvfr

1,224
10
19

I am sorry but this is simply not true. For many years you could have used [CEFS](http://cefs.steve-meier.de/) project and since 2017 you can use [Updateinfo](https://updateinfo.cefs.steve-meier.de/). See [my answer](https://serverfault.com/a/1037208/190032) for more info. – Greg Dubicki Oct 10 '20 at 17:40

score -1 · Answer 3 · answered May 04 '09 at 22:57

-1

Unfortunately, yum-security is not supported on CentOS :(

However, this hacked alternative might work for you.

answered May 04 '09 at 22:57

Dave K

2,751
2
21
17

3

FYI, the second link (http://www.linux-archive.org/centos/291796-yum-security.html ) is a 404. – Stefan Lasiewski Apr 27 '11 at 22:07

score -1 · Answer 4 · answered Dec 16 '13 at 15:06

-1

These days yum-security works fine on CentOS, you can install it from EPEL

Example on CentOS 6:

$ rpm -q yum-plugin-security
yum-plugin-security-1.1.30-14.el6.noarch

(On CentOS 5 the package is called yum-security)

$ sudo yum update --security
Loaded plugins: security
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
epel/updateinfo                                                                                                                                                                                                         | 724 kB     00:00     
No packages needed for security; 141 packages available

answered Dec 16 '13 at 15:06

Dennis Kaarsemaker

18,793
2
43
69

2

This doesn't work for me. On CentOS 6, I installed httpd-2.2.15-29.el6.centos.x86_64.rpm , which has had several security updates such as [CESA-2013:1156](http://lists.centos.org/pipermail/centos-announce/2013-August/019902.html). `yum update --security` still says `No packages needed for security`. `yum update` will update httpd just fine. I'll note that `yum-plugin-security` *does* work on Scientific Linux. – Stefan Lasiewski May 14 '14 at 20:19
I'm not sure what it's actually doing on the backend, because it **does** list some of the packages that need updating. Problem is it leaves other important packages that need updating out, so it gives a false sense of security. Which, arguably, is worse than if it simply reliably did nothing. – Parthian Shot Mar 30 '16 at 14:18
2

The reason why this doesn't work is that CentOS doesn't publish which updates are security updates in its repo metadata. EPEL does, though, so occasionally you see an update via this process and may be misled into thinking that it is doing what you want. – Michael Hampton Oct 22 '16 at 17:18

yum-security for CentOS?

4 Answers4

Linked