- Making your servers a bit more "green" with smart system adminstration, part 3: the right tool for the right job
- How to use obscurity to improve security (a tiny bit)
- Sysadmin war stories: when the RAID fails
- Sysadmin war stories: (disk)size does matter
- Minimizing Apache httpd downtime with logrotate
Quick and dirty yum checks
August 2, 2009,
As a system administrator you want to be on top of your systems when it comes to security. You need to know when there are security updates you are interested in, so you can act on them.
Although we are subscribed to various mailinglists about updates for our systems we like to have our own warning systems to see if there are updates available. The main reason is that some packagers don't send (useful) update messages (a quick brief at the rpmforge mailinglist archives is enough proof). So we have a few scripts that run every now and then to warn us if there are updates available. It is a simple shell script that simply runs yum with a few parameters: once with package excludes enabled and once with package excludes disabled.
One of the things you should not forget is to purge the yum cache. Recently we saw some odd dependencies on a few systems which were solved by cleaning the yum cache.
#!/bin/sh HOSTNAME=iglo yum clean all echo "* updates for $HOSTNAME (excludes enabled)" /usr/bin/yum check-update -d 0 echo "* updates for $HOSTNAME (excludes disabled)" /usr/bin/yum check-update --disableexcludes=all
and that's it. Granted, it's that not elegant, but it works for us.