Re: [CentOS] documentation for kernel
On 09/18/2014 10:37 AM, m.r...@5-cent.us wrote: > Johnny Hughes wrote: >> On 09/17/2014 04:58 PM, Sven Kieske wrote: >>> On 17.09.2014 03:15, Johnny Hughes wrote: > Thank you, how can I query which updates that are available are > security updates? >>> you can't .. other than to look at the centos-announce mailing list > > Not exactly correct. You can install yum-plugin-security. From rpm -qi: > Description : > This plugin adds the options --security, --cve, --bz and --advisory flags > to yum and the list-security and info-security commands. > The options make it possible to limit list/upgrade of packages to specific > security relevant ones. The commands give you the security information. > yum-security also works on RHEL, but not on CentOS .. I write this stuff and release it, if there was a way, I would tell you. There isn't. yum-security also requires something we don't have and is all part of the effort I talked about before. >> We would certainly be glad to have some community members create and >> maintain packages for this, as well as maintaining spacewalk security >> information as well. > > Well, I implemented spacewalk in '09, at a short term contract I was on. I > hope I *NEVER* have to deal with that again Let's see, at the time, it > *required*, and wouldn't work with *anything* other than Oracle. And to > get it working, and it was not a huge server farm at that job, I had to > tweak Oracle (the free version) to use 992M of its allowed 1G memory (the > default was significantly lower). And the tools were *not* well > documented. I think it went from 0.3.x to 0.3.x+2, or maybe 0.4; IMO, > nowhere ready for prime time. > > Oh, and it used cobbler, so I guess it was a complicated gui on top of > cobbler > What needs to be maintained is a full database of all the CVE info. We can't use the Red Hat one and someone would need to find the time to track, test, and input said data to be able to use yum-security and generate the metadata for spacewalk security issues. Thus takes time. We currently have 4 team members to maintain 3 active distros, maintain all the infrastructure that the teams use, do all the cloud images that people see, represent CentOS at all the trade shows, etc. The reason the process is opened up and is community is so people can step up and do all these additive things in a SIG. So, if you (not mark, but any of YOU) want something, figure out how it can be done and make recommendations on how to make it happen. Take this issue ... yum security does not work unless there is: 1. Once single big repo of all RPMs in one place (Note: we don't so this, we need a modification to the process to allow it to look at vault.centos.org or maybe if all the other issues are solved, we can create a combined repo specifically for this). 2. We need a database (or other mechanism) that holds all the required info. This data needs to maintained. We currently do the mailing list of CentOS announce. If that contains all the data and all it needs is reformatting, then great ... or we may need other data. So, what we need is for people to look at what is out there, figure out what is needed, figure out how to change programs (if required), how to maintain the data, etc. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] documentation for kernel
Johnny Hughes wrote: > On 09/17/2014 04:58 PM, Sven Kieske wrote: >> On 17.09.2014 03:15, Johnny Hughes wrote: Thank you, how can I query which updates that are available are security updates? >> >>> you can't .. other than to look at the centos-announce mailing >>> list Not exactly correct. You can install yum-plugin-security. From rpm -qi: Description : This plugin adds the options --security, --cve, --bz and --advisory flags to yum and the list-security and info-security commands. The options make it possible to limit list/upgrade of packages to specific security relevant ones. The commands give you the security information. > We would certainly be glad to have some community members create and > maintain packages for this, as well as maintaining spacewalk security > information as well. Well, I implemented spacewalk in '09, at a short term contract I was on. I hope I *NEVER* have to deal with that again Let's see, at the time, it *required*, and wouldn't work with *anything* other than Oracle. And to get it working, and it was not a huge server farm at that job, I had to tweak Oracle (the free version) to use 992M of its allowed 1G memory (the default was significantly lower). And the tools were *not* well documented. I think it went from 0.3.x to 0.3.x+2, or maybe 0.4; IMO, nowhere ready for prime time. Oh, and it used cobbler, so I guess it was a complicated gui on top of cobbler mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] documentation for kernel
On 09/17/2014 04:58 PM, Sven Kieske wrote: > On 17.09.2014 03:15, Johnny Hughes wrote: >>> Thank you, how can I query which updates that are available are >>> security updates? > >> you can't .. other than to look at the centos-announce mailing >> list > > This is not completely true, because you can implement > openscap (http://www.open-scap.org/page/Main_Page) > > in order to get notifications about vulnerable systems /patches which > fix these. > > But I doubt that it is worth the effort if you don't run it for > business/on more than one server. Except that does not work for CentOS without modifying the packages ... it does work for RHEL. We would certainly be glad to have some community members create and maintain packages for this, as well as maintaining spacewalk security information as well. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] documentation for kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17.09.2014 03:15, Johnny Hughes wrote: >> Thank you, how can I query which updates that are available are >> security updates? > > you can't .. other than to look at the centos-announce mailing > list This is not completely true, because you can implement openscap (http://www.open-scap.org/page/Main_Page) in order to get notifications about vulnerable systems /patches which fix these. But I doubt that it is worth the effort if you don't run it for business/on more than one server. HTH Sven -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQGcBAEBAgAGBQJUGgPrAAoJEAq0kGAWDrqlkhQL/3d7RykOlw9EdHDrjCMM9wE8 rcZnVoKQn4Gx/ph3QkPwPLISpSovT8Jn+LHCqwQ/2uUh46fFJwYET/bkVnNTH+f9 VZ/JxVZmb44oAB7Rbh8dNvv0+NYExDiJwIssnGVe34Hn3cHvbnchXT7/IYrK2pkJ yyVEIUeU5aXaVRS2LPzxknbadWYj/8NJ7if6Z1ohu0dXm3J/He25ecUaii4zWrKu L/vghHWp7O4K/7B7H9O22V4nXjZkoi3TK0K904PCvhjRmGPnY4x0aYIQERS+44Mo 0RDyCN1k4Tr7I4JOnj/Yr4B3oHqrMAiR7n80ip+uQ+cvTlOQbmmjVf3dCMvJYpAb ZXZnhXmmM6f6G9iqDQI9esGw490RB7furQqUoHMoVRYFwYnaXlSVEytczAXjWU/9 D0AkCs3NRCXS/EYjTEpoeEFjqtqDNGsw3fpJ5z7XdXpCA/t4iUA5i2MNl3ApdO/I RRR9gAcCdRlEJ/HCxuQKRE4BUcpJakZu7XbvIEFWxg== =orFO -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] documentation for kernel
On 9/16/2014 6:15 PM, Johnny Hughes wrote: >Thank you, how can I query which updates that are available are security >updates? you can't .. other than to look at the centos-announce mailing list well, you can follow redhat's bugzilla.Its probably a full time job to compile what you're asking for. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] documentation for kernel
On 09/16/2014 01:00 PM, kqt4a...@gmail.com wrote: > On Tue, 16 Sep 2014, Reindl Harald wrote: > >> >> >> Am 16.09.2014 um 15:49 schrieb kqt4a...@gmail.com: >>> I am using CentOS 6.5. I am using kernel 2.6.32-431.11.2.el6.i686 and >>> there is a newer version >>> 2.6.32-431.29.2.el6.i686 available. Where can I find documentation >>> that tells me the difference in the two version? >> >> just ask your system for the changelog *and do not* skip updates >> that long - they are released for damned good reasons in case >> of a LTS distribution >> > > Thank you, how can I query which updates that are available are security > updates? you can't .. other than to look at the centos-announce mailing list signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] documentation for kernel
On Tue, 16 Sep 2014, Reindl Harald wrote: Am 16.09.2014 um 15:49 schrieb kqt4a...@gmail.com: I am using CentOS 6.5. I am using kernel 2.6.32-431.11.2.el6.i686 and there is a newer version 2.6.32-431.29.2.el6.i686 available. Where can I find documentation that tells me the difference in the two version? just ask your system for the changelog *and do not* skip updates that long - they are released for damned good reasons in case of a LTS distribution Thank you, how can I query which updates that are available are security updates? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] documentation for kernel
On 09/16/2014 09:49 AM, kqt4a...@gmail.com wrote: > I am using CentOS 6.5. I am using kernel 2.6.32-431.11.2.el6.i686 and > there is a newer version 2.6.32-431.29.2.el6.i686 available. Where can I > find documentation that tells me the difference in the two version? http://lists.centos.org/pipermail/centos-announce/2014-September/020548.html signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] documentation for kernel
I am using CentOS 6.5. I am using kernel 2.6.32-431.11.2.el6.i686 and there is a newer version 2.6.32-431.29.2.el6.i686 available. Where can I find documentation that tells me the difference in the two version? Thanks Richard ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
