Solved

Is it OK to use "yum update" to update all software?

Posted on 2011-09-13
11
846 Views
Last Modified: 2012-05-12
Is it generally OK to simply run "yum update" to update all packages on a linux machine? There are very many available and I want to be sure that any and all updates in regards to security are applied.
0
Comment
Question by:mvtimes
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 36532102
Different Linux distributions use different package managers.  If you used 'yum' to install the software, that would be your first step in updating it.  More info here: http://www.cyberciti.biz/faq/rhel-centos-fedora-linux-yum-command-howto/
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36532271
Is this a production server or a desktop / play-around machine?

If it's production, it's probably not wise to blindly yum update as it could break apps that need the older versions, and your users could get a bit angry about that.

If this is just your desktop or a server you fool around on, it's pretty much safe, but it really depends.  One thing to look for after the update are files that are appended with extensions such as .rpmsave and .rpmnew -- these will generally be config files from the new packages that didn't overwrite a config from the old package.  You can run a diff on the original vs the new file to see if there are any changes, sometimes there are not.

If there is a major change, like for example let's say you upgraded from apache 1.3 to 2.2... that may be a bit of a pain.  That's why earlier I said it really depends.

It's a good idea before running 'yum update' to run 'yum list updates'.
0
 
LVL 5

Expert Comment

by:RizyDeWino
ID: 36532310
If you already have some software installed through source installation , e.g. Apache was earlier installed through source or other software was installed through source, then in such situations it can cause some issues.

Second issue it can cause on production environments is what #Papertrip has explained above.

So firstly you need to identify what all is setup currently and what all software running and if any of them have any specific dependencies.

If its a general setup, not very critical and not running specialize software etc then yes its fine to use yum update to upgrade all the software on the system and should run/complete fine.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:mvtimes
ID: 36532861
It's a single site web server that handles our email as well. So it's a production machine but it's jobs are fairly straightforward, LAMP web server, POP, SMTP, FTP, SSH. No specialized or custom software.

Since the list of updates is so long, what's the best way to determine which updates to apply?

0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36532868
That is entirely dependent upon what you want to update :)
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 36532885
Note that you will have to reboot the server at the very least to finish the updates.  Plan it for a time that you can do that.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36532891
The only reason I can think of needing to reboot after a yum update is if you updated your kernel.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36532894
I reread your original question, you are just concerned about security related stuff?  That unfortunately doesn't make it much easier to decide what to update.

The best suggestion I would have for that is to update any packages that are public facing.  Carefully, of course, as to not break the services that are already running.
0
 
LVL 5

Expert Comment

by:RizyDeWino
ID: 36533022
I will suggest doing the upgrades in phases, that's what I always prefer doing any project in proper controlled phases.  Like in your case you can upgrade PHP and Apache in one phase or divide them too in two steps. Ssh in one step. Mail service in another phase. Mysql in one , and FTP in another one, and lastly kernel in one last step once rest is done. The last step of kernel upgrade will require a reboot.

Of course like for any upgrades make sure to have working and latest backups for worst case scenario. As Einstein said "backup the backup of backup" ...

Just remove Einstein name from it , as I said this myself :).
0
 
LVL 3

Expert Comment

by:maxchow
ID: 36534643
Be careful when you deal with additional repository are in your yum.repos for any reason, if you have it, then you need to be very careful, because there could be any files overrides you packages with a difference version and make anything not workable. Otherwise it is quite safe.  However, Fedora is another story.

Anyway, do a backup of everything to prevent crash and reboot after upgrade.  If you are in a VM, do a snapshot.
0
 

Author Closing Comment

by:mvtimes
ID: 36561699
Based on the precautions outlined here, I've decided to tread lightly and go the one-by-one route. Thanks to everyone.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question