Patching CentOS

Hey guys,

Just curious how you guys handle patching with Linux at this time? Currently we push RPMs via Puppet that are determined to be critical. Beyond that, not much else. In the Windows side of the house, we push everything unless we have a reason not to.

We have been asked to improve our process and make sure we don't "miss things". Thoughts? Input?

Thoughts input? Process recommendations? Certs? Books? Training you would recommend?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

darkerosxx

Windows patches just work 99.999% of the time, so people usually just push all of them. Linux/CentOS = different story, so there are a lot of different ways you can go about it. One is criticals with a test bed, one is straight pushing like Windows with something like Spacewalk, and another is just not patching at all. You could do a mix of these or add your own. Depends on how critical your systems are, the man/woman hours available, and the risks involved.

I think the best way to go is to have a test system that represents your production systems available at all times to test patches with, so you can push, test, soak, deploy.

W Stewart

If all of the servers in your environment are the same then I'd recommend having a test server to push updates to and test them for a few days before putting them into production. You could easily run into more issues by skipping updates and having to aply a bunch at once later down the road on some distros. CentOS is pretty stable though.