Patch Management on Linux 

For Windows, you have the SUS (Software Updates Services) to manage patches and updates. It runs on a Windows server

and downloads the latest updates to a local disk and then allows its clients, also running Windows, to pull them from there as

needed. However, for Linux there is no such service available that manages patching for its network.

But there is a way out. Linux has yum (Yellow dog Updater, Modified) that performs patch management for a Linux machine, and maintains copies of downloaded updates. In this article we will see how to use it to trick other Linux machines on a network into fetching their updates from here. The local copy is called a 'repository' and we need to create two of them- a base and an update. The base repository will contain all the RPMs, while the downloaded updates will go into the other one.

Here we've used Fedora Core 2 (FC 2) as our OS. Perform a 'Full Install' of FC 2 on a machine. We will be using this system as our local 'patch server'. We are assuming the IP address of this machine to be 192.168.0.1. When done, follow the given steps.

Create a local base repository



Open a terminal window and execute the following commands to create the local repository.

# mkdir /var/www/html/yum 



# mkdir -p /var/www/html/yum/Fedora/Core/2/base 

Now, copy all the RPM files from all the FC 2 installation CDs to the directory created above. Repeat the commands below for each CD.

# mount /mnt/cdrom



# cp /mnt/cdrom/Fedora/RPMS/*.rpm /var/www/html/yum/Fedora/Core/2/base


# umount /mnt/cdrom

Now, issue the following commands to let YUM update its database with this list of packages.

# cd /var/www/html/yum/Fedora/Core/2/base



# yum-arch .

Note: there is a '.' at the end of the yum-arch command.

Create a local update repository



Now you need to create an 'updates' directory under the '.../Fedora/Core/2/' directory. yum will download the latest updates from the Internet to this folder. Also, run RSYNC to download the updates to this folder.

# mkdir -p /var/www/html/yum/Fedora/Core/2/updates



# rsync * -avz rsync://rpmfind.net/linux/fedora/core/updates/2/i386 /var/www/html/yum/Fedora/Core/2/updates

#yum-arch .

Note: Again, there is a '.' at the end of the 'yum-arch' command.

To use automated update downloads, schedule the above 'rsync' and 'yum-arch' commands in a CRON job. If you find difficulty running 'rsync' then manually download the RPM updates from the Fedora site and copy them to /var/www/html/yum/Fedora/ Core/2/updates folder.

Starting the WWW service on the



update server



After creating the repository, you need to start the Apache server, so that the update repository can be accessible to all the users.

# service httpd start

Configuring Fedora clients



There are two ways that allow you to update local Fedora clients to download updates from our new server. The first is 'yum' (command line) and second 'up2date' (graphical). Up2date uses yum anyway.

To continue with yum as your solution, open the /etc/yum.conf file in VI and change the entries as below.

Save this file and issue the command as follows, to update.

# yum update

To use the GUI tool, first open /etc/sysconfig /rhn/sources file, add the following entries and save this file.

yum Local-Fedora-Base http://192.168.0.1/yum/Fedora/Core/2/base 



yum Local-Fedora-Update http://192.168.0.1/yum/Fedora/Core/2/updates

Updating clients



Open a terminal window from your GUI interface and issue 'up2date'. This will open the 'Update Manager'. Here click on the Forward button and you get a list of update channels that you have added above in the (sources) file. Select the Local channels and click on the Forward button. This will check with the update server we created above and download updates from it.

Again, you can place this up2date command in a CRON job to download and install updates automatically.

Sanjay Majumder