[RndTbl] Linux patching best practices
Sean Walberg
sean at ertw.com
Fri Nov 26 20:35:23 CST 2010
At work, we copy the updates repo and point all our servers there. Every so
often we freshen the mirror and begin the patch cycle. If you have reliable
tests then you can test before rolling out, or just roll out to a couple of
development servers first before generally deploying.
For my personal stuff I run Nagios with a plugin that checks the output of
"yum list-security" (need the yum-security package) and flags an alert if
there's a security related fix. Those I try to install fairly quickly.
Otherwise I periodically upgrade the non critical packages, and schedule the
critical ones (apache/nginx/php/ruby/mysql). See
http://ertw.com/blog/2010/11/19/epel-nginx-rpm-and-upgrade-from-0-6-x-to-0-8-x/for
something that recently bit me :(
If you have packages that are critical to your application, you can put them
under cfengine/puppet management to automate some of the tasks associated
with keeping them up to date.
Most of the servers I take care of now are VPSes, so I never reboot for
kernel upgrades.
Sean
On Fri, Nov 26, 2010 at 8:01 PM, Kevin McGregor
<kevin.a.mcgregor at gmail.com>wrote:
> At work I have two Ubuntu and two CentOS servers. What do you recommend as
> the best practice for applying updates? Specifically, do you do any testing
> on test machines first, or just wait until the updates are a certain age
> without hearing of any issues? Automatically apply them, or manually? Do you
> reboot the servers regularly regardless of whether you've patched them
> (something Windows administrators still do for their Windows servers!), or
> just wait until a kernel or other update requires it?
>
> Kevin
>
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
>
>
--
Sean Walberg <sean at ertw.com> http://ertw.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.muug.mb.ca/pipermail/roundtable/attachments/20101126/723e3083/attachment.html
More information about the Roundtable
mailing list