RHEL 9.0 - Managing & Monitoring Security Updates
RHEL 9.0 - Managing & Monitoring Security Updates
RHEL 9.0 - Managing & Monitoring Security Updates
A guide to managing and monitoring security updates in Red Hat Enterprise Linux 9
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons
Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is
available at
http://creativecommons.org/licenses/by-sa/3.0/
. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must
provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,
Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift,
Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States
and other countries.
Linux ® is the registered trademark of Linus Torvalds in the United States and other countries.
XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States
and/or other countries.
MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and
other countries.
Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the
official Joyent Node.js open source or commercial project.
The OpenStack ® Word Mark and OpenStack logo are either registered trademarks/service marks
or trademarks/service marks of the OpenStack Foundation, in the United States and other
countries and are used with the OpenStack Foundation's permission. We are not affiliated with,
endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
Abstract
This document describes how to learn about and install security updates, as well as displaying
additional details about the updates.
Table of Contents
Table of Contents
. . . . . . . . . .OPEN
MAKING . . . . . . SOURCE
. . . . . . . . . .MORE
. . . . . . .INCLUSIVE
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. . . . . . . . . . . . .
. . . . . . . . . . . . . FEEDBACK
PROVIDING . . . . . . . . . . . . ON
. . . .RED
. . . . .HAT
. . . . .DOCUMENTATION
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . . . .
.CHAPTER
. . . . . . . . . . 1.. .IDENTIFYING
. . . . . . . . . . . . . . SECURITY
. . . . . . . . . . . UPDATES
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. . . . . . . . . . . . .
1.1. WHAT ARE SECURITY ADVISORIES? 5
1.2. DISPLAYING SECURITY UPDATES THAT ARE NOT INSTALLED ON A HOST 6
1.3. DISPLAYING SECURITY UPDATES THAT ARE INSTALLED ON A HOST 6
1.4. DISPLAYING A SPECIFIC ADVISORY USING DNF 7
.CHAPTER
. . . . . . . . . . 2.
. . INSTALLING
. . . . . . . . . . . . . .SECURITY
. . . . . . . . . . .UPDATES
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8. . . . . . . . . . . . .
2.1. INSTALLING ALL AVAILABLE SECURITY UPDATES 8
2.2. INSTALLING A SECURITY UPDATE PROVIDED BY A SPECIFIC ADVISORY 8
2.3. ADDITIONAL RESOURCES 9
1
Red Hat Enterprise Linux 9 Managing and monitoring security updates
2
MAKING OPEN SOURCE MORE INCLUSIVE
3
Red Hat Enterprise Linux 9 Managing and monitoring security updates
1. Make sure you are viewing the documentation in the Multi-page HTML format. In addition,
ensure you see the Feedback button in the upper right corner of the document.
2. Use your mouse cursor to highlight the part of text that you want to comment on.
3. Click the Add Feedback pop-up that appears below the highlighted text.
3. Fill in the Description field with your suggestion for improvement. Include a link to the
relevant part(s) of documentation.
4
CHAPTER 1. IDENTIFYING SECURITY UPDATES
Severity
Affected products
Links to the tickets about the problem. Note that not all tickets are public.
Common Vulnerabilities and Exposures (CVE) numbers and links with additional details, such as
attack complexity.
Red Hat Customer Portal provides a list of Red Hat Security Advisories published by Red Hat. You can
display details of a specific advisory by navigating to the advisory’s ID from the list of Red Hat Security
Advisories.
5
Red Hat Enterprise Linux 9 Managing and monitoring security updates
Optionally, you can also filter the results by specific product, variant, version, and architecture. For
example, to display only advisories for Red Hat Enterprise Linux 9, you can set the following filters:
Version: 9
Additional resources
Prerequisite
Procedure
List all available security updates which have not been installed on the host:
Procedure
6
CHAPTER 1. IDENTIFYING SECURITY UPDATES
If multiple updates of a single package are installed, dnf lists all advisories for the package. In the
previous example, two security updates for the python3-libs package have been installed since
the system installation.
Prerequisites
You have a security advisory Update ID. See identifying the security advisory updates .
Procedure
Replace the Update ID with the required advisory. For example, # dnf updateinfo info <RHSA-
2019:0997>.
7
Red Hat Enterprise Linux 9 Managing and monitoring security updates
Prerequisite
Procedure
NOTE
The --security parameter is important. Without it, dnf update installs all updates,
including bug fixes and enhancements.
...
Transaction Summary
===========================================
Upgrade ... Packages
3. Optional: list processes that require a manual restart of the system after installing the updated
packages:
# dnf needs-restarting
1107 : /usr/sbin/rsyslogd -n
1199 : -bash
NOTE
This command lists only processes that require a restart, and not services. That is,
you cannot restart processes listed using the systemctl utility. For example, the
bash process in the output is terminated when the user that owns this process
logs out.
In certain situations, you might want to install only specific updates. For example, if a specific service can
8
CHAPTER 2. INSTALLING SECURITY UPDATES
In certain situations, you might want to install only specific updates. For example, if a specific service can
be updated without scheduling a downtime, you can install security updates for only this service, and
install the remaining security updates later.
Prerequisites
You have a security advisory Update ID. See identifying the security advisory updates .
Procedure
Replace the Update ID with the required advisory. For example, #dnf update --
advisory=<RHSA-2019:0997>
...
Transaction Summary
===========================================
Upgrade ... Packages
3. Optional: List the processes that require a manual restart of the system after installing the
updated packages:
# dnf needs-restarting
1107 : /usr/sbin/rsyslogd -n
1199 : -bash
NOTE
This command lists only processes that require a restart, and not services. This
means that you cannot restart all processes listed by using the systemctl utility.
For example, the bash process in the output is terminated when the user that
owns this process logs out.