Maintaining Software

You can file an issue about it and ask that it be added.

---

Table of Contents

• Maintaining Software
  • Package signatures
  • Keep system updated

Maintaining Software

Package signatures

Rationale

Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.

Solution

Enabled gpgcheck option

# C2S/CIS: CCE-26989-4 (High)

gpgcheck=1

Policies

C2S/CIS: CCE-26989-4 (High)

Useful resources

• Configuring Yum and Yum Repositories ^[Official]

Keep system updated

Rationale

Software updates offer plenty of benefits. It’s all about revisions. These might include repairing security holes that have been discovered and fixing or removing bugs.

U.S. Defense systems are required to be patched within 30 days or sooner as local policy dictates.

Some benefits:

• close up problems of security that has been discovered
• it can improve the stability of the system
• improvements the system stacks or network stacks

Solution

Updating all packages and dependencies

# C2S/CIS: CCE-26895-3 (High)

yum update

Policies

C2S/CIS: CCE-26895-3 (High)

Comments

Before updating the system, I do it in the console:

# This one-liner save the update process session:
script -t 2>~/upgrade.time -a ~/upgrade.script

Also these one-liners are important:

Check for updates

yum check-update

Install upgrades (with security updates)

yum --security upgrade

Roll back an update

yum history undo <id>

Useful resources

• Yum ^[Official]
• How to use yum history to roll back an update in Red Hat Enterprise Linux 6 , 7? ^[Official]
• In CentOS, what is the difference between yum update and yum upgrade?