updating redhat systems in a secure environment?
From: Mark Parker (mparker_at_arlut.utexas.[removemeformail)
Date: Thu, 28 Apr 2005 16:10:30 -0500
I've got some redhat EL 3 systems in a closed room. Basically, anything
that goes in there can't come back out ever. I'm trying to figure out
how I can keep the system up to date given that I have no internet
connection to the outside world.
What I've come up with so far is this: keep a freshly installed
non-updated machine of the same architecture outside of the closed room.
Run up2date --showall to get the complete list of packages that the
redhat network channel knows about for that system. Run an up2date --get
<PACKAGE> on each of the packages listed in the showall output. Put
these rpms onto a CD and take them into the closed room. On the closed
room system run an rpm -qa and grab the output. Write a script that
finds all of the packages installed, compares their versions with with
the showall output and then installs the later versions, possibly doing
a recursive dependency check before hand.
I'd like to think that there's a way to use up2date instead of writing
script to basically replace up2date's effects, but I've not seen
anything in the manuals that mentions using up2date on a non-internetted
Anybody got a better idea that mine? I'd love to thinks so.