RHEL 제품에 대한 패치 버전중? z-stream 이 의미하는게 뭘까?
대충 짐작은 가지만??? 자세하게 알길이 없으니…

——————————————————————————————————————–
EUS streams are numbered X.Y.Z, where X is the major release number
Y is the minor release supported by the EUS stream, and Z signifies that
it is an EUS stream.
——————————————————————————————————————–
Link : https://www.redhat.com/f/pdf/rhel/LIFECYCLE_EUS_Datasheet_22_DEC.pdf

문서를 찾아 보던중… 위와 같은 내용을 발견했다.
X.Y.Z 라는 체계를 가져가며… X 는 메이져 번호, Y 는 마이너 번호 , Z 가 붙어 있으면…
EUS 버전이라는 뜻? 이라고 한다.

그리고 메이져, 마이너, 비동기 에레타? 에 대한 비교 자료도 함께 첨부 한다.
What’s the difference between a major, minor, and asynchronous release?
Link : https://access.redhat.com/solutions/401413

Bash 관련 보안 업데이트가 발생 되었다.
원격지에서 허용되지 않는 임의 코드 실행이 가능한 취약점으로 bash 를 사용하는 시스템에서는 조속히 업데이트를 하시기 바랍니다.

저의 블로그 접속 로그에도 아래와 같은 공격 흔적이 남았네요
[26/Sep/2014:15:37:37 +0900] “GET /mail/cgi/index.cgi HTTP/1.0” 404 283 /home/www/xxxx/mail— “-” “() { foo;};echo;/bin/cat /etc/passwd”

관련 내용 :
Link : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
Link : http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=21984

관련 해결 방법 :
RHEL
Link : https://access.redhat.com/articles/1200223
SUSE
Link : http://support.novell.com/security/cve/CVE-2014-7169.html
DEBIAN
Link : https://www.debian.org/security/2014/dsa-3035
UBUNTU
Link : http://www.ubuntu.com/usn/usn-2363-2/

uptime 이 오래된 시스템들이 rebooting 를 할경우 rebooting 이 되지 않고 아래와 같은 메시지를 무한 반복 한다.
문제점이야… Power Button 을 눌러서 강제 Off and On 하면 되지만 문제가 있는 부분이므로…

—————————————————————————————————————-

BUG: soft lockup - CPU#N stuck for 67s! [<process>:NNNN]
내가 경험한 메시지는 아래와 같다.
BUG : soft lockup cpu#0 stuck for 67s! [migration / 0:5]

—————————————————————————————————————-

관련 내용 : https://access.redhat.com/site/solutions/502603

해결 방법은 커널을 2.6.32-431 로 업데이트 하거나 grub.conf 에 audit=0 파라미터를 적용.

관련하여 자세한 내용은 첨부한 링크를 확인하기 바랍니다.

YUM 명령어를 이용하여 나의 시스템에 발생된 보안 업데이트를 진행해 보자
방법은 아래의 내용을 참고~!

@ yum-security plugin 설치
=======================================================
RHEL6
# yum install yum-plugin-security

RHEL5
# yum install yum-security
======================================================= 


@ 설치 가능한 보안 패치를 확인하는 방법
=======================================================
# yum list-security --security
=======================================================
# yum list-security --security
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
local                                                                                                                                  | 3.9 kB     00:00     
local/primary_db                                                                                                                       | 3.1 MB     00:00     
rhel-x86_64-server-6                                                                                                                   | 1.8 kB     00:00     
rhel-x86_64-server-6/primary                                                                                                           |  16 MB     00:01     
rhel-x86_64-server-6                                                                                                                              12316/12316
rhel-x86_64-server-6/updateinfo                                                                                                        | 2.0 MB     00:00     
RHSA-2013:1537 Low/Sec.       augeas-libs-1.0.0-5.el6.x86_64
RHSA-2014:0044 Moderate/Sec.  augeas-libs-1.0.0-5.el6_5.1.x86_64
RHSA-2013:0550 Moderate/Sec.  bind-libs-32:9.8.2-0.17.rc1.el6.3.x86_64
RHSA-2013:0689 Important/Sec. bind-libs-32:9.8.2-0.17.rc1.el6_4.4.x86_64
RHSA-2013:1114 Important/Sec. bind-libs-32:9.8.2-0.17.rc1.el6_4.5.x86_64

.
.
.

RHSA-2013:1620 Low/Sec.       xorg-x11-server-Xorg-1.13.0-23.el6.x86_64
RHSA-2013:1868 Important/Sec. xorg-x11-server-Xorg-1.13.0-23.1.el6_5.x86_64
RHSA-2013:1426 Important/Sec. xorg-x11-server-common-1.13.0-11.1.el6_4.2.x86_64
RHSA-2013:1620 Low/Sec.       xorg-x11-server-common-1.13.0-23.el6.x86_64
RHSA-2013:1868 Important/Sec. xorg-x11-server-common-1.13.0-23.1.el6_5.x86_64
RHSA-2013:0271 Critical/Sec.  xulrunner-17.0.3-1.el6_3.x86_64
RHSA-2013:0614 Critical/Sec.  xulrunner-17.0.3-2.el6_4.x86_64
RHSA-2013:0696 Critical/Sec.  xulrunner-17.0.5-1.el6_4.x86_64
RHSA-2013:0820 Critical/Sec.  xulrunner-17.0.6-2.el6_4.x86_64
RHSA-2013:0981 Critical/Sec.  xulrunner-17.0.7-1.el6_4.x86_64
RHSA-2013:1140 Critical/Sec.  xulrunner-17.0.8-3.el6_4.x86_64
RHSA-2013:1268 Critical/Sec.  xulrunner-17.0.9-1.el6_4.x86_64
RHSA-2013:1476 Critical/Sec.  xulrunner-17.0.10-1.el6_4.x86_64
RHSA-2013:0271 Critical/Sec.  yelp-2.28.1-17.el6_3.x86_64
updateinfo list done

 @ 현재 서버에 설치된 보안 패치를 확인하는 방법 
=======================================================
# yum updateinfo list security all
=======================================================
# yum list-security --security
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
RHSA-2013:1537 Low/Sec.       augeas-libs-1.0.0-5.el6.x86_64
RHSA-2014:0044 Moderate/Sec.  augeas-libs-1.0.0-5.el6_5.1.x86_64
RHSA-2013:0550 Moderate/Sec.  bind-libs-32:9.8.2-0.17.rc1.el6.3.x86_64
RHSA-2013:0689 Important/Sec. bind-libs-32:9.8.2-0.17.rc1.el6_4.4.x86_64
RHSA-2013:1114 Important/Sec. bind-libs-32:9.8.2-0.17.rc1.el6_4.5.x86_64
RHSA-2014:0043 Moderate/Sec.  bind-libs-32:9.8.2-0.23.rc1.el6_5.1.x86_64
RHSA-2013:0550 Moderate/Sec.  bind-utils-32:9.8.2-0.17.rc1.el6.3.x86_64
RHSA-2013:0689 Important/Sec. bind-utils-32:9.8.2-0.17.rc1.el6_4.4.x86_64
RHSA-2013:1114 Important/Sec. bind-utils-32:9.8.2-0.17.rc1.el6_4.5.x86_64
RHSA-2014:0043 Moderate/Sec.  bind-utils-32:9.8.2-0.23.rc1.el6_5.1.x86_64
RHSA-2013:0668 Moderate/Sec.  boost-1.41.0-15.el6_4.x86_64
RHSA-2013:0668 Moderate/Sec.  boost-date-time-1.41.0-15.el6_4.x86_64

.
.
.
RHSA-2013:1866 Moderate/Sec.  ca-certificates-2013.1.95-65.1.el6_5.noarch
RHSA-2013:1540 Low/Sec.       cheese-2.28.1-8.el6.x86_64
RHSA-2013:1540 Low/Sec.       control-center-1:2.28.1-39.el6.x86_64
RHSA-2013:1540 Low/Sec.       control-center-extra-1:2.28.1-39.el6.x86_64
RHSA-2013:1540 Low/Sec.       control-center-filesystem-1:2.28.1-39.el6.x86_64
RHSA-2013:1652 Low/Sec.       coreutils-8.4-31.el6.x86_64
updateinfo list done


@ 설치 가능한 보안 패치를 업데이트하는 방법
=======================================================
# yum update --security
=======================================================
#yum update --security
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security,
              : subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
238 package(s) needed (+0 related) for security, out of 520 available
--> Running transaction check
---> Package augeas-libs.x86_64 0:0.9.0-4.el6 will be updated
---> Package augeas-libs.x86_64 0:1.0.0-5.el6_5.1 will be an update
---> Package bind-libs.x86_64 32:9.8.2-0.17.rc1.el6 will be updated
--> Processing Dependency: libboost_math_c99l.so.5()(64bit) for package: boost-devel-1.41.0-18.el6.x86_64
.
.
.
---> Package gtk2-immodule-xim.x86_64 0:2.20.1-4.el6 will be an update
---> Package netpbm.x86_64 0:10.47.05-11.el6 will be installed
--> Processing Conflict: xorg-x11-server-Xorg-1.13.0-23.1.el6_5.x86_64 conflicts xorg-x11-drv-synaptics < 1.6.2-13
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package xorg-x11-drv-synaptics.x86_64 0:1.6.2-11.el6 will be updated
---> Package xorg-x11-drv-synaptics.x86_64 0:1.6.2-13.el6 will be an update
--> Processing Conflict: kernel-2.6.32-431.5.1.el6.x86_64 conflicts bfa-firmware < 3.2.21.1-2
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package bfa-firmware.noarch 0:3.0.3.1-1.el6 will be updated
---> Package bfa-firmware.noarch 0:3.2.21.1-2.el6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================
 Package                                        Arch                   Version                                     Repository                            Size
==============================================================================================================================================================
Installing:
 firefox                                        x86_64                 24.3.0-2.el6_5                              rhel-x86_64-server-6                  46 M
     replacing  firefox.x86_64 10.0.12-1.el6_3
 kernel                                         x86_64                 2.6.32-431.5.1.el6                          rhel-x86_64-server-6                  28 M
 .
.
.
 wireshark-gnome                                x86_64                 1.8.10-4.el6                                rhel-x86_64-server-6                 855 k
 xorg-x11-drv-synaptics                         x86_64                 1.6.2-13.el6                                rhel-x86_64-server-6                  73 k
 xorg-x11-server-Xephyr                         x86_64                 1.13.0-23.1.el6_5                           rhel-x86_64-server-6                 859 k
 Installing for dependencies:
 p11-kit                                        x86_64                 0.18.5-2.el6_5.2                            rhel-x86_64-server-6                  94 k
 p11-kit-trust                                  x86_64                 0.18.5-2.el6_5.2                            rhel-x86_64-server-6                  71 k
Updating for dependencies:
 atk                                            x86_64                 1.30.0-1.el6                                rhel-x86_64-server-6                 196 k
 libtevent                                      x86_64                 0.9.18-3.el6                                rhel-x86_64-server-6                  26 k
 python-rhsm                                    x86_64                 1.9.6-1.el6                                 rhel-x86_64-server-6                 100 k

Transaction Summary
==============================================================================================================================================================
Install      13 Package(s)
Upgrade     248 Package(s)

Total download size: 512 M
Is this ok [y/N]: 

@ CVE 번호를 이용하여 특정 업데이트만 진행하는 방법
=======================================================
# yum update –cve <CVE>

e.g.

# yum update –cve CVE-2008-0947
=======================================================
# yum update –cve CVE-2013-2094
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
3 package(s) needed (+0 related) for security, out of 520 available
–> Running transaction check
—> Package kernel-devel.x86_64 0:2.6.32-431.5.1.el6 will be installed
—> Package kernel-headers.x86_64 0:2.6.32-358.el6 will be updated
—> Package kernel-headers.x86_64 0:2.6.32-431.5.1.el6 will be an update
—> Package perf.x86_64 0:2.6.32-358.el6 will be updated
—> Package perf.x86_64 0:2.6.32-431.5.1.el6 will be an update
–> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================
Package                              Arch                         Version                                   Repository                                  Size
==============================================================================================================================================================
Installing:
kernel-devel                         x86_64                       2.6.32-431.5.1.el6                        rhel-x86_64-server-6                       8.8 M
Updating:
kernel-headers                       x86_64                       2.6.32-431.5.1.el6                        rhel-x86_64-server-6                       2.8 M
perf                                 x86_64                       2.6.32-431.5.1.el6                        rhel-x86_64-server-6                       2.9 M

Transaction Summary
==============================================================================================================================================================
Install       1 Package(s)
Upgrade       2 Package(s)

Total download size: 14 M
Is this ok [y/N]:

관련 참고 : https://access.redhat.com/site/solutions/10021