This article can also be found in the Premium Editorial Download "Information Security magazine: Why business managers are a breed of security professional."

Download it now to read this article plus other related content.

YUM at Its Yummiest
YUM's real power is in its automation, flexibility and fault tolerance.

While an update can be launched with a simple command-line instruction, YUM allows you to schedule regular (e.g. daily) update queries. YUM will download RPM header files on a schedule to check for and install any updates. This allows YUM to be truly automated and gives organizations the option of off-hour and staggered installations.

YUM's versatility and security can be further enhanced through the use of local or private repositories and application groups. Although YUM clients can be, and often are, directed to query public repositories, best practice often indicates the use of site repositories for maximum flexibility, control and security. For starters, creating repositories inside the firewall enhances security, as YUM is susceptible to man-in-the-middle and DNS-poisoning attacks if it's accessing an Internet repository.

Local repositories assure that only tested updates and patches are applied. By controlling what RPM packages sit on authorized repositories, you can make sure that they will be applied only after they have been cleared for production. (Or, if you are using public repositories or a centralized site repository, you can limit what YUM automatically updates through client-based exclude commands.)

Distributed repositories—in branch offices, for example—reduce

    Requires Free Membership to View

bandwidth consumption, so YUM clients won't all query a single central repository or flood your Internet access by downloading packages from a public site. And, high-security environments may need closed LAN segments with their own repository.

Going a step further, you can organize repositories of OSes, applications and tools by department or business unit. YUM facilitates this through groups defined in an XML-based file that allows you to assign packages to designated applications.

Pros and Cons
YUM is arguably best of class, though there are other Linux update tools, including up2date and APT-RPM, which may have features you prefer (see The Right Tool).

Using YUM for your Linux boxes and SUS or a third-party product for Windows servers and workstations is a reasonable software and patch update strategy. YUM may not be robust enough for all enterprises. It lacks the central administration, rollback and reporting features of many commercial patch and configuration management tools. And, it's only good for Linux distributions.

But YUM is a free tool that's flexible, scalable, fault tolerant and easy to manage in centralized and decentralized environments. If maintaining your Linux boxes is a drag on your IT department, it's worth a look.

This was first published in June 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: