|
YUM at Its Yummiest
YUM's real power is in its automation, flexibility and fault tolerance.
While an update can be launched with a simple command-line instruction, YUM allows you to schedule regular (e.g. daily) update queries. YUM will download RPM header files on a schedule to check for and install any updates. This allows YUM to be truly automated and gives organizations the option of off-hour and staggered installations.
YUM's versatility and security can be further enhanced through the use of local or private repositories and application groups. Although YUM clients can be, and often are, directed to query public repositories, best practice often indicates the use of site repositories for maximum flexibility, control and security. For starters, creating repositories inside the firewall enhances security, as YUM is susceptible to man-in-the-middle and DNS-poisoning attacks if it's accessing an Internet repository.
Local repositories assure that only tested updates and patches are applied. By controlling what RPM packages sit on authorized repositories, you can make sure that they will be applied only after they have been cleared for production. (Or, if you are using public repositories or a centralized site repository, you can limit what YUM automatically updates through client-based exclude commands.)
Distributed repositories—...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
in branch offices, for example—reduce bandwidth consumption, so YUM clients won't all query a single central repository or flood your Internet access by downloading packages from a public site. And, high-security environments may need closed LAN segments with their own repository.
Going a step further, you can organize repositories of OSes, applications and tools by department or business unit. YUM facilitates this through groups defined in an XML-based file that allows you to assign packages to designated applications.
Pros and Cons
YUM is arguably best of class, though there are other Linux update tools, including up2date and APT-RPM, which may have features you prefer (see The Right Tool).
Using YUM for your Linux boxes and SUS or a third-party product for Windows servers and workstations is a reasonable software and patch update strategy.
YUM may not be robust enough for all enterprises. It lacks the central administration, rollback and reporting features of many commercial patch and configuration management tools. And, it's only good for Linux distributions.
But YUM is a free tool that's flexible, scalable, fault tolerant and easy to manage in centralized and decentralized environments. If maintaining your Linux boxes is a drag on your IT department, it's worth a look.
|
 |
|
