On 01/04/03 14:05 +0100, Andy Wild wrote: <snip> > I was wondering what the general feeling was amongst other subscribers to > the list in regards to updating a Red Hat box as part of a process to harden > it? I am looking at Red Hat 7.0, 7.1 and 7.2 boxes. > > The two obvious options to me are to either: > > - Identify errata RPMs that have been released by Red Hat for those versions > and install them. If the system is stable under the load you put on it, just use the redhat patches (and patch self compiled software as relevant).
> or > > - Upgrade the Red Hat box to 7.3 or 8.0, and then update with the errata > RPMs for either of those new versions. I personally run RH 7.3 for the stability factor. About half the software I run is from RPM and the other half is compiled from source. I update the RPMs to current as required by RPM. and source likewise. (I run postfix snapshots/postgresql official source/courier-imapd and quite a few things that RedHat doesn't ship and of course, custom kernels). <snip> > Although it shouldn't be as important since security is the main concern, is > it just generally "easier" to update the RPMs rather than upgrade the box > entirely? You can go about it either way. Just make sure you stay patched to the highest level of patching you can(for bug fixes, not features). Devdas Bhagat
