Best practices in keeping older versions of RHEL secure?

ujjain asked:

We are running RHN Satellite and RHEL 6.3 servers with a frozen RHEL 6.3-channel.

What are the best practices in keeping older RHEL 6.3-servers secure?

It is important that:

  • We do not get new features that can break applications
  • We do get the latest security updates

So…

  • Should we push all RHN errata from the official Red Hat channel to our cloned frozen 6.3 channel?
  • Does this not update the software to the latest version? Because we do not want software updates that can possibly break applications, just the major security updates.

My answer:


You pay Red Hat for Extended Update Support. This is the only supported way to avoid updating to the latest service pack, and is subject to availability. It’s not offered for all point releases.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.