Azure Update Management - Critical and Security Patching on CentOS
If Azure Update Management is able to identify Critical and Security Patching on CentOS, why it relies on "yum -q --security check-update" to install them? I would like to suggest to instead of using that command, the automation can just get all the packages and the version it needs to update and do it by yum install package-version package2-version
Update Management solution on Automation is a wrapper around your machine’s OS package manager – like YUM on CentOS. The solution doesn’t reinvent the wheel and instead utilizes the underpinnings of the OS.
The CentOS yum repositories do not contain the necessary metadata to indicate if they are security updates or not. This is by design and not within Microsoft control. So running “sudo yum -q —security check-update” on a CentOS client will not install the patches, and as that is what we do in our solution selecting only Security and Critical patches will not work.
The reason we can display the classifications of the missing patches in our Solution is due to “data enrichment in the cloud”. As CentOS is essentially a free version of RedHat, what our solution does is to “enrich” the information we hold in cloud using the RedHat classification information. That means we can show what classifications of patches are missing from a CentOS box because it is same as for Redhat Linux, but you still cannot use the classifications when deploying the updates as the YUM packages on paid Redhat repository has the meta data to install updates of specific classification.
Queiroz, Caio (Barueri) commented
There is a limitation on Linux VMs to classificate the Security and Critical patches on Update Management.
Update Management warns that are pending Critical and Security updates, but running the yum list-security --security on the VM, it show as not needed.
This limitation is described in the update management overview page :
Please, could you analyzed and fix it, would be great to have the same information on update management and on Linux VM Side.