By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EC2 YUM --security check-update

0

I have a amazon linux 2 server running ..every day on same time below process used to run and causes a high cpu spike .

/usr/bin/python /usr/bin/yum --debuglevel 2 --security check-update

just want to know what exactly security updates its getting or is it recommended to disable to security update or i will get into any server trouble after disabling it.

Topics
ComputeAWS Well-Architected Framework
Tags
Amazon EC2Security
Language
English
vinay
asked 4 months ago261 views
2 Answers
3

Hello,

Disabling security updates on servers is generally not recommended, as it leaves them vulnerable to potential exploits. The yum check-update process you're seeing is likely checking for any available security updates from Amazon Linux repositories.

Thanks

Abhinav Chauhan
answered 4 months ago
  • Abhinav Chauhan
    4 months ago

    You can try to set a yum cron job schedule to run checks during off-peak hours to minimize impact.

1

Hi,

To know more about yum --security, go to https://www.cyberciti.biz/faq/rhel-centos-yum-check-update-security-plugin/

This post details what the yum-security plugin brings you. This plugin make it possible to limit list/upgrade of packages to specific security relevant ones.

All possible command options are detailled here: https://linux.die.net/man/8/yum-security

If it brings a high cpu spike to your machine, you should - if possible - schedule it via cron during a low-activity period. But, it would not be a good idea to disable the package updates, especially those relevant to security. It is better to keep you machine up to date.

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content