disable automatic updates
Mertens, Bram
mertensb at mazdaeur.com
Thu Aug 13 10:01:10 UTC 2009
>
Mazda Motor Logistics Europe NV, Blaasveldstraat 162, B-2830 Willebroek
VAT BE 0406.024.281, RPR Mechelen, ING 310-0092504-52, IBAN : BE64 3100 0925 0452, SWIFT : BBRUBEBB
-----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of ESGLinux
> Sent: donderdag 13 augustus 2009 8:54
> To: General Red Hat Linux discussion list
> Subject: Re: disable automatic updates
>
> >
> >
> >> Any updates should be in /var/log/yum.log, but I am not sure where
> to
> > look for who initiated the updates. Does every admin on your system
> have
> > access to the root account, or do you require all administrators to
> log in
> > on an unprivileged account and then use su or sudo to perform
> administrative
> > tasks?
> >
> >
> > Cheers,
> >
>
> Hi,
> in the yum.log I don´t have the user who has made the update.
>
> This is what I have there:
> .....
> Jul 10 08:40:49 Updated: httpd-2.2.3-22.el5_3.2.i386
> Jul 10 08:40:52 Updated: httpd-manual-2.2.3-22.el5_3.2.i386
> Jul 10 08:40:53 Updated: 1:mod_ssl-2.2.3-22.el5_3.2.i386
> .....
>
> There are several people who has the root access to the system. Yes I
> know,
> this is dangerous, but its the situation...
I highly recommend that you schedule implementing sudo on your systems so you can revoke root access. Even if you trust your colleagues fully (though from this thread I believe you have reason not to) you could grant them permission to do anything as any user on the system. While this is NOT secure since it allows them to circumvent the mechanism it could help if all you want is a log of which commands were executed. This is off course given that you can agree to not use the loopholes.
To figure out what happened I suggest that you look at your cron log for Jul 10 at about the time mentioned in the yum log.
If you have a cron job installing updates automatically you should find it there. Then hopefully from there you can figure who/how this was scheduled and how to disable it.
Good luck
Bram
More information about the redhat-list
mailing list