yum-security is a plugin to the Red Hat Entreprise Linux package manager yum. It helps installing only security updates (RHSA) (as opposed to bug fixes (RHBA) or enhancements (RHEA)).
Explanation of RHSA, RHBA and RHEA advisories
RHEL 7 : yum-security is part of yum
RHEL 6 :
yum install yum-plugin-security
List all available erratas without installing them :
yum updateinfo list available
List all available security updates without installing them :
yum updateinfo list security all
yum updateinfo list sec
List of the currently installed security updates :
yum updateinfo list security installed
More examples are available in this Red Hat KB article
Red Hat has been provided security information since January 2005 through different ways :
RHSA-Announce mailing list, Red Hat CVE database and Red Hat Product Errata
For a better access of their data, the Red Hat Product Security has just released a beta API. It provides more search options for accessing real-time data.
More details can be found in the post below :
Red Hat Security Blog post about their new Security Data API service
RedHat Security Data API
Two links for an in-depth explanation regarding Red Hat backporting security fixes process as well as compatibility between Red Hat security advisories and Mitre CVEs.
Backporting Security Fixes
Red Hat and CVE compatibility
Red Hat provides free access to two databases for errata and for CVE referenced in Red Hat products :
Red Hat Product Errata database
Red Hat CVE Database
Per Fail2ban main page, Fail2ban is the de facto tool to have to monitor malicious access attempts on your server and ban source IPs if need be.
The 2 presentations presents Fail2Ban’s history and features in a very-well manner :
Fail2Ban – Keep your boxes skiddie-free
Fail2ban : from personal to community-driven
Github’s project page
The warning message below has been displayed after upgrading Debian testing :
W: Possible missing firmware /lib/firmware/i915/kbl_guc_ver9_14.bin for module i915
W: Possible missing firmware /lib/firmware/i915/bxt_guc_ver8_7.bin for module i915
This issue has been referenced in the Debian bug tracking system : #857997
For now, this package does not provide the latest version of Kabylake GuC (9.14) and Broxton GuC (8.7) firmwares.
To remove this warning message, as a workaround, just download them and copy the blob files into the directory /lib/firmware/i915.
Finally, rebuild your initramfs :
update-initramfs -k `uname -r`-u