Page 1 of 1

Skipping security plugin, no data

Posted: 2013/03/25 13:49:49
by krussell101
I'm pretty certain my host is not secured since it never pulls any security updates.

[code]
yum update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* addons: mirrors.btte.net
* base: mirrors.btte.net
* extras: mirrors.yun-idc.com
* updates: mirrors.yun-idc.com
Skipping security plugin, no data
Setting up Update Process
No Packages marked for Update
[/code]

What do I have misconfigured? The "Skipping security plugin, no data" message makes me very nervous.

Thanks in advance!


Below is (hopefully) relevant system information.

[code]
== BEGIN uname -rmi ==
2.6.34.13 x86_64 x86_64
== END uname -rmi ==

== BEGIN rpm -qa \*-release\* ==
centos-release-notes-5.9-0
centos-release-5-9.el5.centos.1
== END rpm -qa \*-release\* ==

== BEGIN cat /etc/redhat-release ==
CentOS release 5.9 (Final)
== END cat /etc/redhat-release ==

== BEGIN getenforce ==
Disabled
== END getenforce ==

== BEGIN free -m ==
total used free shared buffers cached
Mem: 1966 918 1048 0 185 521
-/+ buffers/cache: 210 1755
Swap: 3967 0 3967
== END free -m ==

== BEGIN rpm -qa yum\* rpm-\* python | sort ==
python-2.4.3-56.el5
rpm-build-4.4.2.3-32.el5_9
rpm-libs-4.4.2.3-32.el5_9
rpm-python-4.4.2.3-32.el5_9
yum-3.2.22-40.el5.centos
yum-fastestmirror-1.1.16-21.el5.centos
yum-metadata-parser-1.1.2-4.el5
yum-security-1.1.16-21.el5.centos
yum-updatesd-0.9-5.el5
== END rpm -qa yum\* rpm-\* python | sort ==

== BEGIN ls /etc/yum.repos.d ==
CentOS-Base.repo
Yandex.repo.set_aside_for_testing
== END ls /etc/yum.repos.d ==

== BEGIN cat /etc/yum.conf ==
[main]
cachedir=/var/cache/yum
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
distroverpkg=redhat-release
tolerant=1
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
bugtracker_url=http://bugs.centos.org/yum5bug

# Note: yum-RHN-plugin doesn't honor this.
metadata_expire=1h

#installonly_limit = 5

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
== END cat /etc/yum.conf ==

== BEGIN yum repolist all ==
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* addons: centos.ustc.edu.cn
* base: centos.ustc.edu.cn
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
repo id repo name status
addons CentOS-5 - Addons enabled: 0
base CentOS-5 - Base enabled: 3,641
centosplus CentOS-5 - Plus disabled
contrib CentOS-5 - Contrib disabled
extras CentOS-5 - Extras enabled: 266
updates CentOS-5 - Updates enabled: 261
repolist: 4,168
== END yum repolist all ==

== BEGIN egrep 'include|exclude' /etc/yum.repos.d/*.repo ==
== END egrep 'include|exclude' /etc/yum.repos.d/*.repo ==

== BEGIN sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n ==
== END sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n ==

== BEGIN rpm -qa kernel\* | sort ==
kernel-2.6.18-308.el5
kernel-2.6.32.60-1
kernel-2.6.34.13-1
kernel-headers-2.6.18-348.3.1.el5
== END rpm -qa kernel\* | sort ==

[/code]

Skipping security plugin, no data

Posted: 2013/03/25 20:18:32
by toracat
The yum-security is not (yet) functional. You should be getting the security-related updates though. If you are concerned about the message, you can remove yum-security for now. I don't know how soon the security update feature will be implemented. There is/was a plan for that.

Re: Skipping security plugin, no data

Posted: 2013/03/25 21:30:08
by TrevorH
You're not running a CentOS supplied kernel for one thing. The one you are running has a higher version number than any CentOS 5.x kernel will [u]ever[/u] have so it will never be updated. You do have a CentOS 5 kernel installed - kernel-2.6.18-308.el5 but the other two are masking any newer CentOS supplied ones as yum thinks you already have a newer one installed. That wouldn't stop other updates from being downloaded and applied though so you should have seen updates in the last 2 weeks for tzdata, boost, tomcat5, thunderbird, kexec-tools, sudo, xulrunner and ruby. If they are not installed then they obviously won't need updating. You can check the following list against your /var/log/yum.log to see if they've been updated on your system.

[code]
$ rpm -qa --last | less
tzdata-java-2013b-1.el5 Sat 23 Mar 2013 01:07:24 GMT
tzdata-2013b-1.el5 Sat 23 Mar 2013 01:07:23 GMT
boost-devel-1.33.1-16.el5_9 Fri 22 Mar 2013 08:21:30 GMT
boost-1.33.1-16.el5_9 Fri 22 Mar 2013 08:21:25 GMT
tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9 Wed 13 Mar 2013 02:16:11 GMT
tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9 Wed 13 Mar 2013 02:16:11 GMT
thunderbird-17.0.3-2.el5.centos Tue 12 Mar 2013 09:08:43 GMT
kexec-tools-1.102pre-161.el5_9.1 Tue 12 Mar 2013 00:10:43 GMT
sudo-1.7.2p1-22.el5_9.1 Sat 09 Mar 2013 14:03:40 GMT
xulrunner-devel-17.0.3-2.el5_9 Sat 09 Mar 2013 14:03:37 GMT
xulrunner-17.0.3-2.el5_9 Sat 09 Mar 2013 14:03:33 GMT
ruby-devel-1.8.5-29.el5_9 Fri 08 Mar 2013 11:13:31 GMT
ruby-1.8.5-29.el5_9 Fri 08 Mar 2013 11:13:31 GMT
ruby-libs-1.8.5-29.el5_9 Fri 08 Mar 2013 11:13:29 GMT
openssl-devel-0.9.8e-26.el5_9.1 Tue 05 Mar 2013 17:45:15 GMT
[/code]

Re: Skipping security plugin, no data

Posted: 2013/03/31 19:27:30
by krussell101
Very interesting. So freaking out when I see the security message is optional. I can handle that. :) Thanks!

Re: Skipping security plugin, no data

Posted: 2013/03/31 19:30:48
by krussell101
Yikes. Now I wonder where my former SA got the kernel. Sigh.

Okay. Sounds like I may need to start from scratch which is a drag. Can I get a Centos kernel and slap it on top of this one and get a reasonable outcome? Or am I in dreamland?

THANKS!

Re: Skipping security plugin, no data

Posted: 2013/03/31 19:47:32
by krussell101
The list you supplied is really helpful and eases my mind somewhat. There are several packages in your list that we don't have installed, but those that are appear to be uptodate. Where do I get a list such as you have produced? Thanks again.

Karla

Re: Skipping security plugin, no data

Posted: 2013/03/31 19:50:51
by krussell101
If I have 3 kernels installed, can I delete two of them?

If I remove kernel-2.6.32.60-1 & kernel-2.6.34.13-1 would all be good???

Re: Skipping security plugin, no data

Posted: 2013/03/31 19:54:13
by TrevorH
You can edit /boot/grub/grub.conf and amend the "default=" line to point to the entry in the list for the CentOS kernel and test it to make sure it works. In fact, better, you can just hit Esc when you see the "Booting CentOS 2.6.34.13-1" message and scroll down the list and pick the 2.6.18-whatever kernel from the list first and make sure it works. If it works then you can remove the non-standard ones. A subsequent `yum update` after those two are removed will then start to update your CentOS kernel since the one in the repo will now be a higher version number than the latest installed.