This script is create 'updateinfo.xml' file from Vuls report file(xml) to make the 'yum --security update' command work on CentOS.
-
Execute vuls scan and report(xml).
-
Create 'updateinfo.xml' file.
$ /some/path/ruby vuls_to_updateinfo.rb /vuls/report/file.xml
- It will write 'updateinfo.xml' file at current directory.
-
Create repository for 'yum --security update'.
$ mkdir /somedirectory
$ createrepo /somedirectory- Need package installation of 'createrepo'.
-
Write 'updateinfo.xml' to repository.
$ cd /somedirectory
$ modifyrepo /some/path/updateinfo.xml repodata -
Add setting yum's repository at '/etc/yum.repos.d/CentOS-Base.repo'.
[security]
name=CentOS-$releasever - Security
baseurl=file:///somedirectory -
Try 'yum check-update'.
$ yum --security check-update
When security update found, do again step 2 and 4.
ruby
- 2.3.3
- 2.4.2