Worklet for CentOS/RHEL Patch Except Policies

Worklet for CentOS/RHEL to exclude packages and their dependencies

When using a Patch Except policy for Linux in Automox, we exclude specific packages from the list of packages sent to the package manager. However, if those excluded packages have dependencies that that require the excluded packages to be upgraded, the upgrade will be forced.

For example: you create a Patch Except policy that excludes the 'httpd' package, but when you run it, the 'httpd' package gets updated anyway because 'php' requires a newer version of 'httpd'.

We can work around this by utilizing specific ```yum``` commands in a worklet.

This example excludes all httpd packages and skips its dependencies

Evaluation Code:

#!/bin/bash
exit 1

Remediation Code:

#!/bin/bash
yum -x httpd* update --skip-broken

This example excludes multiple packages

yum -x php,httpd update --skip-broken

This example uses multiple wildcards

yum -x 'php*' -x 'kernel*' update --skip-broken

This worklet can be used in place of CentOS/RHEL Patch Except policies.

Was this article helpful?
0 out of 0 found this helpful