Worklet for CentOS/RHEL to exclude packages and their dependencies
When using a Patch Except policy for Linux in Automox, we exclude specific packages from the list of packages sent to the package manager. However, if those excluded packages have dependencies that that require the excluded packages to be upgraded, the upgrade will be forced.
For example: you create a Patch Except policy that excludes the 'httpd' package, but when you run it, the 'httpd' package gets updated anyway because 'php' requires a newer version of 'httpd'.
We can work around this by utilizing specific ```yum``` commands in a worklet.
This example excludes all httpd packages and skips its dependencies
Evaluation Code:
#!/bin/bash
exit 1
Remediation Code:
#!/bin/bash
yum -x httpd* update --skip-broken
This example excludes multiple packages
yum -x php,httpd update --skip-broken
This example uses multiple wildcards
yum -x 'php*' -x 'kernel*' update --skip-broken
This worklet can be used in place of CentOS/RHEL Patch Except policies.