Cloud Techies
Published in

Cloud Techies

Patching Vulnerable Instances

Useful commands

  1. Run the below command at instance level to check security vulnerabilities
yum check-update — security — sec-severity=important,critical


The below command will fetch different results (‘I’ instead of ‘i’)

yum list-security — security — sec-severity=Important 

2. Run the below command to update the missing packages in the instance or Run the AWS-RunPatchBaseline document using SSM Run Command

sudo yum update-minimal — sec-severity=critical,important — bugfix

3. Again check for vulnerability of the instance by running the below command.

yum check-update — security — sec-severity=important,critical

4. To check for missing updates and patches/Vulnerability on the target managed instance.

yum list-security — security — sec-severity=important,critical — bugfix

5. How Patch manager works:

6. Running patch using cli:



A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Arun Kumar

Cloud Architect | AWS, GCP, Azure, Python, Kubernetes, Terraform, Ansible