Cloud Techies
Published in

Cloud Techies

Patching Vulnerable Instances

Useful commands

  1. Run the below command at instance level to check security vulnerabilities
yum check-update — security — sec-severity=important,critical

Note:

The below command will fetch different results (‘I’ instead of ‘i’)

yum list-security — security — sec-severity=Important 

2. Run the below command to update the missing packages in the instance or Run the AWS-RunPatchBaseline document using SSM Run Command

sudo yum update-minimal — sec-severity=critical,important — bugfix

3. Again check for vulnerability of the instance by running the below command.

yum check-update — security — sec-severity=important,critical

4. To check for missing updates and patches/Vulnerability on the target managed instance.

yum list-security — security — sec-severity=important,critical — bugfix

5. How Patch manager works:

https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-how-it-works-installation.html

6. Running patch using cli:

https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-patch-cliwalk.html

--

--

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Arun Kumar

Cloud Architect | AWS, GCP, Azure, Python, Kubernetes, Terraform, Ansible