Patching method
BigFix offers more flexibility to the patch management solution by using native tools.
The Fixlets for all Amazon Linux content use the Yellow dog Updater, Modified (YUM), the default patch manager for Amazon Linux. YUM is a package management tool that updates, installs, and removes Red Hat Package Manager (RPM) packages. YUM uses a command-line interface and simplifies the process of installing, uninstalling, and updating packages, provided that there is access to the YUM repository.
YUM replaces these EDR utilities and gives you more flexibility in terms of patch deployment and providing results that are in parallel with Red Hat and Amazon Linux solutions. The following sites are available for Amazon Linux site uses YUM because it reduces dependency issues and improves performance.
YUM utility configuration settings
/etc/yum.conf
except for the following YUM configuration settings:- cachedir
- keepcache
- plugins
- reposdir
- pluginpath
- pluginconfpath
- metadata_expire
- installonlypkgs
Identifying file relevance with Native tools content
The native tools capture file relevance in the same way as EDR. Both methods check for the
relevance clause exist lower version of a package, but not exist higher version of
it
. If both tools are applied to the same deployment, the relevance results are the
same.