When yum installs updates sometimes, it will give some message like:
warning: /etc/ssh/sshd_config created as /etc/ssh/sshd_config.rpmnew
My thought is that it would be wise to act upon these because perhaps occasionally there's some tweak to a config file that is important to be performed for security reasons; however, I'm wondering if I'm just being too cautious and that's just a theoretical concern that isn't really an issue in practice.
I guess what I'm asking is anyone aware of any case in the past few years where not merging in a .rpmnew file would have had some noteworthy undesirable implication – especially security-wise, but other angles like stability or desirability of configuration may be worth mentioning.
Best Answer
It's very rare for changes to the default configuration to have security or stability implications. However, "very rare" is not "never", and it's a good system hygiene practice to review all
.rpmnewfiles and double-check that they don't contain important changes, and then delete them.As a double-check, you should also arrange to receive security notices and information on all updates available to apply -- reading over the changelogs and bulletins will give you a good idea of the nature of the problems that are being fixed.