I used to use ASL for my server protection. This is an overall security suite for your server. One of the things it did is update or patch the kernel.
I do not use it anymore, should I manually update or patch my the kernel. If so how do I do this, what are the best recources.
I'm on CentOS 5.4
I agree with what Sataincpuppy said. To answer the how often:
With updates you must always know how to roll back as well, so make sure you know how to select the previous kernel in grub as the default if for some reason the update gives you problems.
Also, don't just worry about the kernel, for instance, if this is a Apache web server you better keep an eye on those updates as well.
RE Repo For Security Updates:
The default repos shold be fine unless maybe you have special high security needs. If you only want security updates just only use the security plugin:
yum update --security
Well, I don't know if it's left any significant holes, but from a pure paranoia point of view, I'd update the kernel.
I wouldn't bother doing it manually though, unless you're using a custom kernel. The kernel is updated all the time: shouldn't be too hard to find a "new" version to update to, and you can just do the update with Yum.
Yes, security holes are found all the time in the Linux kernel. Often they are minor issues that probably wont affect you, but there are occasional major security holes that you should really upgrade to fix. As mentioned by the devil's dog, you can do this upgrade easily with yum. Also note that for pretty much all Linux software upgrades, you do not need to reboot, the kernel is the one place where you do need to reboot to use the new version (there are hacks to switch to a new kernel without rebooting, eg 'ksplice', but I would not recommend it. Seems too risky to me, I'd rather just do a standard reboot).
