As you probably know, patching process is a very important aspect of security strategy and lifecycle: both Windows and *nix systems must be patched against vulnerabilities and exploits. During the past months I heard sysadmins requesting firewall rules to permit servers (from internal LAN or DMZ) to access Internet web sites directly for patch download. This is not the right approach!
On Linux systems (debian/ubuntu or RHEL/CentOS) you can easily configure wget, apt-get or yum to use a proxy. The command is the same for all the applications and can be inserted in your updating scripts.
The above commands will forward each wget, apt-get or yum request to your proxy. If you need Â a proxy also for https or ftp protocol you have to run also the following commands:
Keep in mind that if your proxy require authentication you should configure username and password into the script…but I don`t suggest to do this because you will store credentials in clear text and you have to set the password as never expires.
Probably it is better to configure the proxy to allow http/https/ftp requests coming from server ip without authentication only if directed to update and patches sites.