I can empathize with the desire to have an all in one tool. But - I'm not certain that having my detection and patching solution in the same package is desirable. Each to his own, though.

I would give a look at Nessus. Without the need for an agent, but provided with account credentials that are of a root, or administrative persuasion, you can probably get what you are looking for. I would couple that with some remote management tools. You could look into Apple Remote Desktop, if your central system will be a Mac. (you can get Nessus running on a Mac as well). Chicken of the VNC would get you similar access to any windows or linux systems that the Apple Remote Desktop would not - you could also use that for the Mac systems (it is free). However, I mentioned the Apple Remote Desktop, because it does much more than give you access. You can push packages to the managed systems, and you can monitor them, and see OS version at a glance (for example).

That being said, Mac computers are awesome at patching themselves. I have been a quasi-serious Mac user since shortly after Apple got serious and decided to base the OS on a BSD sub-system and MACH micro-kernel. I have NEVER in those years had a problem with a Mac not patching properly. Compare this with Windows, where there are OFTEN problems with patches not completing successfully, getting hung, and/or clogging up the entire process, leaving a system vulnerable and an end user bewildered. For that reason - I think you would be better off, if you can only build one system, to build a Windows system that can run WSUS. If you can have more than one system - then build out from there.

The notion that a software solution - or software package is "enterprise" because it is marketed as such, is a fallacy. IMHO, a solution either scales to meet your needs, or it does not. You can either get your job done with the tool, or you cannot. I have heard folks say that tools were not "enterprise", just because they were not commercial. I mention this as a caution. Some of the best security tools in the world, are open source, or came from open source beginnings.

I would also suggest you get at the heart of why you cannot use an "agent". Depending upon your definition of "agent", you may not have a choice. I suspect you mean, by agent, a proprietary piece of software that needs to be added to each system and then adds more management and potentially another attack vector. Would you consider a script running on these systems as an agent? It could be defined as such - but - it could also be a "free" (your time which isn't free, technically) source of an overall solution.

I hope my comments help. I'm sure someone will have a "complete solution" - but I would be wary of such. In my twenty-plus years in this industry, I haven't seen a truly functional silver bullet yet.

Best of luck,

Ken Walling
aka - Metajunkie

On Jun 26, 2012, at 1:21 AM, sfmailsbm (at) gmail (dot) com [email concealed] wrote:

> Hi all,
>
> Looking for an agentless solution to scan server park for (patchable) vulnerabilities
> Environment is a Mix of Windows, UNIX and MacOS hosts
>
> Objective is to be able to scan all the hosts identify patches that need to be installed, and deploy the patch installation from the same central system - all agentless
>
> As you all know vulnerability management is one of the greatest challenges in an enterprise environment
>
> Please suggest any enterprise tool that meet these criteria...
>
> many thanks,
> Ron
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>

0? *?H?÷

 ?0?

10 +0? *?H?÷


 ?0?ÿ0?ç 
ݲ0
 *?H?÷


0?10 UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
120309091505Z
130310175826Z0D10Umetajunkie (at) gmail (dot) com1 [email concealed]#0! *?H?÷


metajunkie (at) gmail (dot) com0 [email concealed]?
"0
 *?H?÷



?
0?

?

?W÷~Ƚ?? AûÏZN?^ɯ??G½¡¸oëÄàâL^r|}¢áN
³ý?YÆëv3S£|r?ìKßböo½??yÒ??í?®.yP??Ýíãss¸eu%rðô?^ + üCg?òÑ#]-ÓQ??îg5
ú~ø$³ÛwH¢?!_íI?7Å?Øi?¶M>ÛQI§âMwICàúevt¹Äª«ii?ª,??$?}åj5aD¡eÄÍ=â¨Hm×X2L=ª½ØM?ÈOi?Õ??x¼ Vp°??-u÷¬?ï#橁×AüVcÚ?ä?þβ
}â?W²{3ZK

£?¯0?«0 U00U°0U%0+
+
0U =UùËpû>1¹7í(*z}×Ѥ0U#0?Srí??àÚË
\|~?5NòÔ¸Q?0U0metajun
kie (at) gmail (dot) com0 [email concealed]?!U ?0?0?+

µ7
0?
ÿ0.+

"http://www.startssl.com/polic
y.pdf04+

(http://www.startssl.com/intermediate.pdf0÷+

0ê0' StartCom Certification Authority0

¾This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.0?+
00' StartCom Certification Authority0
dLiability and warranties are limited! See section "Legal and Limitations" of the StartCom CA policy.06U/0-0+ ) '?%http://crl.startssl.com/crtu1-crl.crl0?+



009+
0
?-http://ocsp.startssl.com/sub/class1/client/ca0B
+
0?6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U
0?http://www.startssl.com/0
 *?H?÷


?

$ô<?UÕø©ë5?q^ØôoQ«©)«a?zYa?>}?úOH¡kÒás+½7Ó?#Ôµ?qÊ?ûãB
îÑ5?/ø̲«Ù½2Ô!¹9úB}©?G(Àf¡?×­º3?æë®vÍo?P*ÍHü? T÷|/ø~^1u+3?¥hkû±?VBD?­Ní_æA*üik?Ψ
s¶a?«Ñlü?^â~øpâëæXÏgm|_
?²¼ ®?GÈU???Õ°a­´9ø8Ëü|J¯ÿZË=î
tÆRPôå?Ðm[¨ßÈZÍÙ'%s°1?o0?k

0?0?10 UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CAݲ0 + ?
¯0 *?H?÷

1 *?H?÷


0 *?H?÷

1
120626173501Z0# *?H?÷

1
|«ÉÅK^?e»¨/úñ?}<0¥ +

?71?0?0?10 UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CAݲ0§*?H?÷

1? ?0?10 UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CAݲ0
 *?H?÷



?
/³ a§vì-êÀº?=ØÛ!Z?¢^tUõ7j/üQC%ÙHm7¼^??t??î¹?Ì?G¥TÜöa#TÅÍ͐¨efØÈà=?rÊJ-?OjñLûQ ®öÁÑQ"×¼¿nÉ?t¥F^d<?¹Úãìé5%?æ¿èÐ?û ?Ø%TL?¯«8Ëè"{'ܽ5@6÷ð>ύä;+x¾ÂÑlü.úÓÑã#X琵??
÷?îs÷?ojSÿQöl×?eÐR&rJ?ß«055ÂÀnÕAª1;TpöDÍ

Q?¦âºµHÛÑ% «??nÙ¬D5m[M=?Р

[ reply ]