Focus on Linux
Vulnerability and Patch-Management in Linux (and other Unix) Jun 19 2008 12:58PM
Rainer Duffner (rainer ultra-secure de) (6 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 02:26PM
Sylvain Robitaille (syl alcor concordia ca) (1 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 06:45PM
Lee Fisher (blibbet gmail com)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 11:14AM
Josep L. Guallar-Esteve (guallar easternrad com)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 10:35AM
Eygene Ryabinkin (rea-sec codelabs ru)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 09:02AM
Hari Sekhon (hpsekhon googlemail com)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 19 2008 08:08PM
druid stonedcoder org (1 replies)
RE: Vulnerability and Patch-Management in Linux (and other Unix) Jun 19 2008 08:53PM
jacob aers ca (2 replies)
Security plugin for YUM (which might also handle Redhat)

http://wiki.linux.duke.edu/YumUtils/Plugins/Security?highlight=(Category

Yum)

I haven't tried it but we are just in the process of evaluating/moving
to centos and it's on the todo list.

With Debian I usually just used the "stable" tree for apt which only
updates packages for security. It was never supposed to update the major
version number of a package (i.e. php-4 to php-5). There should be a way
to make Ubuntu do the same thing but I haven't used Ubuntu as a server
platform yet.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of druid (at) stonedcoder (dot) org [email concealed]
Sent: Thursday, June 19, 2008 1:09 PM
To: Rainer Duffner
Cc: focus-linux (at) securityfocus (dot) com [email concealed];
focus-linux-return-3196 (at) securityfocus (dot) com [email concealed]
Subject: Re: Vulnerability and Patch-Management in Linux (and other
Unix)

So, if you have the money you can use Opsware Server Automation System
(SAS) which will patch and manage all of those OSes and more. Opsware
was
bought by HP so the product is now called HP Server Automation (HPSA).

To be honest, this is a GREAT solution, but costs a lot. for medium to
large enterprises totally worth it and actually kind of necassary, for
small business, welcome to the wonderful world of scripting :P.

http://en.wikipedia.org/wiki/Opsware
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto

&cp=1-11-271-273^14711_4000_100__

I know this will probably be out of your price range, but it is
sometimes
enlightening to see how large corporations handle this sort of thing.

On Thu, 19 Jun 2008, Rainer Duffner wrote:

> Hi,
>
> we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CentOS5,
FreeBSD,
> Ubuntu and lately Solaris.
> We use these for a variety of reasons and each system does its job
quite
> well.
>
> However, patch-management seems to be a weak spot in most cases.
> RedHat offers "RedHat Network", but it costs a lot of money (and they
charge
> more if you want to put your servers in groups in the RHN - WTF?)
> FreeBSD offers the portaudit database - we should be able to hack
together
> something with that.
> But what about CentOS? If you have an array of CentOS servers - how do
you
> track which vulnerabilities each one has?
> Running yum update every night is no option.
>
> Does CentOS also maintain a vulnerability database along the lines of
> FreeBSD?
> How about Solaris?
> Ubuntu?
>
> How do you track vulnerabilities across your datacenter?
>
>
> Regards,
>
> Rainer
>
>
>

No virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 270.4.0/1509 - Release Date:
6/19/2008 8:00 AM

[ reply ]
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 04:43PM
John Kunkel (jkunkel verite com) (1 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 23 2008 07:50PM
Jason Spears (shadestalker gmail com)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 04:09PM
Ram Prasad (unixengineer gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus