Focus on Linux
Vulnerability and Patch-Management in Linux (and other Unix) Jun 19 2008 12:58PM
Rainer Duffner (rainer ultra-secure de) (6 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 02:26PM
Sylvain Robitaille (syl alcor concordia ca) (1 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 06:45PM
Lee Fisher (blibbet gmail com)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 11:14AM
Josep L. Guallar-Esteve (guallar easternrad com)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 10:35AM
Eygene Ryabinkin (rea-sec codelabs ru)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 09:02AM
Hari Sekhon (hpsekhon googlemail com)
Rainer Duffner wrote:
> Hi,
>
> we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CentOS5,
> FreeBSD, Ubuntu and lately Solaris.
> We use these for a variety of reasons and each system does its job
> quite well.
>
> However, patch-management seems to be a weak spot in most cases.
> RedHat offers "RedHat Network", but it costs a lot of money (and they
> charge more if you want to put your servers in groups in the RHN - WTF?)
> FreeBSD offers the portaudit database - we should be able to hack
> together something with that.
> But what about CentOS? If you have an array of CentOS servers - how do
> you track which vulnerabilities each one has?
> Running yum update every night is no option.
>
> Does CentOS also maintain a vulnerability database along the lines of
> FreeBSD?
> How about Solaris?
> Ubuntu?
>
> How do you track vulnerabilities across your datacenter?
>
>
> Regards,
>
> Rainer
>
For CentOS: Nagios + check_yum (a plugin I wrote for Nagios to test for
updates on RedHat/CentOS servers). You will find it here

http://www.nagiosexchange.org/cgi-bin/page.cgi?g=Detailed%2F2577.html;d=
1

You may need to copy and paste that link as the funny links used on
nagiosexchange don't always come out well in mail clients.

For Ubuntu: Nagios + check_apt (from the standard Nagios plugins).

I have checks running every hour to watch for patches on my servers on
these distros.

If you ever rise to Gentoo, I wrote one for that too, you can find that
here in case you need it:

http://www.nagiosexchange.org/cgi-bin/page.cgi?g=Detailed%2F1539.html;d=
1

So much for expensive proprietary solutions. Nagios is truly excellent
open source.

-h

--
Hari Sekhon

[ reply ]
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 19 2008 08:08PM
druid stonedcoder org (1 replies)
RE: Vulnerability and Patch-Management in Linux (and other Unix) Jun 19 2008 08:53PM
jacob aers ca (2 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 04:43PM
John Kunkel (jkunkel verite com) (1 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 23 2008 07:50PM
Jason Spears (shadestalker gmail com)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 04:09PM
Ram Prasad (unixengineer gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus