Focus on Linux
Vulnerability and Patch-Management in Linux (and other Unix) Jun 19 2008 12:58PM
Rainer Duffner (rainer ultra-secure de) (6 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 02:26PM
Sylvain Robitaille (syl alcor concordia ca) (1 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 06:45PM
Lee Fisher (blibbet gmail com)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 11:14AM
Josep L. Guallar-Esteve (guallar easternrad com)
On Thursday 19 June 2008 08:58:31 Rainer Duffner wrote:
> Hi,
>
> we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CentOS5,
> FreeBSD, Ubuntu and lately Solaris.
> We use these for a variety of reasons and each system does its job quite
> well.
>
> However, patch-management seems to be a weak spot in most cases.
> RedHat offers "RedHat Network", but it costs a lot of money (and they
> charge more if you want to put your servers in groups in the RHN - WTF?)
> FreeBSD offers the portaudit database - we should be able to hack
> together something with that.
> But what about CentOS? If you have an array of CentOS servers - how do
> you track which vulnerabilities each one has?
> Running yum update every night is no option.
>
> Does CentOS also maintain a vulnerability database along the lines of
> FreeBSD?
> How about Solaris?
> Ubuntu?
>
> How do you track vulnerabilities across your datacenter?
>
>
> Regards,
>
> Rainer

First, get subscribed to all your OS vendor security mailing lists.

Then, set up a series of scripts to do "Test updates" and send an email to the
sysadmin group with the result. A couple of lines of bash scripting plus an
easy cron entry and you are done.

Finally, if there is an update to be available, you can log into the system
and install the update.

If your servers are streamlined, not many updates will affect your server.

We do this in house for our Linux servers.

Regards,
Josep
--
Josep L. Guallar-Esteve - IT Department

This transmission is intended for the use of the entity or individual to which
or whom it is addressed. The transmission or any documents accompanying the
transmission may contain confidential information. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or action taken in reliance on the contents of the transmission or the
documents is strictly prohibited. If you have received this confidential
transmission in error, please destroy it and any accompanying documents and
notify the sender immediately. Thank you.

[ reply ]
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 10:35AM
Eygene Ryabinkin (rea-sec codelabs ru)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 09:02AM
Hari Sekhon (hpsekhon googlemail com)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 19 2008 08:08PM
druid stonedcoder org (1 replies)
RE: Vulnerability and Patch-Management in Linux (and other Unix) Jun 19 2008 08:53PM
jacob aers ca (2 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 04:43PM
John Kunkel (jkunkel verite com) (1 replies)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 23 2008 07:50PM
Jason Spears (shadestalker gmail com)
Re: Vulnerability and Patch-Management in Linux (and other Unix) Jun 20 2008 04:09PM
Ram Prasad (unixengineer gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus