Try smpatch on solaris, I just remembered that command, it can be used
to report the missing patchs without attempting to apply them. It won't
help with anything manually installed or installed with blastwave or
from sunfreeware.com though, at least it didn't the last time I used it.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Rainer Duffner
Sent: Thursday, June 19, 2008 5:59 AM
To: focus-linux (at) securityfocus (dot) com [email concealed]
Subject: Vulnerability and Patch-Management in Linux (and other Unix)
Hi,
we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CentOS5,
FreeBSD, Ubuntu and lately Solaris.
We use these for a variety of reasons and each system does its job quite
well.
However, patch-management seems to be a weak spot in most cases.
RedHat offers "RedHat Network", but it costs a lot of money (and they
charge more if you want to put your servers in groups in the RHN - WTF?)
FreeBSD offers the portaudit database - we should be able to hack
together something with that.
But what about CentOS? If you have an array of CentOS servers - how do
you track which vulnerabilities each one has?
Running yum update every night is no option.
Does CentOS also maintain a vulnerability database along the lines of
FreeBSD?
How about Solaris?
Ubuntu?
How do you track vulnerabilities across your datacenter?
Regards,
Rainer
No virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 270.4.0/1509 - Release Date:
6/19/2008 8:00 AM
to report the missing patchs without attempting to apply them. It won't
help with anything manually installed or installed with blastwave or
from sunfreeware.com though, at least it didn't the last time I used it.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Rainer Duffner
Sent: Thursday, June 19, 2008 5:59 AM
To: focus-linux (at) securityfocus (dot) com [email concealed]
Subject: Vulnerability and Patch-Management in Linux (and other Unix)
Hi,
we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CentOS5,
FreeBSD, Ubuntu and lately Solaris.
We use these for a variety of reasons and each system does its job quite
well.
However, patch-management seems to be a weak spot in most cases.
RedHat offers "RedHat Network", but it costs a lot of money (and they
charge more if you want to put your servers in groups in the RHN - WTF?)
FreeBSD offers the portaudit database - we should be able to hack
together something with that.
But what about CentOS? If you have an array of CentOS servers - how do
you track which vulnerabilities each one has?
Running yum update every night is no option.
Does CentOS also maintain a vulnerability database along the lines of
FreeBSD?
How about Solaris?
Ubuntu?
How do you track vulnerabilities across your datacenter?
Regards,
Rainer
No virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 270.4.0/1509 - Release Date:
6/19/2008 8:00 AM
[ reply ]