Rainer Duffner wrote:
> Hi,
>
> we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CentOS5,
> FreeBSD, Ubuntu and lately Solaris.
> We use these for a variety of reasons and each system does its job
> quite well.
>
> However, patch-management seems to be a weak spot in most cases.
> RedHat offers "RedHat Network", but it costs a lot of money (and they
> charge more if you want to put your servers in groups in the RHN - WTF?)
> FreeBSD offers the portaudit database - we should be able to hack
> together something with that.
> But what about CentOS? If you have an array of CentOS servers - how do
> you track which vulnerabilities each one has?
> Running yum update every night is no option.
>
> Does CentOS also maintain a vulnerability database along the lines of
> FreeBSD?
> How about Solaris?
> Ubuntu?
>
> How do you track vulnerabilities across your datacenter?
>
>
> Regards,
>
> Rainer
>
For CentOS: Nagios + check_yum (a plugin I wrote for Nagios to test for
updates on RedHat/CentOS servers). You will find it here
> Hi,
>
> we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CentOS5,
> FreeBSD, Ubuntu and lately Solaris.
> We use these for a variety of reasons and each system does its job
> quite well.
>
> However, patch-management seems to be a weak spot in most cases.
> RedHat offers "RedHat Network", but it costs a lot of money (and they
> charge more if you want to put your servers in groups in the RHN - WTF?)
> FreeBSD offers the portaudit database - we should be able to hack
> together something with that.
> But what about CentOS? If you have an array of CentOS servers - how do
> you track which vulnerabilities each one has?
> Running yum update every night is no option.
>
> Does CentOS also maintain a vulnerability database along the lines of
> FreeBSD?
> How about Solaris?
> Ubuntu?
>
> How do you track vulnerabilities across your datacenter?
>
>
> Regards,
>
> Rainer
>
For CentOS: Nagios + check_yum (a plugin I wrote for Nagios to test for
updates on RedHat/CentOS servers). You will find it here
http://www.nagiosexchange.org/cgi-bin/page.cgi?g=Detailed%2F2577.html;d=
1
You may need to copy and paste that link as the funny links used on
nagiosexchange don't always come out well in mail clients.
For Ubuntu: Nagios + check_apt (from the standard Nagios plugins).
I have checks running every hour to watch for patches on my servers on
these distros.
If you ever rise to Gentoo, I wrote one for that too, you can find that
here in case you need it:
http://www.nagiosexchange.org/cgi-bin/page.cgi?g=Detailed%2F1539.html;d=
1
So much for expensive proprietary solutions. Nagios is truly excellent
open source.
-h
--
Hari Sekhon
[ reply ]