On Thursday 19 June 2008 08:58:31 Rainer Duffner wrote:
> Hi,
>
> we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CentOS5,
> FreeBSD, Ubuntu and lately Solaris.
> We use these for a variety of reasons and each system does its job quite
> well.
>
> However, patch-management seems to be a weak spot in most cases.
> RedHat offers "RedHat Network", but it costs a lot of money (and they
> charge more if you want to put your servers in groups in the RHN - WTF?)
> FreeBSD offers the portaudit database - we should be able to hack
> together something with that.
> But what about CentOS? If you have an array of CentOS servers - how do
> you track which vulnerabilities each one has?
> Running yum update every night is no option.
>
> Does CentOS also maintain a vulnerability database along the lines of
> FreeBSD?
> How about Solaris?
> Ubuntu?
>
> How do you track vulnerabilities across your datacenter?
>
>
> Regards,
>
> Rainer
First, get subscribed to all your OS vendor security mailing lists.
Then, set up a series of scripts to do "Test updates" and send an email to the
sysadmin group with the result. A couple of lines of bash scripting plus an
easy cron entry and you are done.
Finally, if there is an update to be available, you can log into the system
and install the update.
If your servers are streamlined, not many updates will affect your server.
We do this in house for our Linux servers.
Regards,
Josep
--
Josep L. Guallar-Esteve - IT Department
This transmission is intended for the use of the entity or individual to which
or whom it is addressed. The transmission or any documents accompanying the
transmission may contain confidential information. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or action taken in reliance on the contents of the transmission or the
documents is strictly prohibited. If you have received this confidential
transmission in error, please destroy it and any accompanying documents and
notify the sender immediately. Thank you.
> Hi,
>
> we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CentOS5,
> FreeBSD, Ubuntu and lately Solaris.
> We use these for a variety of reasons and each system does its job quite
> well.
>
> However, patch-management seems to be a weak spot in most cases.
> RedHat offers "RedHat Network", but it costs a lot of money (and they
> charge more if you want to put your servers in groups in the RHN - WTF?)
> FreeBSD offers the portaudit database - we should be able to hack
> together something with that.
> But what about CentOS? If you have an array of CentOS servers - how do
> you track which vulnerabilities each one has?
> Running yum update every night is no option.
>
> Does CentOS also maintain a vulnerability database along the lines of
> FreeBSD?
> How about Solaris?
> Ubuntu?
>
> How do you track vulnerabilities across your datacenter?
>
>
> Regards,
>
> Rainer
First, get subscribed to all your OS vendor security mailing lists.
Then, set up a series of scripts to do "Test updates" and send an email to the
sysadmin group with the result. A couple of lines of bash scripting plus an
easy cron entry and you are done.
Finally, if there is an update to be available, you can log into the system
and install the update.
If your servers are streamlined, not many updates will affect your server.
We do this in house for our Linux servers.
Regards,
Josep
--
Josep L. Guallar-Esteve - IT Department
This transmission is intended for the use of the entity or individual to which
or whom it is addressed. The transmission or any documents accompanying the
transmission may contain confidential information. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or action taken in reliance on the contents of the transmission or the
documents is strictly prohibited. If you have received this confidential
transmission in error, please destroy it and any accompanying documents and
notify the sender immediately. Thank you.
[ reply ]