|
Home > Archive > Unix administration > November 2004 > Patch management
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Hi,
How do you, admins succeed in managing your *nix platforms ?
I can undestand for Win32 there are SUS, GPO, Windows Update, SMS, WUS
soon.
But what is the real solution for *nix when you have to manage 100+ servers
with differents configurations ?
On each of them, you install through smit or patchadd/pkgadd or rpm -Uvh
?????
Are there any good solutions (free or for sale) to do this job in a good
way ?
If there are any, what type of package do you prefer to use for managing
patches ?
Thanks
| |
| Dave Hinz 2004-11-23, 6:08 pm |
| On Tue, 23 Nov 2004 21:41:41 +0100, waloo <donotreply@nomail.com> wrote:
> Hi,
>
> How do you, admins succeed in managing your *nix platforms ?
Did you not read the replies already posted to your question?
Several people spent a non-trivial amount of time answering already.
| |
| phn@icke-reklam.ipsec.nu 2004-11-24, 6:28 pm |
| waloo <donotreply@nomail.com> wrote:
> Hi,
> How do you, admins succeed in managing your *nix platforms ?
> I can undestand for Win32 there are SUS, GPO, Windows Update, SMS, WUS
> soon.
> But what is the real solution for *nix when you have to manage 100+ servers
> with differents configurations ?
> On each of them, you install through smit or patchadd/pkgadd or rpm -Uvh
> ?????
> Are there any good solutions (free or for sale) to do this job in a good
> way ?
> If there are any, what type of package do you prefer to use for managing
> patches ?
> Thanks
Each of the un*x has their own method. The flip side is that most un*x
won't need as many patches, some are even safe after a fresh install.
I have a FreeBSD system that has been up for 730 days ( 4.7) and there is
still no (known) threats against it.
Pick your methods
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
| |
|
| Sorry Dave, of course i read replies
I only had problems with my nntp server yesterday
Thanks all for your answer
Except NIM, no product seems to be a centralized released updates server
It seems there is some space left for a constructor to produce a goop
product for patch management in the *nix world :-)
"Dave Hinz" <DaveHinz@spamcop.net> a écrit dans le message de news:
30hlv8F3102vbU1@uni-berlin.de...
> On Tue, 23 Nov 2004 21:41:41 +0100, waloo <donotreply@nomail.com> wrote:
>
> Did you not read the replies already posted to your question?
> Several people spent a non-trivial amount of time answering already.
>
| |
| Dave Hinz 2004-11-24, 6:28 pm |
| On Wed, 24 Nov 2004 20:08:51 +0100, waloo <donotreply@nomail.com> wrote:
> Sorry Dave, of course i read replies
> I only had problems with my nntp server yesterday
> Thanks all for your answer
> Except NIM, no product seems to be a centralized released updates server
> It seems there is some space left for a constructor to produce a goop
> product for patch management in the *nix world :-)
Not hardly; it would fit a need that doesn't exist, do so poorly,
and would add a layer of complexity where it's not warranted.
Middleware in this situation wouldn't add any value.
And please don't top-post.
| |
| Kevin Collins 2004-11-24, 6:28 pm |
| In article <co2gfn$c5o$4@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu wrote:
> waloo <donotreply@nomail.com> wrote:
>
>
>
>
>
>
>
> Each of the un*x has their own method. The flip side is that most un*x
> won't need as many patches, some are even safe after a fresh install.
>
> I have a FreeBSD system that has been up for 730 days ( 4.7) and there is
> still no (known) threats against it.
>
> Pick your methods
Is it plugged in to a network?  Seriously, either you aren't running anything
on it, or you are just unaware of potential issues...
Kevin
| |
| phn@icke-reklam.ipsec.nu 2004-11-24, 6:28 pm |
| Kevin Collins <spamtotrash@toomuchfiction.com> wrote:
> In article <co2gfn$c5o$4@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu wrote:
[vbcol=seagreen]
> Is it plugged in to a network? Seriously, either you aren't running anything
> on it, or you are just unaware of potential issues...
Yes, it is the FW/NAT box for my home network.
All services are stopped of course, ipf is doing what it's supposed to do.
un*x boxes ( in contrast to some i won't mention) closes all ports when
all services are stopped. With no services there is no vulnerabilyties.
With no services there is nothing to update.
> Kevin
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
| |
| Mike Forsman 2004-11-24, 6:28 pm |
| phn@icke-reklam.ipsec.nu wrote:
> Kevin Collins <spamtotrash@toomuchfiction.com> wrote:
>
>
>
>
>
> Yes, it is the FW/NAT box for my home network.
> All services are stopped of course, ipf is doing what it's supposed to do.
>
> un*x boxes ( in contrast to some i won't mention) closes all ports when
> all services are stopped. With no services there is no vulnerabilyties.
> With no services there is nothing to update.
Seems like it has to process packets at some level - can you guaranty
that there's no vulnerabilities in that code?
Mike
| |
| phn@icke-reklam.ipsec.nu 2004-11-25, 2:50 am |
| Mike Forsman <mikejenny@visi.com> wrote:
> phn@icke-reklam.ipsec.nu wrote:
[vbcol=seagreen]
> Seems like it has to process packets at some level - can you guaranty
> that there's no vulnerabilities in that code?
Nope. On the other hand there has been zero reports of that happening.
And the codepath across the kernel is short, and any flaws here is
unlikley to result in anything but a crash.
> Mike
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
|
|
|
|
|