Bugtraq mailing list archives
Re: Keeping any up-to-date?
From: peter () TIOKI COM AU (Peter May)
Date: Fri, 15 Jan 1999 21:48:57 +1100
-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () netspace org]On Behalf Of Randolf-Heiko Skerka Sent: Thursday, 14 January 1999 17:58 To: BUGTRAQ () netspace org Subject: Keeping any up-to-date? On Mon, Jan 11, 1999 at 09:46:02AM +0000, John RIddoch wrote:To carry on the thread of keeping Solaris patched, I wrote a script to automatically update a systems patches overnight via cron.Great work. But are things like that available for other OSes (I´m thinking of AIX, HP-UX, CISCO IOS[?] and so on)? Randolf Skerka
I'm not sure if I would use this type of operation in a production environment. How often do we see a vendor supplied update/patch/PTF which: a) is insufficient, b) is in error, c) makes the situation worse, or d) disables nearly everything to fix a minor problem. at least on the first release of the patch! Most critical security patches are carefully thought out by the vendor to handle most of the people most of the time. As a responsible (!) administrator of many systems I'm pretty sure I want to read all the doc, and ascertain the impact of each particular update/patch/PTF etc. before I apply it to the production box, and probably talk to the customer about it too ... oh, and maybe send each of them an invoice as well :~) That being said, I do have a FreeBSD box here as a `victim' which is updated by SUP every night from the source tree - and it gets broken every once in a while. Oh, and if you want to auto-apply PTF's in the IBM/AIX world, you will be applying up to 10-15 each day. You will need over 14 GB of storage for the entire PTF tree (look at ftp://service.boulder.ibm.com/aix/fixes/v4 ) just for the V4 branch, assuming you are going to mirror them, not somehow intelligently apply them. And a lot of them are tagged as "PE: PTF in error" - but you still have to put it on first before the one that really fixes the problem.... Automation ? Maybe not for me ...
-- +------------------------------------------------------------------------+ | Randolf Skerka debis IT Security Services | | Tel. +49-228-9841-510 Rabinstrasse 8 | | Fax. +49-228-9841-60 53111 Bonn | +------------------------------------------------------------------------+
-------------------------------------------------------------------------- Peter May Phone: +61-2-9402-0250 AIX Software Engineer Fax: +61-2-9402-0251 Interactive Maintenance Services Mobile: +61-412-509-008 mailto:peter () interactivemaint com au http://www.interactivemaint.com.au --------------------------------------------------------------------------
Current thread:
- really silly ff.core exploit for Solaris, (continued)
- really silly ff.core exploit for Solaris John McDonald (Jan 07)
- ff.core exploit on Solaris (2.)7 Daniel J. Frasnelli (Jan 08)
- Re: ff.core exploit on Solaris (2.)7 Casper Dik (Jan 15)
- L0pht tmp tool and (mini) Advisory Dr. Mudge (Jan 08)
- ff.core exploit on Solaris (2.)7 Daniel J. Frasnelli (Jan 08)
- Re: Anonymous Qmail Denial of Service Antonomasia (Jan 07)
- Re: Anonymous Qmail Denial of Service D. J. Bernstein (Jan 09)
- Re: Anonymous Qmail Denial of Service Wietse Venema (Jan 10)
- Keeping Solaris up-to-date John RIddoch (Jan 11)
- Keeping any up-to-date? Randolf-Heiko Skerka (Jan 13)
- Re: Keeping any up-to-date? Ciaran Deignan (Jan 15)
- Re: Keeping any up-to-date? Peter May (Jan 15)
- Administrivia Aleph One (Jan 12)
- Tracing by uid u after root does setuid(u) D. J. Bernstein (Jan 12)
- Re: Tracing by uid u after root does setuid(u) Wietse Venema (Jan 13)
- Re: Tracing by uid u after root does setuid(u) Casper Dik (Jan 13)
- Re: Tracing by uid u after root does setuid(u) James Mathiesen (Jan 15)
- Re: Tracing by uid u after root does setuid(u) Gene Spafford (Jan 13)
- really silly ff.core exploit for Solaris John McDonald (Jan 07)
- Solaris 7 naming... Isaac (Jan 12)
- [(PM) PM3s Die - Comfirmed DoS Attack (fwd)] David TILLOY (Jan 13)
- Government report suggests backdoors for law enforcement Darren Reed (Jan 13)