Bugtraq mailing list archives
Keeping Solaris up-to-date
From: jr () SCMS RGU AC UK (John RIddoch)
Date: Mon, 11 Jan 1999 09:46:02 +0000
To carry on the thread of keeping Solaris patched, I wrote a script to automatically update a systems patches overnight via cron. The script uses perl and runs under 5.0004, although it should work under most new versions (it certainly doesn't use any wierd perl calls). The script (and associated patches) should reside in an NFS-mounted directory so that they can be updated centrally (that was the reason for writing the script in the first place). I chose /var/spool/pkg, but it is easily changed in the script. Under that directory, OS versions and architecture specific versions can be placed. It uses uname -m for the architecture (eg, sun4m) since some patches are specific to the sun4u platform (and presumably some are specific to other architectures, although I haven't noticed them). If you don't care about that, simply change to uname -p (sparc/i386) or symlink the directories. The script has no output unless an error occurs, so you don't get the entire patchadd output from 50 machines every time you add a patch. If you have any comments/modifications, mail them to me and I'll post a summary to the list. Ok, here's the script: #!/usr/local/bin/perl use strict # Script to automatically update patches on solaris machines # Designed to be run automatically through cron every night # and only report when there is a problem. # Copyright (c) 1998 John Riddoch (jr () scms rgu ac uk) # Feel free to redistribute/modify with attribution # Set location for logging $PATCHLOG="/var/log/patchupdate"; # select OS version and architecture for patches: $OS=`uname -s`; chomp $OS; $OSVER=`uname -r`; chomp $OSVER; $ARCH=`uname -m`; chomp $ARCH; $patchdir="/var/spool/pkg/" . $OS . "-" . $OSVER . "/" . $ARCH; $patchlist=$patchdir . "/patch_list"; # Get a list of currently installed patches: # Sort these so that the newest patch rev. will be last. open ( SHOWREV, "/usr/bin/showrev -p|/usr/bin/sort|" ) ||\ die "Can't read patch list\n"; while ( <SHOWREV> ) { ( $patch ) = ( split / / ) [1]; ( $patchid, $rev ) = split ( "-", $patch ); $installed{$patchid} = $rev; } close (SHOWREV); # Now go through list of patches we want installed open (PATCHLIST, $patchlist) || die "Cannot open list of required patches"; while ( $patch = <PATCHLIST> ) { chomp $patch; ( $patchid, $rev ) = split ( "-", $patch ); if ( $installed{$patchid} eq "" || $installed{$patchid} < $rev ) { system ( "/usr/sbin/patchadd -M $patchdir $patch >> $PATCHLOG" ) &&\ print "Installation of patch $patch failed!\n"; } } close (PATCHLIST); -- John Riddoch Email: jr () scms rgu ac uk Telephone: (01224)262730 Room C4, School of Computer and Mathematical Science Robert Gordon University, Aberdeen, AB25 1HG Any sufficiently advanced technology is indistinguishable from a rigged demo.
Current thread:
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service), (continued)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Len Budney (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Kragen Sitaker (Jan 09)
- really silly ff.core exploit for Solaris John McDonald (Jan 07)
- ff.core exploit on Solaris (2.)7 Daniel J. Frasnelli (Jan 08)
- Re: ff.core exploit on Solaris (2.)7 Casper Dik (Jan 15)
- L0pht tmp tool and (mini) Advisory Dr. Mudge (Jan 08)
- ff.core exploit on Solaris (2.)7 Daniel J. Frasnelli (Jan 08)
- Re: Anonymous Qmail Denial of Service Antonomasia (Jan 07)
- Re: Anonymous Qmail Denial of Service D. J. Bernstein (Jan 09)
- Re: Anonymous Qmail Denial of Service Wietse Venema (Jan 10)
- Keeping Solaris up-to-date John RIddoch (Jan 11)
- Keeping any up-to-date? Randolf-Heiko Skerka (Jan 13)
- Re: Keeping any up-to-date? Ciaran Deignan (Jan 15)
- Re: Keeping any up-to-date? Peter May (Jan 15)
- Administrivia Aleph One (Jan 12)
- Tracing by uid u after root does setuid(u) D. J. Bernstein (Jan 12)
- Re: Tracing by uid u after root does setuid(u) Wietse Venema (Jan 13)
- Re: Tracing by uid u after root does setuid(u) Casper Dik (Jan 13)
- Re: Tracing by uid u after root does setuid(u) James Mathiesen (Jan 15)
- Re: Tracing by uid u after root does setuid(u) Gene Spafford (Jan 13)
- Solaris 7 naming... Isaac (Jan 12)