Bugtraq mailing list archives
Re: Keeping Solaris up-to-date
From: lipman () HELIX NIH GOV (Everett Lipman)
Date: Wed, 13 Jan 1999 13:01:53 -0500
From: John RIddoch <jr () SCMS RGU AC UK> Subject: Keeping Solaris up-to-date To carry on the thread of keeping Solaris patched, I wrote a script to automatically update a systems patches overnight via cron.
[...]
The script (and associated patches) should reside in an NFS-mounted directory so that they can be updated centrally (that was the reason for writing the script in the first place).
[...]
The script has no output unless an error occurs, so you don't get the entire patchadd output from 50 machines every time you add a patch.
Is it really a good idea to run a script as root via cron from an NFS-mounted directory? What if someone breaks root on one machine, does a quick 'su' and replaces your NFS-mounted script? Seems they would own all 50 machines by morning. Everett Lipman (lipman () helix nih gov)
Current thread:
- Re: Keeping Solaris up-to-date Everett Lipman (Jan 13)
- Re: Keeping Solaris up-to-date Corey Lindsly (Jan 14)