PaulDotCom mailing list archives
Re: Linux offline patching
From: Ryan Sears <rdsears () mtu edu>
Date: Tue, 23 Nov 2010 15:18:43 -0500 (EST)
I worked with RHEL5 for the past year or so using RHN (which isn't the greatest in my opinion), and a yum repo sounds like the best solution. I don't know what you're managing all your clients with (if anything) but i'd look into puppet/CFEngine before RHN/RHN Satellite. They're both grossly expensive, and if you can get away with puppet/CFEngine everything is under your control for free. It's a bit harder to setup/manage, but in the end I think you'll be happier. Keep in mind though that (according to my boss at least) RHEL backports all it's security fixes to previous versions, then doesn't update the version banners. This is *quite* frustrating when trying to figure out what's patched and what's not, and figuring out your attack surface area. My suggestion to you is to get a PoC for at least one of the issues then see if it's still affected. Do it with a few, and you can tell pretty clearly if this is indeed what's going on. I'm not sure WHY Red Hat does this, but we've gone through the exact same ordeal with RHEL/Nessus :(. I BELIEVE that's what's going on. I could be wrong though, so it's always best to test this kind of stuff out. If you have any other questions, feel free to ask! Ryan Sears ----- Original Message ----- From: "Michael Miller" <mike.mikemiller () gmail com> To: "PaulDotCom Security Weekly Mailing List" <pauldotcom () mail pauldotcom com> Sent: Tuesday, November 23, 2010 1:19:44 PM GMT -05:00 US/Canada Eastern Subject: Re: [Pauldotcom] Linux offline patching If you had a host that could be used as a yum depot I would copy the patches to that host and create a local_mirror.repo file in /etc/yum.repos.d . The other option beside reading a CD/DVD is to create the repo on a portable drive. The following link gives a overview on how to create a yum repo. http://linuxtechsupport.blogspot.com/2008/06/configuring-yum-in-rhel5.html My preferred way is via the network or portable hard drive. It's allot faster than waiting for that CD/DVD drive to spin up and read. --mmiller On Tue, Nov 23, 2010 at 2:45 AM, k41zen Me <k41zen () me com> wrote:
I've run a Nessus patch audit on a Red Hat Enterprise 5.2 server and it tells me there 161 missing patches. This server does not have internet connectivity. My question is how do I apply all of these patches offline? _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Linux offline patching k41zen Me (Nov 23)
- Re: Linux offline patching Zate Berg (Nov 26)
- Re: Linux offline patching Sven Aluoor (Nov 26)
- Re: Linux offline patching Michael Miller (Nov 26)
- Re: Linux offline patching Kenneth Voort (Nov 26)
- Re: Linux offline patching Zate Berg (Nov 26)
- Re: Linux offline patching Timothy Legge (Nov 26)
- Re: Linux offline patching k41zen Me (Nov 26)
- Re: Linux offline patching Kenneth Voort (Nov 26)
- Re: Linux offline patching Ryan Sears (Nov 26)
- <Possible follow-ups>
- Re: Linux offline patching ryandewhurst (Nov 26)