Re: Patch management tool - a rethink

["Dr. S. A. Vetha Manickam" <avmanickam () yahoo com>]

Hi,
The below said points are valid in the case of Linux. There is no concept of Registray in

the Linux. RPM has its own database. If one installs software  through RPM installer, 
then one can obtain the package information about what is installed or what is not 
installed. If anybody downloads the source code  of a software and compiles and installs,
then no 
way one can patch automatically. This argument is valid for all Linux Distribution.


The one way to overcome these difficulties is in bringing of "Registray concept", where 
all the installed packages information is stored.  We have tried to explore this option 
very seriously. It is very nascent stage. We have made some progress on this. 

with regards

Dr. Manickam
NSS (www.mynetsec.com)

Miles Stevenson <miles () mstevenson org> wrote:
Milind,

I don't see what your question has to do with pen-testing. Please try and 
keep your questions relevant to the discussion topic of the list. This post 
would be more appropriate for the security-basics list.

I'm not aware of a tool that can push package updates to all the different 
linux distributions out there. You have to remember, some of these distro's 
are RPM based such as SuSe and RedHat/Fedora, while some are source based, 
such as Gentoo and Slackware. It is a good idea to treat each individual 
linux distro as a seprate operating system. Just as you would differentiate 
FreeBSD from RedHat, you should differentiate RedHat from SuSe. Each of these 
systems have their own way of managing updates. You will be much better off 
sticking to just a few different operating systems in your environment and 
managing updates to them using tools that were meant for that OS. 

Keeping your systems patched and up-to-date takes constant vigilance. There 
is no magic tool that is going to solve all your problems here. Sorry.






        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------