Penetration Testing mailing list archives
Re: Patch management tool - a rethink
From: "Dr. S. A. Vetha Manickam" <avmanickam () yahoo com>
Date: Wed, 8 Sep 2004 22:24:56 -0700 (PDT)
Hi, The below said points are valid in the case of Linux. There is no concept of Registray in the Linux. RPM has its own database. If one installs software through RPM installer, then one can obtain the package information about what is installed or what is not installed. If anybody downloads the source code of a software and compiles and installs, then no way one can patch automatically. This argument is valid for all Linux Distribution. The one way to overcome these difficulties is in bringing of "Registray concept", where all the installed packages information is stored. We have tried to explore this option very seriously. It is very nascent stage. We have made some progress on this. with regards Dr. Manickam NSS (www.mynetsec.com) Miles Stevenson <miles () mstevenson org> wrote: Milind, I don't see what your question has to do with pen-testing. Please try and keep your questions relevant to the discussion topic of the list. This post would be more appropriate for the security-basics list. I'm not aware of a tool that can push package updates to all the different linux distributions out there. You have to remember, some of these distro's are RPM based such as SuSe and RedHat/Fedora, while some are source based, such as Gentoo and Slackware. It is a good idea to treat each individual linux distro as a seprate operating system. Just as you would differentiate FreeBSD from RedHat, you should differentiate RedHat from SuSe. Each of these systems have their own way of managing updates. You will be much better off sticking to just a few different operating systems in your environment and managing updates to them using tools that were meant for that OS. Keeping your systems patched and up-to-date takes constant vigilance. There is no magic tool that is going to solve all your problems here. Sorry. __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Re: Patch management tool - a rethink Dr. S. A. Vetha Manickam (Sep 09)
- <Possible follow-ups>
- Re: Patch management tool - a rethink J. Oquendo (Sep 11)