[9077] in bugtraq
Re: Keeping any up-to-date?
daemon@ATHENA.MIT.EDU (Peter May)
Fri Jan 15 14:29:15 1999
Date: Fri, 15 Jan 1999 21:48:57 +1100
Reply-To: Peter May <peter@TIOKI.COM.AU>
From: Peter May <peter@TIOKI.COM.AU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990114075747.A23516@merlin.itsec-debis.de>
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@netspace.org]On Behalf Of
> Randolf-Heiko Skerka
> Sent: Thursday, 14 January 1999 17:58
> To: BUGTRAQ@netspace.org
> Subject: Keeping any up-to-date?
>
>
> On Mon, Jan 11, 1999 at 09:46:02AM +0000, John RIddoch wrote:
> > To carry on the thread of keeping Solaris patched, I wrote a script=
to
> > automatically update a systems patches overnight via cron.
>
> Great work. But are things like that available for other OSes
> (I=B4m thinking
> of AIX, HP-UX, CISCO IOS[?] and so on)?
>
> Randolf Skerka
>
I'm not sure if I would use this type of operation in a production
environment.
How often do we see a vendor supplied update/patch/PTF which:
a) is insufficient,
b) is in error,
c) makes the situation worse, or
d) disables nearly everything to fix a minor problem.
at least on the first release of the patch!
Most critical security patches are carefully thought out by the vendor =
to
handle most of the people most of the time. As a responsible (!)
administrator of many systems I'm pretty sure I want to read all the do=
c,
and ascertain the impact of each particular update/patch/PTF etc. befor=
e
I apply it to the production box, and probably talk to the customer
about it too ... oh, and maybe send each of them an invoice as well :~)
That being said, I do have a FreeBSD box here as a `victim' which is
updated by SUP every night from the source tree - and it gets broken
every once in a while.
Oh, and if you want to auto-apply PTF's in the IBM/AIX world, you will =
be
applying up to 10-15 each day. You will need over 14 GB of storage for =
the
entire PTF tree (look at ftp://service.boulder.ibm.com/aix/fixes/v4 )
just for the V4 branch, assuming you are going to mirror them, not
somehow intelligently apply them. And a lot of them are tagged as
"PE: PTF in error" - but you still have to put it on first before the o=
ne
that really fixes the problem....
Automation ? Maybe not for me ...
> --
> +--------------------------------------------------------------------=
----+
> | Randolf Skerka debis IT Security Servi=
ces |
> | Tel. +49-228-9841-510 Rabinstrass=
e 8 |
> | Fax. +49-228-9841-60 53111 B=
onn |
> +--------------------------------------------------------------------=
----+
>
-----------------------------------------------------------------------=
---
Peter May Phone: +61-2-9402-0=
250
AIX Software Engineer Fax: +61-2-9402-0=
251
Interactive Maintenance Services Mobile: +61-412-509-=
008
mailto:peter@interactivemaint.com.au http://www.interactivemaint.com=
.au
-----------------------------------------------------------------------=
---
