Professional Web Applications Themes

Managing Sun Patches - Strategy & Tools - Linux / Unix Administration

Hello, I am a junior SA. We have a Solaris 8 SunFire server which is in production for a year. I've not been putting any patch at the server since the installation. At that time, I installed the latest cluster and security patches. I would like to review and patch my server more often. Any suggestions on free tool or strategy on applying Sun patches ?? Personally, I would prefer to apply patches to fix bugs and only when they are needed. I'd like to know how other experienced SAs out there do it. Your comments are most appreciated. Thanks, ...

  1. #1

    Default Managing Sun Patches - Strategy & Tools

    Hello,

    I am a junior SA. We have a Solaris 8 SunFire server which is in
    production for a year. I've not been putting any patch at the server
    since the installation. At that time, I installed the latest cluster
    and security patches.

    I would like to review and patch my server more often. Any suggestions
    on free tool or strategy on applying Sun patches ?? Personally, I
    would prefer to apply patches to fix bugs and only when they are
    needed. I'd like to know how other experienced SAs out there do it.

    Your comments are most appreciated.

    Thanks,

    Humplhrey

    underh20 Guest

  2. #2

    Default Re: Managing Sun Patches - Strategy & Tools

    "underh20" <com> writes:
     

    Superglue. It's a nice way of applying the recommended patch
    clusters...

    *investigates*

    Unfortunately, our campus doesn't seem to want to distribute it.
    I'm not really sure why. It's theoretically freeware, though... If
    anybody wants a copy, bug me; the license claims "freeware", but that
    doesn't mean that it was run by UIUC legal, so I have no idea if it's
    legit or not.

    - Tim Skirvin (uiuc.edu)
    --
    Theoretical and Computational http://www.ks.uiuc.edu/~tskirvin/
    Biophysics, Beckman Institute, UIUC Senior Systems Administrator
    Tim Guest

  3. #3

    Default Re: Managing Sun Patches - Strategy & Tools

    On 24 Jun 2005 13:39:06 -0700, underh20 <com> wrote: 

    They used to have a tool called "patchdiag" for free from Sun, I seem to
    recall it's been superceded by something else that does basically the
    same thing. Looks at the pkgs installed on your system, looks at the
    available patches out there, scrubs the lists against each other, and
    gives a report, per server, showing which server needs what. I used it
    extensively before Y2K for that little party, and it worked quite well.
     

    That's kind of like asking "what color is paint?". I've worked in shops
    where we patched all security and only bugfix patches where we saw bugs,
    the place I am now is "Install the security and the recommended clusters
    once a quarter, unless a biggie security patch comes out", and there are
    people who apply patches as soon as they come out, no matter what. I've
    never agreed with that last approach, too disruptive for a "just
    because" patch (fine for security patches, of course).

    Back in the Y2K days, I took the output of my patchdiag scans, built a
    list of patches I hadn't applied, and downloaded those which I didn't
    already have locally into a central repository. I then made some
    /etc/rc*.d scripts which would fetch the patches from the repository,
    put the system into the appropriate init state, apply the patches,
    remove itself (so it didn't infinite loop), and bring the system up
    fully. Worked great then, and I still use that basic concept today for
    my quarterly patches.

    So, it depends. I think it's called "PatchPro" these days. Take a
    look, maybe it does most of what you need.
     

    No problem - we've all been junior level, and everyone still is on some
    topic or another.

    Dave Hinz

    Dave Guest

  4. #4

    Default Re: Managing Sun Patches - Strategy & Tools

    Dave Hinz wrote:
     

    Yes. patchcheck/patchdiag, a trim and useful tool, was "superceded" by a
    bloated web-centric piece of garbage called PatchPro, that requires -
    you guessed it! - Java. The site for this abomination is here:

    http://patchpro.sun.com/servlet/com.sun.patchpro.servlet.PatchProServlet

    Fortunately, with a bit of hunting about, you can still find the old
    patchcheck and (more importantly) updated patch cross-reference files.
    This tool is what I still use on the Solaris machines I administer.

    http://sunsolve.sun.com/pub-cgi/show.pl?target=patchkdownload
    http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=patchdiag.xref

    com
    Andrew Guest

Similar Threads

  1. Patches for MX 7?
    By jimpurple in forum Macromedia ColdFusion
    Replies: 2
    Last Post: February 24th, 06:42 PM
  2. Article : Security Tools Part -- 2 (.Net FrameWork Tools Series)
    By Namratha Shah \(Nasha\) in forum ASP.NET Data Grid Control
    Replies: 1
    Last Post: November 23rd, 04:01 PM
  3. patches
    By Sharad Gupta in forum PERL Beginners
    Replies: 1
    Last Post: September 30th, 03:27 AM
  4. XP Patches and more...
    By Robert P. in forum Windows XP/2000/ME
    Replies: 4
    Last Post: July 22nd, 11:55 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139