A few replies. Stuart Saxon mentioned Service'ability Reliability Acces'ability Support'ability (SRAS) and "Traffic Light Patching" (TLP). TLP however was EOSL in December 2007 from what I can tell: http://blogs.sun.com/patch/entry/patch_automation_tools Damir Delija brought up SANS' "User Vetted Tools" (see Critical Control 10), and some do mention Solaris support on their web page: http://www.sans.org/critical-security-controls/user-tools.php Rob De Langhe mentioned that the Explorer tools collect patch information, but that's not much different than PCA. Karl Vogel said that I should probably just go with PCA plus some home- grown scripting. So it seems that there's no consensus on this. On Mar 16, 2010, at 07:21, David Magda wrote: > I recently posted a question on the SAGE list [1] asking about tools > that could help in managing, reporting, and auditing installed > patches on Solaris (and Linux) machines. In the past we haven't > worried too much about it at $WORK, mostly focusing on keeping up-to- > date on network-accessible stuff (SSH, Apache, FTP, BIND, etc.), but > it's been suggested the Unix sys admin team be a more stringent like > our Windows brethren. > > While PCA seems to be canonical way to install patches, there > doesn't seem to be a canonical way of auditing which patches are > installed. The main tools mentioned in the SAGE thread were: > > . pca, with home-grown scripting built around it for reporting > . Sun/Oracle Ops Center [2] > . BigFix [3] > . Bfg2 > . Lumension (formerly PatchLink, with one recommendation /against/ > it) [4] > . Nagios, with the "check_solaris_pca" plug-in > . GFI Languard (at least for Linux) [5] > . radmind [6] > . Tenable's Nessus 3: not open-source like Nessus 2 and its fork > OpenVAS > . RHN (for Linux), and it's open source cousin Spacewalk > > So are the people on SunManagers doing any kind of reporting and > auditing of patches? If so, can you recommend any FOSS or commercial > products for Solaris (and/or Linux)? Any stuff that should be avoided? > > Thanks for any info. > > > [1] http://mailman.sage.org/pipermail/sage-members/2010/thread.html#00345 > [2] http://www.oracle.com/us/products/enterprise-manager/opscenter/ > [3] http://www.bigfix.com/content/patch-management > [4] http://www.lumension.com/vulnerability-management/patch-management-software.aspx > [5] http://www.gfi.com/lannetscan/patch-management.htm > [6] http://rsug.itd.umich.edu/software/radmind/ > _______________________________________________ > sunmanagers mailing list > sunmanagers@sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Mar 23 06:25:34 2010
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:16 EST