Re: Patch management tool - a rethink

From: Dr. S. A. Vetha Manickam (avmanickam@yahoo.com)
Date: Thu Sep 09 2004 - 01:24:56 EDT


Hi,
The below said points are valid in the case of Linux. There is no concept of Registray in

the Linux. RPM has its own database. If one installs software through RPM installer,
then one can obtain the package information about what is installed or what is not
installed. If anybody downloads the source code of a software and compiles and installs,
then no
way one can patch automatically. This argument is valid for all Linux Distribution.

The one way to overcome these difficulties is in bringing of "Registray concept", where
all the installed packages information is stored. We have tried to explore this option
very seriously. It is very nascent stage. We have made some progress on this.

with regards

Dr. Manickam
NSS (www.mynetsec.com)

Miles Stevenson <miles@mstevenson.org> wrote:
Milind,

I don't see what your question has to do with pen-testing. Please try and
keep your questions relevant to the discussion topic of the list. This post
would be more appropriate for the security-basics list.

I'm not aware of a tool that can push package updates to all the different
linux distributions out there. You have to remember, some of these distro's
are RPM based such as SuSe and RedHat/Fedora, while some are source based,
such as Gentoo and Slackware. It is a good idea to treat each individual
linux distro as a seprate operating system. Just as you would differentiate
FreeBSD from RedHat, you should differentiate RedHat from SuSe. Each of these
systems have their own way of managing updates. You will be much better off
sticking to just a few different operating systems in your environment and
managing updates to them using tools that were meant for that OS.

Keeping your systems patched and up-to-date takes constant vigilance. There
is no magic tool that is going to solve all your problems here. Sorry.

        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:04 EDT