Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: John Kunkel (jkunkelverite.com)
Date: Fri Jun 20 2008 - 11:43:52 CDT
One word of caution with apt is if you use stable it will get major
version updates when they move to a new stable project. With later
installs of etch they have changed the default source.list to use etch
instead of stable. This prevents any issues when project moves happen.
I am sure Ubuntu will have something similar.
Hope that is helpful.
On Jun 19, 2008, at 2:53 PM, <jacobaers.ca> wrote:
> Security plugin for YUM (which might also handle Redhat)
> I haven't tried it but we are just in the process of evaluating/moving
> to centos and it's on the todo list.
> With Debian I usually just used the "stable" tree for apt which only
> updates packages for security. It was never supposed to update the
> version number of a package (i.e. php-4 to php-5). There should be a
> to make Ubuntu do the same thing but I haven't used Ubuntu as a server
> platform yet.
> -----Original Message-----
> From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com
> On Behalf Of druidstonedcoder.org
> Sent: Thursday, June 19, 2008 1:09 PM
> To: Rainer Duffner
> Cc: focus-linuxsecurityfocus.com;
> Subject: Re: Vulnerability and Patch-Management in Linux (and other
> So, if you have the money you can use Opsware Server Automation System
> (SAS) which will patch and manage all of those OSes and more. Opsware
> bought by HP so the product is now called HP Server Automation (HPSA).
> To be honest, this is a GREAT solution, but costs a lot. for medium to
> large enterprises totally worth it and actually kind of necassary, for
> small business, welcome to the wonderful world of scripting :P.
> I know this will probably be out of your price range, but it is
> enlightening to see how large corporations handle this sort of thing.
> On Thu, 19 Jun 2008, Rainer Duffner wrote:
>> we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CentOS5,
>> Ubuntu and lately Solaris.
>> We use these for a variety of reasons and each system does its job
>> However, patch-management seems to be a weak spot in most cases.
>> RedHat offers "RedHat Network", but it costs a lot of money (and they
>> more if you want to put your servers in groups in the RHN - WTF?)
>> FreeBSD offers the portaudit database - we should be able to hack
>> something with that.
>> But what about CentOS? If you have an array of CentOS servers - how
>> track which vulnerabilities each one has?
>> Running yum update every night is no option.
>> Does CentOS also maintain a vulnerability database along the lines of
>> How about Solaris?
>> How do you track vulnerabilities across your datacenter?
> No virus found in this incoming message.
> Checked by AVG.
> Version: 8.0.100 / Virus Database: 270.4.0/1509 - Release Date:
> 6/19/2008 8:00 AM