Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Database of Patched Software?

Posted by Cliff on from the bringing-it-all-together dept.

Midnight Warrior asks: "I am one system administrator for what is an organization of dozens of LANs. Together, we all must keep our machines patched. Now we can all watch CVE, frequent securityfocus.com, or let LWN [Updated vulnerabilities section] bring things together. LWN does a fabulous job, but I'm looking for something bigger and more personalized that doesn't require the system be on the internet. Freshmeat, SourceForge, and Google are all NULL on this question: is there a database, and scraping agents in existence that will let one person oversee dozens of OS installations, a mish-mash of software packages, and an even worse level of up-to-date patching exist so that when a new vulnerability against, say, OpenSSH comes out, I can look up which systems need to be tested and patched? My work should be limited to maintaining OS (not just Linux distros), software versions, and current patch lists. This is a classic database problem, but has someone already solved it?"

5 of 37 comments (clear)

  1. Huh? by ichimunki · · Score: 3, Informative

    Why would you be hand-maintaining most of this software in the first place? Why not standardize on a distro or two that have auto-update functionality and use this to update via cron job against a local repository?

    --
    I do not have a signature
  2. Novell's Zenworks by Anonymous Coward · · Score: 2, Informative


    Novell has made a huge push into this space with their Zenworks package. It has all sorts of database and report writing functionality, and they've added Linux support in addition to the traditional Windows support.

  3. Use RedHat? by Koldark · · Score: 2, Informative

    I know RedHat has a nice looking system for keeping you notifed of server versions. As far as Windows? I don't know.

    --
    Mike http://thenextgenerationofradio.com
  4. Cassandra by pmeunier · · Score: 3, Informative

    Please have a look at the free Cassandra system:
    https://cassandra.cerias.purdue.edu
    You can create any number of profiles, and you get emails daily about new CVE entries in ICAT (icat.nist.gov) or Secunia advisories (Secunia) that relate to the software or keywords you select.
    You can use the freeware KeyAudit to scan your systems:
    Windows KeyAudit: http://www.sassafras.com/restricted/keyaudit/keyau dit.exe
    Mac KeyAudit: http://www.sassafras.com/restricted/keyaudit/keyau dit.sit

    Sassafras just stopped maintaining KeyAudit, so I'm looking for an alternative application scanner to replace KeyAudit, as well as a Linux/UNIX equivalent (I'm the author of Cassandra).

    I'm aware that it's not perfect, and the html and presentations are rather basic. However, it's free, it has been working for a few years now, and I'm listening for suggestions and open to criticism. I'll try to improve it as time allows.
    Cheers
    Pascal Meunier

  5. Configuration management by heydrick · · Score: 3, Informative

    Use configuration management so you can control and know exactly what is running on your systems.

    Papers have been written about automating patch management using cfengine and a database.