SUMMARY: Patch management

From: Jeff Kennedy <>
Date: Wed Dec 19 2001 - 16:46:06 EST
Thanks to:

Greg Gallagher		Mathew Atkinson
Simon McCartney		Eric Horne
Sergio Gelato

Everyone had some very interesting and clever tricks for patch
management using patchdiag and scripts.  Much more clever than I have
ever been I must admit.

Special thanks to Greg for the following link:

If I were going to manage patches I would have used this extensively. 
However, we have decided that it just wasn't worth the hassel.  Instead
we will use Solaris' new flash archive and just rebuild our clients
every 6 months.  With flash archive we've gotten a rebuild down to 20
minutes including the cfengine run.  So we could rebuild 15 boxes every
hour, making a complete floor rebuild possible in less than a weekend. 
Better and easier than trying to manage individual patches in our

We met with Mark Burgess when he was here for the Lisa conference
(cfengine creator) and it was also his opinion that patch management was
easier this way, which is what finally tipped us in that direction. 
Cfengine, he said, was never designed for patch management nor will it

'Nuff said.


Jeff Kennedy wrote:
> We are having issues with patch management and I am wondering what other
> people are doing in a medium sized environment.
> I have approx. 500 Sun workstations running a mixture of Solaris 7 and 8
> and need to keep up with patches on these. I have looked at PatchReport
> which seems to have some definite possibilities but before I start
> building I wanted to get some input from this forum as to how you handle
> it.
> The requirements are these:
> single patch master pulls patch list from Sun across internet
> all clients pull from patch master
> recommended/security patches are fully automated
> application specific patches are given as an argument or in a file
>         these patches are pulled only by the clients running the application
> I think what I am looking for is cfengine for patch management, but I'm
> open to suggestions.
> Thanks.

Jeff Kennedy
Unix Administrator
Received on Wed Dec 19 21:46:06 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:38 EDT