SUMMARY:Question regarding Patches

From: Systems Administrator (sysadmin@astrosun.tn.cornell.edu)
Date: Fri Aug 16 1996 - 14:12:06 CDT


Hello and THANKS for all the responses!

Basically, there are a few different levels of patches: recommended
patches, security patches (which I beleive are always a part of
recommended patches), and standard program bug fixes (that are not a
part of recommended patches). The recommended patches can be found for
free from http://sunsolve.sun.com/. Other non-public patches can be
obtained thru a contract with sun and is usually distributed on the
sunsolve cd set (which I just found that I can obtain thru the
university).

For Solaris, you use the installpatch program and the system will
install the patch and add it to a database of patches so that using
showrev -p will show you the patches installed. On SunOS (which I am
currently on) you have to manually add the patch to the
/usr/etc/install/patch*

Following are the responses I received.

Thanks again for the answers!

------------------------------------------------------------------------
My original question:

patches...learning abou new patches, finding them, installing them,
maintaining them.

I have been told by people that I need this or that patch and I am
usually pointed in the right direction for them and usually follow
instructions given with the patch. I keep reading things about
patchlevels and installpatch programs. It sounds like there is
somewhere a list of all patches and I should be looking at each one of
these and installing them on my system.

I guess I need to know how does one find out about patches in general
and how to use patches while administering a system. How do I know what
patches are installed on my system currently? When I upgrade to a new
level of the Os are there still patches to be added?

------------------------------------------------------------------------
Thanks to:
------------------------------------------------------------------------
bcheng@aspect.com
For solaris 2.x if you install a patch from sun, it automatically add an
ascii file in /usr/etc/install/patch*[whatevername]

when you do a 'showrev -p', it'll show you all the patches that have
been installed.

However*** for sunos, you'll need to add the patch description file
manually into /usr/etc/install/patchinstalled (any name begin with
'patch' would do the job).

Same command, 'showrev -p' would show you the list of patches that have
been installed.

Solaris patches from sun came with install program that would also
detech patch dependencies.

Each level of OS have corresponding list of patches. Check out sunsolve
for latest public patches. (or if you have software contract with sun,
you can also get into non-public patches.)

http://online.sunsolve.sun.co.uk/sunsolve/patches.html

Usually, I'll first install all the recommended patches and then if I
have applications specific problem, then I check into special patches.
-------------------------------------------------------------------
Benjamin Cline <benji@hnt.com>
If you're running a Solaris system, you can use the "showrew -p" to show
the installed patches. If you're still using SunOS, the only good way is
to keep a log of which patches are installed.

Unfortunately, the only good way to keep up with the latest patches is
to
purchase a Sun support contract. While Sun makes security related
patches
freely available, you're can't get (or so the party line goes)
functionality related patches unless your system is still under warranty
or you have a contract.

In general, I've found that one needs to install patches even after
upgrading to the latest release, between the time the release is frozen
and the time I actually get around to installing the release, many bugs
have been found (and hopefully) fixed.
-----------------------------------------------------------------------
Laurent Duperval <laurent@Grafnetix.COM>
It sounds like there is
> somewhere a list of all patches and I should be looking at each one of
> these and installing them on my system.
>

No, don't do that. Only install patches when a problem arises. I
think the sun site has a list of available patches. But you may need a
password to get to it. Or, if you are subscribed to SunSolve, you
should be getting a new CD with patches every month or so.

showrev -p will show you what patches are installed. There is always a
list of recommended patches available on sun's sites, I think. And I
believe they also carry a list of security patches too. Always
install the recommended patches and the security patches. Everything
else is optional and should be installed on an as needed basis.
-------------------------------------------------------------------
misik@dcs.fmph.uniba.sk
  You can find a lot of info on installing/maintaining patches
        in the article "Patch Installation and Maintenance" contained in
the
        SunOpsis newsletter, vol4,no.1. It is available at:

        http://www.sun.ca/newsletter/SunOpsisVol4.No1/SunOpsisVol4.No1.html
        
 A complete list of patches for all OSs is called "PatchReport".
        Access it via SunSolve Online Patch Access
        (URL is http://sunsolve.sun.com/pub-cgi/patchpage.pl).

 To list all patches currently installed: "showrev -p" or
        "ls /var/sadm/patch". When you upgrade your OS you only need to
apply
        patches for your version.

----------------------------------------------------------------------
iv08480@issc02.mdc.com (Colin Melville)
Go to http://sunsolve.sun.com/sunsolve/ssgateway.html, and ask your Sun
salesperson to set you up with the bi-monthly SunSolve CD.

----------------------------------------------------------------------
Tommy Williams <tommy@vumclib.mc.vanderbilt.edu>
Have a look at <http://sunsolve.sun.com/>. This is Sun's official Web
site
for patches. If you have a service contract with Sun, you can use an
online
form to sign up for contract level services to get access to ALL
patches,
althought Sun makes all recommended and security patches available to
the
public. All your Sun patches are available here.

----------------------------------------------------------------------
gibian@stars1.hanscom.af.mil (Marc S. Gibian)
First, you have to have a software maintainance contract. If you do not,
then
you are restricted to the general public portion of the www.sunsolve.com
site.

Second, then use the private portion of www.sunsolve.com and you have
lots of
searching and fetching.
------------------------------------------------------------------------
Rasana Atreya <Rasana.Atreya@library.ucsf.edu>
subscribe to: cert-advisory-request@cert.org
(http://www.cert.org)

They keep you informed on what possible vulnerabilities your system
might have.
And if you keep looking at the patch site, patches to rectify those
vulnerabilities eventually follow. I'm sure there are other (better)
ways
that I do not know.

One place to look for Sun patches is:
http://access1.sun.COM:80/recpatches/

To see what patches you have on your system, do a "showrev -p".

When you upgrade to a new Os, lots lot times, you do have to install
more
patches. For example, even 2.5.1 has patches.

------------------------------------------------------------------------
Glenn.Satchell@uniq.com.au (Glenn Satchell)
If you have a software maintenance contract with Sunyou receive a set
of Sunsolve CDs every 6 to 8 weeks. This contains one CD with the most
recent release of _every_ Sun patch ever created (goes right back to
something like SunOS 4.1). The other CD contains Sunsolve - a search
engine and documents for patches, bugs, technical papers, and all sorts
of goodies.

You can also access some of these things on the Sun web page at
http://sunsolve1.sun.com - if you register with them you can search for
patches, get notified about changes, etc.

The most common and important patches are bundled into clusters of
"Recommended Patches" - these are the ones that you should get and
install on all your systems.
----------------------------------------------------------------------
somebody@tempest.ashd.com
 I find it very admirable to admit when doesn't know something and
willing to learn about what one knows not about..
 
The basic starting point is to ftp to
sunsolve.sun.com:/pub/patches there will always be a file called
2.5_solaris*Recommended. Take it read and find out what patches are need
to be upto date and then get the Recommend tar most of the time all you
need to do is get a cluster and it will patch the current revision on
the
OS.
        From that point just untar and install "installcluster" usually
and wait it to finish and then reboot (not always needed). And you are
upto date.
The best way is constant monitoring of CERT, Crimelab, and such
for security on other software and for the plain old OS just visit
http://sunsolve1.sun.com and check the ftp every once in a while. You
could be fancy and make you own little script to ftp to the site every
day
and check the file list again that on your machine and take the diff and
report that back to you as to what is changed,removed or new.
                                                        Carlos Ramirez
----------------------------------------------------------------------
"Daniel J Blander - Sr. Systems Engineer for ACS"
<Daniel.Blander@ACSacs.Com>
Two resources - one is at UNC - sunsite.unc.edu - where there is
a document which lists all current recommended patches....this is
a mirror or Sun's public patch page.

Second is sunsolve1.sun.com where some info is free but the best
stuff requires a service contract (Sunsolve database for debugging
problems, full list of patches...etc...)
-----------------------------------------------------------------------
"Trevor Kirby" <Trevor.Kirby@newcastle.ac.uk>
ection 2 of the FAQ for this list is a good place to start for patch
sites.
The rest depends on whether you are running sunos or Solaris.

showrev -p will show which patches you have installed. On sunos this
will only
be useful if someone has bunged info into /etc/install/patch* .

To install patches on sunos follow the instructions in the README, on
solaris
use installpatch.

Remember SUN's law. A new OS revision is immediately followed by a
flurry of
new patches.

Finally do not confuse any of the above with Larry Wall's patch program
which
applies patches to programs.
------------------------------------------------------------------------
Michael Wright ED23 <michael@morticia.msfc.nasa.gov>
You can do what I do. I have a sunservice contract and get the patches
on
a CD-ROM.
------------------------------------------------------------------------
sin@weusc.es (Robin Sinclair)
n does an excellent CD called Sunsolve (a new version every month
nearly) which has all patches for SunOS, Solaris 2.4/2.5 for SPARC and
x86, plus FAQs, WHite Papers etc.
        On it there is also a RECOMMENDED list of patches for each
release
which are NOT included in the original release.
which is great for lazy bones like me, i just install the lot..

However (here's the rub..) I suspect it's only available for paid-up
Maintenance Support customers, check with your local Sun dealer.
        If so, I know that on the 'Net there are "SunSite"s around the
world which store patches, FAQs etc. I use http://sunsite.doc.ic.ac.uk
which has pointers to other SunSites. Or you could check www.sun.com ...
        
        If you're really desperate I can send you patches (most are
quite
small, only one or two binaries), or even send you one of my old CDs
since I always use the latest one, and the old ones just sit on my
shelf..)

P.S. to see patches currently installed , use
        showrev -p (on Solaris 2.x)
-----------------------------------------------------------------------
mfarrell@voyager.net
Check this site out

http://sunsolve.sun.com/
------------------------------------------------------------------------
jackg@calfp.com (Jack Goldsmith)
If you have SUN Service, you get a CD from SUN with the patches on
them. These CDs come out every 6 weeks. They have a database of
information on the available patches that you can search many ways.
They also have a web site with this information, but I think you need
an id to access it. There are a couple of non-SUN web-sites that have
all of the patches available for downloading, but the search engine
is not available.

showrev -p will tell you what is installed on your system.

There are patches that come with the new OS (usually) and there is
always more patches that can be applied.
------------------------------------------------------------------------
Stuart Kendrick <sbk@fhcrc.org>
http://sunsolve.sun.com Look for stuff about patches.
--------------------------------------------------------------------

-- 
***************************************************************
                      Systems Administrator
                      ---------------------
                   Space Sciences Building CRSR
   Mail all system related problems to one of the following:
sysadmin@astrosun.tn.cornell.edu   root@astrosun.tn.cornell.edu          
sysadmin@spacenet.tn.cornell.edu   root@spacenet.tn.cornell.edu
                              or see 
Vic Germani in room 402         germani@astrosun.tn.cornell.edu
***************************************************************



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:08 CDT