Idea for patch management:
Looking into patch management for a group of Unix Servers I am trying to gather my thoughts here.
My current thinking is to gather all the patch requirements into a central database. So things like Security patches can be placed as a critial against a server.
- Fetchmail script down loads the mail from a mailbox.
- procmail sorts that mail and takes the relevent info
- Script loads the relevent info in Trac as a critical bug.
- User looks a bug and decides what real priority to give it.
- If it's of no use then ditch it.
- If it's real important then mark it as so and run a script to make sub bugs for affected systems ( Pkg list from all systems should be checked to find which systems are affected and a sub bug raised for each)
Steps to do it for the Linux Boxes.
- All systems to do a dpkg --get-packagelist and upload to central repo (email/syslog/scp?)
- Security email to be forwarded bugdb. - write script to forward.
- Bugdb to be looked at - any critical bugs still open - check against package lists and create/close bugs that are affected by the systems.
This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.