LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 07-30-2010, 11:50 AM   #1
ellisj
LQ Newbie
 
Registered: Apr 2010
Posts: 3

Rep: Reputation: 0
How do I automate and track Patch Management for Ubuntu/Linux Systems


I've inherited the following Virtual Machine scenario and am new to Linux Administration and Patch Management.

The Host Operating System is Windows 2003 Enterprise, which has VMware Server 2.0.2 installed. Under the VMware Server 2.0.2 I have a Ubuntu 32-bit OS web server running Apache2 Web Services.

When I log onto the Ubuntu server (9.10 32-bit) I see the following two lines just above the new mail/last logon lines.

85 packages can be updated
55 updates are security updates

I would like to see at least a summary of each update and its urgency so I can notify the various developers/server owners to get their input regarding whether we should or should not apply that particular update to the server. We apply the patches in our test/dev environment first then once vetted there we roll them out to our production servers.

What I am looking for is a way to automate the gathering of the information and once approval has been received automating the actual patching process so that I do not have to manually perform the apt-get process for each separate package needed/approved.

Ideally I would like a recommendation for a GUI based package to manage this process and that is capable of generating the appropriate reports for the 'powers that be' regarding the current security/patch management environment.

For proof of concept I would like a free version that is not hamstrung in functionality but is not too costly to procure the production version with no limitations.

If you have any recommendations please feel free to apply to this post.
 
Old 07-31-2010, 05:09 AM   #2
zirias
Member
 
Registered: Jun 2010
Posts: 361

Rep: Reputation: 59
You could automate that using some scripting.

You can browse through the available updates using aptitude. Once you installed them, you can use the following command to get a definitive list of installed packages (with their respective version numbers):
Code:
apt-show-versions | sed -e 's:\/.*\(from\|uptodate\) :=:' | awk '{print $1}'
This can be used as command line input for apt-get/aptitude "install" command the other boxes.

On a debian system, I would just install all security upgrades without hesitating because debian guarantees there will never be any incompatibilities by not accepting newer versions as security updates but -- if necessary -- porting the patches back to the current stable distribution's version. But I'm not entirely sure Ubuntu follows the same safe policy

Last edited by zirias; 07-31-2010 at 05:10 AM.
 
Old 08-02-2010, 09:32 AM   #3
ellisj
LQ Newbie
 
Registered: Apr 2010
Posts: 3

Original Poster
Rep: Reputation: 0
I appreciate your input but I still need to give a summation of the proposed patches to the approvers before I install the updates.

So I need to see a comprehensive list of what needs to be applied to the server, put together a list of these patches with a high level summation of what each one will fix and once I receive approval I need to apply these patches in an automated manner if possible.

In your reply you state "You can browse through the available updates using aptitude". Is there a particular file that contains the list of updates? Or is that a particular directory that contains all of the proposed updates? If so what is the file/directory location? Or what is the command syntax to browse through the updates?

As I indicated I am extremely new at Linux Admin tasks and just not familiar enough at the present time with where everything is located and the proper syntax to use for the aptitude command to browse the list of patches.
 
Old 08-02-2010, 05:45 PM   #4
zirias
Member
 
Registered: Jun 2010
Posts: 361

Rep: Reputation: 59
Ok, then I didn't fully understand what you want. aptitude will show you the package descriptions of all updates (including security updates in a first group), but not the descriptions of the bugs/fixes...

Maybe the tool "apt-listbugs" comes closest, it shows a list of found and fixed bugs directly before installation is started and allows to cancel the whole action. But you'd probably have a lot of scripts to write for getting it to do what you want. Sorry, I don't think there's an existing software doing that.
 
Old 08-10-2010, 09:20 AM   #5
ellisj
LQ Newbie
 
Registered: Apr 2010
Posts: 3

Original Poster
Rep: Reputation: 0
Issue is closed

I was able to obtain the information I sought by manually going through the Aptitude module and using the following procedures.

1. Logged onto the server with an account with admin rights.
a. I entered sudo aptitute update, entered my accounts password when prompted, to update the current list of available updates and patches.

b. Once the update was done I entered sudo aptitude to launch the aptitude application.

i. From within Aptitude application highlighted the Critical updates and drilled down through each level to view what each proposed critical package was about and document the brief description provided by the Aptitude program about the package in an Excel spreadsheet for the 'powers that be' to review.

c. Once I received permission to apply the updates I ran the sudo aptitude safe-upgrade command to update the critical updates. When I was prompted I entered ‘Yes’ to continue the upgrade process.

d. After the download and installation was completed I rebooted the system then ran the sudo aptitude update and sudo aptitude commands once again to verify there were no other critical updates needed at this time.


While the above process was not ideal, it did allow me to accomplish my task of documenting the critical updates for the Ubuntu 9.04 LAMP servers in my environment and get buy-in from the various departments to apply the patches to these servers.


I consider this post closed at this time.
 
  


Reply

Tags
patching, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Three scripts for package management on Debian and Ubuntu systems LXer Syndicated Linux News 1 10-29-2008 09:59 PM
LXer: Canonical launches Web-based systems management for Ubuntu LXer Syndicated Linux News 0 07-24-2007 07:46 AM
LXer: Linux Patch Management: Keeping Linux Systems Up to Date LXer Syndicated Linux News 0 03-28-2006 11:33 PM
LXer: Book Review: Linux Patch management - Keeping Linux systems up to date LXer Syndicated Linux News 0 02-07-2006 06:46 AM
Linux operating systems offer the worst track record?? yktang Linux - Security 15 12-09-2005 08:21 PM


All times are GMT -5. The time now is 02:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration