Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
i am looking for any resource which can tell me all of the package updates per time period for any given repository/distro. as example, i would like to know of all the packages available from a specific repo which ones have updates available since last month, and of those which are security related.
as example, i had a rhel 5.7 box that was not pacthed, so since about 12Oct2011 the box went from fully patched to needing 33 package updates, 12 of those security related. total packages installed is 425. that’s 7.7% of total installed packages in just ~2 months (2.8% security related). that’s a rate of ~3.85%/month total, 1.4%/month security related.
i created and run a script that runs every wed generating a report that lists needed updates and highlightling those that are security related. its not obvious from my reports if it will reach a plateau, if it will continue at this rate, or if this observation is linear with varying # of total installed packages, hence why i am looking for some sort of online resource for me to do some analysis.
this info is interesting, it gives an idea as to the growing known-risk exposure that is present between patching cycles. i suspect an up-to-date scanner like Nessus and others might give similar data, but these tools also rely on being up-to-date, hence why i am querying the repo via yum to get realtime info.
all just more tidbit info to enforce proper patch management program, etc.
The patches slow down but never really stop until the OS is end-of-life.
RHEL is good in that they try VERY hard to not break any APIs. Fedora is not so kind as they have a different goals where progress is number one priority.
so, just wanted to share 19 weeks worth of data for a rhel5 that hasnt been patched in 17 weeks.
line chart just shows total required patches vs those are security patches. the stacked chart is security on top of non-security patches (so total stack = total needed, etc). interesting results.
one odd thing i noticed was between week 17 and 18:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
