Help answer threads with 0 replies.
Go Back > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.


  Search this Thread
Old 02-11-2008, 03:02 PM   #1
LQ Newbie
Registered: Feb 2008
Posts: 3

Rep: Reputation: 0
Question Linux Enterprise Distribution and Central Patch Management


We're in the process of evaluating candidates for a new Linux OS and patch management system for our corporate environment. Up until now, we were unable to do this due to internal opposition by developers. Our previous solution was Gentoo, which has become nearly impossible to administer. Our environment necessitates high availability and thorough testing. We have several application environments; each consists of at least 1 dev, 1 staging, and 1 production environment. Staged rollouts are the norm. Admin resources are spread thin.

We've identified the following requirements:

Centralized Patch Management
-tracking of applied/unapplied patches
-phased rollout to a large # of server groups (business, dev, staging, production, etc.)
-patch success auditing/reporting
-central console for managing patches
-ability to provision a server and bring it to a group's current patch level

Versioned Releases
-Specific versioned releases
-Long-term support of releases for security fixes (3+ years)

Strong User-Base/Industry Support

Remote Management

We've been looking at RHEL 5.1, CentOS 5.1, and Debian 4.0 so far. We think that SLES 10 and Ubuntu Server may also be viable options, but haven't had time to look at them yet. We've looked at both vendor- and third party-based solutions for patch management. CentOS doesn't appear to have any support for centralized patch management. We're wondering if we'll run into this problem with Ubuntu as well...

What solutions are out there to accomplish this?

What do you use in your environments for a Linux OS? Patch Management?

UNIX isn't an option, since we already have a lot of code developed specifically for Linux that can't be easily ported.
Old 02-11-2008, 04:56 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
I think it's generally fair to say that any distribution can be managed en mass as long as there's some form of atomic package management. with ubuntu or other debian derivatives you could really very easily set up your own apt repositories and craft sources.list files for different types of machine and distribute and report on patch levels really quite easily. I'm not aware of anything preexisting to do thism but the level of nix know-how to rig up a framework for this really isn't going to be too great, depending on what you want to do. I'd assume the same would be true for gentoo, although i will acknowledge that the portage world does really live online to quite some extent. it'd be doable with a better understanding though, without a doubt.

Redhat's Satellite product does (appear) to be approaching something resembling the dogs proverbials with the patch management side being well supplemented by Xen management and a really attractive support licensing model with Xen if that's a route that interests you. You don't need the satellite itself, but it does make things easier. without it you can still do patch management through the online rhn interfaces...
Old 02-11-2008, 05:01 PM   #3
Senior Member
Registered: Aug 2003
Location: UK
Distribution: Debian SID / KDE 3.5
Posts: 2,313

Rep: Reputation: 48
What we used (Stuck in a Windows place at the moment grrr.) was apt.

Rather than patching libs and binaries, we created packages of one lib, one binary etc.. and used apt to handle dependancies. We could handle partial upgrades etc. without breaking things, and knew if we updated a program that required a particular version of a library things would be handled smoothly.

Also we had one server in each section ( Development, Testing, Live ) be the keeper for that enviroment, and all the other machines update from the one in their stage.

It worked well, we had a nice tool that was developed as well so it would check the build enviroment and create the packages for us. Wish I was still using it
Old 02-11-2008, 06:33 PM   #4
Registered: Jan 2008
Distribution: RHEL, CentOS, Ubuntu
Posts: 379

Rep: Reputation: 38
Two things come to mind,
At my work we have a volume redhat license which may or may not make sense in you case. The advantage is that the Redhat Network (RHN) gives you the ability to have configuration channels so that machines can be managed in groups.
There is also cfengine which I have not used but I hear good things
Old 02-15-2008, 08:16 AM   #5
LQ Newbie
Registered: Feb 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Smile Thanks All

Thanks for the info everyone. We're going to try to pursue using Debian with an in-house apt repository, maybe more than one (we're going to need separate patch sets for separate environments) , depending on how exactly it works. cfengine definitely looks like something to look into for configuration.

Thanks Again,


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Book Review - Linux Patch Management LXer Syndicated Linux News 0 07-19-2006 10:03 PM
LXer: Linux Patch Management: Keeping Linux Systems Up to Date LXer Syndicated Linux News 0 03-28-2006 10:33 PM
LXer: Book Review: Linux Patch management - Keeping Linux systems up to date LXer Syndicated Linux News 0 02-07-2006 05:46 AM
central desktop management tools dukeinlondon Linux - Enterprise 1 08-31-2004 04:13 PM
Central Userid and Password management in Linux sx10 Linux - Networking 3 09-06-2003 03:06 AM > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 05:47 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration