Looking for some information on Patching a Unix system and some best practices
Posted on 2005-03-05
I'm trying to do some research for a project at work and would appreciate any help that someone can provide.
I'm trying to get some help on AIX and HP-UX specifically but a lot of the info can also be generic.
I'm most familiar with Windows (go figure) so if some of my examples resemble windows info then please correct me.
I'm trying to get the following info as it relates to Unix and more specifically AIX and HP-UX Patch management:
Automated Tools for Patching (Two that I've heard of are Nim and Jumpstart -- I believe).
-What format do the patches come in
-How is severity defined
for instance, in Windows, automated updates can come from Windows Update, SUS in the form of Hotfixes, Services Packs and are defined as low, critical, important, etc.
I'm also trying to find out how are notifications sent out that there is a patch needed for Unix. For instance there are sites such as Cert.org, Microsoft's website for windows, and various other sites. How is this done in Unix? Are there some key sites that all Unix administrators would visit?
What frequency are Unix patch notifications sent out? Windows patches are usually sent out once a month but how are Unix patches done? (this question sounds strange in my head, but I had to ask it).
Is there any kind of program that is used to audit the machine against a known list of patches? For instance, in windows there is the mssecure.xml that is put out by Shavlik (HFNetChk) and by Microsoft as well. For Solaris there is the patchdiag.xref file.
Have I forgotten anything? Please point it out if I did.
I'm sure I'll have more questions but I appreciate any help I can get. Points will be awarded to all that help and I have no problem adding more points for any great information.
Thanks for all the help