Solved

Patch management for a large linux debian server pool

Posted on 2009-07-09
9
715 Views
Last Modified: 2013-12-06
Hello we are a web-hosting company with about 300 debian linux servers and we would like to have some tools that ease our job regrading patch management.

We'd like to have two areas covered:
1st: keeping an eye on those servers that are missing security updates (establish a software / security baseline)
2nd: finding a way to automatize patch management like some kind of distribution system, so we don't have to logon on each server applying these patches but just getting a list of the results.

What are your ways / tools to make certain that your Linux servers are all fully patched.

Thank you,
Tolomir
0
Comment
Question by:Tolomir
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 4

Accepted Solution

by:
OliverRahner earned 200 total points
ID: 24811665
Have a look at FAI (Fully Automated Installer):

http://www.informatik.uni-koeln.de/fai/

Although it's name suggests use for installation, it can also fulfill your requirements:

"FAI can also be used for configuration management of a running system."
0
 
LVL 4

Expert Comment

by:OliverRahner
ID: 24811670
Ah, sorry, I forgot to mention that this tool is Debian-specific... I'm pretty sure there is no (free) tool which can acomplish what you want over several different distributions.
0
 
LVL 27

Author Comment

by:Tolomir
ID: 24812153
We will check it out.

Keeping this question open for other inputs.

Thank you,
Tolomir
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 8

Assisted Solution

by:LunarNRG
LunarNRG earned 100 total points
ID: 24812857
Sounds to me like you're looking for puppet ...
  http://reductivelabs.com/products/puppet/ 
  http://reductivelabs.com/trac/puppet/
  http://reductivelabs.com/trac/puppet/wiki/PuppetDebian

With 300 servers I'd also recommend an apt proxy of some sort ... apt-proxy, apt-cacher or approx, seem to be the most popular choices, although I haven't used any of these in some time, so I hesitate to make a recommendation.
  http://lists.netisland.net/archives/plug/plug-2008-05/msg00038.html

I've also heard tales of using squid for this purpose with some success, as well.

Good luck!
0
 
LVL 8

Expert Comment

by:LunarNRG
ID: 24812922
If you want to create your own custom debian installer, that automatically includes the puppet client package, dependencies , and configuration -- you can use the instructions here ...

http://wiki.debian.org/Simple-CDD/Howto

As the name implies, it really is pretty simple.

Good Luck!
0
 
LVL 7

Assisted Solution

by:martin_2110
martin_2110 earned 200 total points
ID: 24817633
Have a look at systemimager. Its nice it handles things a little differently.  You can have a golden client that you patch and test on. Then you can push out the image to as many servers as you want. It uses rsync with a buch of custom scripts. It can use bittorrent for massive installs.
http://wiki.systemimager.org/index.php/Main_Page
0
 
LVL 27

Author Comment

by:Tolomir
ID: 24818200
We are already using VMware templates with gold clients.
Problem is really applying weekly security updates.

Will check the link  though thank you.
 
0
 
LVL 7

Expert Comment

by:martin_2110
ID: 24818623
the nice thing about SI vs vmare is that it will rename all the hosts and change ip addresses. you can also write scripts that will run via post update.  You can also patch in place by runing si_update on the clients.  No reboots unless they are needed. You can also roll back to older versions.
0
 
LVL 27

Author Closing Comment

by:Tolomir
ID: 31601469
thank you, for your help
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn about cloud computing and its benefits for small business owners.
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question