Patch management for a large linux debian server pool
Hello we are a web-hosting company with about 300 debian linux servers and we would like to have some tools that ease our job regrading patch management.
We'd like to have two areas covered:
1st: keeping an eye on those servers that are missing security updates (establish a software / security baseline)
2nd: finding a way to automatize patch management like some kind of distribution system, so we don't have to logon on each server applying these patches but just getting a list of the results.
What are your ways / tools to make certain that your Linux servers are all fully patched.
Thank you,
Tolomir
We'd like to have two areas covered:
1st: keeping an eye on those servers that are missing security updates (establish a software / security baseline)
2nd: finding a way to automatize patch management like some kind of distribution system, so we don't have to logon on each server applying these patches but just getting a list of the results.
What are your ways / tools to make certain that your Linux servers are all fully patched.
Thank you,
Tolomir
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ah, sorry, I forgot to mention that this tool is Debian-specific... I'm pretty sure there is no (free) tool which can acomplish what you want over several different distributions.
ASKER
We will check it out.
Keeping this question open for other inputs.
Thank you,
Tolomir
Keeping this question open for other inputs.
Thank you,
Tolomir
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you want to create your own custom debian installer, that automatically includes the puppet client package, dependencies , and configuration -- you can use the instructions here ...
http://wiki.debian.org/Simple-CDD/Howto
As the name implies, it really is pretty simple.
Good Luck!
http://wiki.debian.org/Simple-CDD/Howto
As the name implies, it really is pretty simple.
Good Luck!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We are already using VMware templates with gold clients.
Problem is really applying weekly security updates.
Will check the link though thank you.
Problem is really applying weekly security updates.
Will check the link though thank you.
the nice thing about SI vs vmare is that it will rename all the hosts and change ip addresses. you can also write scripts that will run via post update. You can also patch in place by runing si_update on the clients. No reboots unless they are needed. You can also roll back to older versions.
ASKER
thank you, for your help