We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Patch management for a large linux debian server pool

Medium Priority
997 Views
Last Modified: 2013-12-06
Hello we are a web-hosting company with about 300 debian linux servers and we would like to have some tools that ease our job regrading patch management.

We'd like to have two areas covered:
1st: keeping an eye on those servers that are missing security updates (establish a software / security baseline)
2nd: finding a way to automatize patch management like some kind of distribution system, so we don't have to logon on each server applying these patches but just getting a list of the results.

What are your ways / tools to make certain that your Linux servers are all fully patched.

Thank you,
Tolomir
Comment
Watch Question

Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Ah, sorry, I forgot to mention that this tool is Debian-specific... I'm pretty sure there is no (free) tool which can acomplish what you want over several different distributions.
TolomirAdministrator
CERTIFIED EXPERT
Top Expert 2005

Author

Commented:
We will check it out.

Keeping this question open for other inputs.

Thank you,
Tolomir
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
If you want to create your own custom debian installer, that automatically includes the puppet client package, dependencies , and configuration -- you can use the instructions here ...

http://wiki.debian.org/Simple-CDD/Howto

As the name implies, it really is pretty simple.

Good Luck!
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
TolomirAdministrator
CERTIFIED EXPERT
Top Expert 2005

Author

Commented:
We are already using VMware templates with gold clients.
Problem is really applying weekly security updates.

Will check the link  though thank you.
 
the nice thing about SI vs vmare is that it will rename all the hosts and change ip addresses. you can also write scripts that will run via post update.  You can also patch in place by runing si_update on the clients.  No reboots unless they are needed. You can also roll back to older versions.
TolomirAdministrator
CERTIFIED EXPERT
Top Expert 2005

Author

Commented:
thank you, for your help
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.