Patch management for a large linux debian server pool

Hello we are a web-hosting company with about 300 debian linux servers and we would like to have some tools that ease our job regrading patch management.

We'd like to have two areas covered:
1st: keeping an eye on those servers that are missing security updates (establish a software / security baseline)
2nd: finding a way to automatize patch management like some kind of distribution system, so we don't have to logon on each server applying these patches but just getting a list of the results.

What are your ways / tools to make certain that your Linux servers are all fully patched.

Thank you,
Tolomir
LVL 27
TolomirAdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

OliverRahnerCommented:
Have a look at FAI (Fully Automated Installer):

http://www.informatik.uni-koeln.de/fai/

Although it's name suggests use for installation, it can also fulfill your requirements:

"FAI can also be used for configuration management of a running system."
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OliverRahnerCommented:
Ah, sorry, I forgot to mention that this tool is Debian-specific... I'm pretty sure there is no (free) tool which can acomplish what you want over several different distributions.
0
TolomirAdministratorAuthor Commented:
We will check it out.

Keeping this question open for other inputs.

Thank you,
Tolomir
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

LunarNRGCommented:
Sounds to me like you're looking for puppet ...
  http://reductivelabs.com/products/puppet/ 
  http://reductivelabs.com/trac/puppet/
  http://reductivelabs.com/trac/puppet/wiki/PuppetDebian

With 300 servers I'd also recommend an apt proxy of some sort ... apt-proxy, apt-cacher or approx, seem to be the most popular choices, although I haven't used any of these in some time, so I hesitate to make a recommendation.
  http://lists.netisland.net/archives/plug/plug-2008-05/msg00038.html

I've also heard tales of using squid for this purpose with some success, as well.

Good luck!
0
LunarNRGCommented:
If you want to create your own custom debian installer, that automatically includes the puppet client package, dependencies , and configuration -- you can use the instructions here ...

http://wiki.debian.org/Simple-CDD/Howto

As the name implies, it really is pretty simple.

Good Luck!
0
martin_2110Commented:
Have a look at systemimager. Its nice it handles things a little differently.  You can have a golden client that you patch and test on. Then you can push out the image to as many servers as you want. It uses rsync with a buch of custom scripts. It can use bittorrent for massive installs.
http://wiki.systemimager.org/index.php/Main_Page
0
TolomirAdministratorAuthor Commented:
We are already using VMware templates with gold clients.
Problem is really applying weekly security updates.

Will check the link  though thank you.
 
0
martin_2110Commented:
the nice thing about SI vs vmare is that it will rename all the hosts and change ip addresses. you can also write scripts that will run via post update.  You can also patch in place by runing si_update on the clients.  No reboots unless they are needed. You can also roll back to older versions.
0
TolomirAdministratorAuthor Commented:
thank you, for your help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.