Ways to catch up with cumulative OS security patches for newly provisioned VMs / servers
Posted on 2015-01-20
Almost daily we have new VMs being provisioned & as we know MS, Redhat
& Oracle release patches. Not feasible for us to keep updating the template
with these patches (that may be up to 3 years ago ie from the time MS, Redhat
& oracle first release patches for specific platform, say Win2008 R2, it could be
as long as four years back.
Is the monthly MS security patches cumulative? I think it's not.
So how do we 'catch up' with all these patches?
Also, RHEL OpenSSL & OpenSSH updates, just to name a few.
What are the best ways out there people catch up with such
patches & updates?
Is there any way we can continually update our VM templates
(we have 3 sets of RHEL 5/6 templates, 3 Solaris x86 templates,
3 SuSe linux templates & 3 Win 2008 R2 : 3 because we have 3
different sets of vCenters in separate networks)
Does tools like Secunia help to keep such patches/updates
up to date? We don't have WSUS but I guess all the cumulative
patches stored in WSUS can be pushed down to new VMs to
keep them up to date, is this right?
What about Solaris & Linux ?