sunhux
asked on
Ways to catch up with cumulative OS security patches for newly provisioned VMs / servers
Almost daily we have new VMs being provisioned & as we know MS, Redhat
& Oracle release patches. Not feasible for us to keep updating the template
with these patches (that may be up to 3 years ago ie from the time MS, Redhat
& oracle first release patches for specific platform, say Win2008 R2, it could be
as long as four years back.
Q1:
Is the monthly MS security patches cumulative? I think it's not.
So how do we 'catch up' with all these patches?
Also, RHEL OpenSSL & OpenSSH updates, just to name a few.
What are the best ways out there people catch up with such
patches & updates?
Q2:
Is there any way we can continually update our VM templates
(we have 3 sets of RHEL 5/6 templates, 3 Solaris x86 templates,
3 SuSe linux templates & 3 Win 2008 R2 : 3 because we have 3
different sets of vCenters in separate networks)
Q3:
Does tools like Secunia help to keep such patches/updates
up to date? We don't have WSUS but I guess all the cumulative
patches stored in WSUS can be pushed down to new VMs to
keep them up to date, is this right?
What about Solaris & Linux ?
& Oracle release patches. Not feasible for us to keep updating the template
with these patches (that may be up to 3 years ago ie from the time MS, Redhat
& oracle first release patches for specific platform, say Win2008 R2, it could be
as long as four years back.
Q1:
Is the monthly MS security patches cumulative? I think it's not.
So how do we 'catch up' with all these patches?
Also, RHEL OpenSSL & OpenSSH updates, just to name a few.
What are the best ways out there people catch up with such
patches & updates?
Q2:
Is there any way we can continually update our VM templates
(we have 3 sets of RHEL 5/6 templates, 3 Solaris x86 templates,
3 SuSe linux templates & 3 Win 2008 R2 : 3 because we have 3
different sets of vCenters in separate networks)
Q3:
Does tools like Secunia help to keep such patches/updates
up to date? We don't have WSUS but I guess all the cumulative
patches stored in WSUS can be pushed down to new VMs to
keep them up to date, is this right?
What about Solaris & Linux ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.