Operating System - Linux
1748255 Members
4110 Online
108760 Solutions
New Discussion юеВ

Linux Patching Questionairres

 
SOLVED
Go to solution
regmaster
Occasional Advisor

Linux Patching Questionairres

Hi Experts

I would be grateful if you could spare sometimes to provide me assistance with below Q.
Really need your hands-on experience regarding this below questionnaires.

1. how do you do patching in enterprise environment?
2. what are the most common tool that you used for patching in enterprise environment?
3. explain to me in brief how to setup repo server and point client to that server? where do you manipulate the settings in server and also client. Give me the most common setup example?
4. what are the most common files do you patch in linux?
5. is it safe for you to patch just only kernel?
6. in HP , what are the tools that you used to patch?
7. Could you please provide me a sample of patching you have done and how you do it?

Any other info that you could add? Or url links that I could refer further.

Thank you very much!

Best Regards,
Regmaster
7 REPLIES 7
Ivan Ferreira
Honored Contributor

Re: Linux Patching Questionairres

1. how do you do patching in enterprise environment?

First, test the patch in a non production environment. We patch first development system, then Q&A systems, and then production systems.

2. what are the most common tool that you used for patching in enterprise environment?

Depends of your distribution. In our case, up2date/yum

3. explain to me in brief how to setup repo server and point client to that server?

Depends of your distro

4. what are the most common files do you patch in linux?

Not related to files, but related to packages with security vulnerabilities.

5. is it safe for you to patch just only kernel?

No. You must patch all packages with security issues

5. in HP , what are the tools that you used to patch?

----
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
regmaster
Occasional Advisor

Re: Linux Patching Questionairres

Hi Ivan,

Thank you very much. I really appreciate your reply.
John Guster
Trusted Contributor

Re: Linux Patching Questionairres

Patching is one thing. To recover a system to its original stage is another complicated task should patching fail.
Steven E. Protter
Exalted Contributor
Solution

Re: Linux Patching Questionairres

Shalom Regmaster,

See my answer:

1. how do you do patching in enterprise environment?

I try to handle security updates that could impact SOX within weeks. I plan a major patch set once a year after validating it in the lab environment.

2. what are the most common tool that you used for patching in enterprise environment?

yum

3. explain to me in brief how to setup repo server and point client to that server? where do you manipulate the settings in server and also client. Give me the most common setup example?

http://www.howtoforge.com/creating_a_local_yum_repository_centos

http://www.cyberciti.biz/tips/redhat-centos-fedora-linux-setup-repo.html



4. what are the most common files do you patch in linux?

Impossible to answer. If I had to guess, I'd guess the kernel. Flaws are found impacting security or performance and they need to be installed to avoid exploit.

5. is it safe for you to patch just only kernel?

No. Other applications like openssh,openssl,ftp servers have frequent security flaws discovered and its necessary to patch more than the kernel.

6. in HP , what are the tools that you used to patch?

I don't work for HP.

7. Could you please provide me a sample of patching you have done and how you do it?

I like to have a internal red hat server to serve up repositories. Then after I update a test system as follows:

yum -y update

I boot and test.

Same procedure for updating production once the patch set is validated.

SEP

If my colleagues answers have been helpful, please assign points. I don't need any. Have enough.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
regmaster
Occasional Advisor

Re: Linux Patching Questionairres

Shalom to you too, Steve.

Thanks for guidance in this matter. It really helps me understand better how it patching works.
Gerardo Arceri
Trusted Contributor

Re: Linux Patching Questionairres

Ok, Here is the deal, we have a installed base of about 3000 Proliant DL and BL servers for a, you can guess, very large customer, their choice of OS has been RHEL 5.
We have a quality assurance dept. that tests and releases quarterly patchbundles that we use to baseline the servers.
Patches (always rpm files already released by RedHat) are stored on a central repository along with a metadata rpm which contains the headers and errata lists (this you can get from RH), then patches are downloaded to the servers from the repository with a custom made script written around yum. If you want more details please let me know
regmaster
Occasional Advisor

Re: Linux Patching Questionairres

Hi Gerardo Arceri,
Yes. Please I would like to know further detail. Very kind of you. Many Thanks!