[pca] patch maintenance schedule

Bliss, Kevin L Bliss.Kevin at con-way.com
Wed Oct 28 17:58:55 CET 2009 

If you sign up for the weekly Sun alerts, the entries that are security related follow the standard security ratings so the information is available for you to evaluate.

PCA does not use Sun's patch "clusters", it uses the latest patches as indicated in patchdiag.xref.

Our goal is quarterly patching, however, due to various extraneous issues with some environments, some are less frequent and some are more frequent.  For instance, internet facing servers do security patching more frequently. If you use pca -s you will get the latest security patches and any patches required by those.  Or you could evaluate the info in the weekly Sun alerts and pick those that you feel are urgent for your environment.

If you are comfortable with patches being applied automatically it would be pretty easy to write wrapper scripts for pca that run in cron to automatically patch on whatever cycle you prefer.

From: pca-bounces at lists.univie.ac.at [mailto:pca-bounces at lists.univie.ac.at] On Behalf Of Xu, Ying (Houston)
Sent: Wednesday, October 28, 2009 7:59 AM
To: pca at lists.univie.ac.at
Subject: [pca] patch maintenance schedule

I'd like to know how often you perform patch maintenance.   We have a 80-serer environment.  We usually do anual update/patch.  We just updated all our servers to solaris10 update7.  Now management push us to do quarterly even monthly patch maintenance due to corporate security policy.  Our windows group has already been on monthly schedule, but they have automated tool to do hundreds at a time.  We tried to find some reasoning to get an exception for our solaris environment.  SUN doesnt release security patches on regular basis, also doesnt rate the patches, such as critical, important, and etc.  It is subjective to decide which cluster to use.  We would like to use security patch cluster to make minimal changes to the environment but fix sun alert issues.  I'd like to hear what you think.

Also, could pca run against specific patch cluster?

Thanks

Ying Xu <yxu at littonloan.com<mailto:yxu at littonloan.com>>
Unix Group
Office: 713-218-4508
BB: 832-671-6633
4828 Loop Central Dr. Houston TX 77081



-------------------------------------------------------------------------------------------



DISCLAIMER: This email and any files transmitted with it are confidential and

intended solely for the use of the individual or entity to whom they are

addressed. If you have received this email in error please notify the sender

by replying to this message and then delete it from your system. Use,

dissemination or copying of this message by unintended recipients is not

authorized and may be unlawful. Please note that any views or opinions

presented in this email are solely those of the author and do not necessarily

represent those of the company. Finally, the recipient should check this email

and any attachments for the presence of viruses. The company accepts no

liability for any damage caused by any virus transmitted by this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.univie.ac.at/mailman/private/pca/attachments/20091028/8f7ad10e/attachment-0001.html

More information about the pca mailing list