[pca] pca compliance capability?
Martin Paul
martin at par.univie.ac.at
Wed Mar 30 10:07:56 CEST 2011
King, Jeff (GE Tech Infra, US) wrote:
> My security team produces a list of mandatory security patches that must
> be installed monthly.
>
> Is there a way to give pca this list of patches and have it return, a
> status to represent either "no patching action required", or "patching
> required"?
PCA itself doesn't do that (the "why" is a little complicated, but it's mainly
because PCA is used to get extended information about every patch from
patchdiag.xref, and this file doesn't include old patch revisions. At the end it
would recommend newer patches than required, possibly pulling in a lot of
unneeded requirements).
Luckily, the job is pretty simple and there is a script called "chkmin" on
http://www.par.univie.ac.at/solaris/pca/contrib.html which does it. You can feed
it a list of patches (patch ID plus revision) and it will reduce it to those
which aren't installed (so empty output means "everything installed"). I think
that should give you the result you want.
Martin.
More information about the pca
mailing list