Hi,
I'm working on a RHSA tracking tool, named Sarah. It allows you to build a local RHSA database of different RHEL releases and then allows you to verify systems for compliance (and lists applicable RHSA and required packages).
But before releasing my prototype, I would like to know what requirements people have. How they would be using such a tool and what for reports they need to extract.
My main reason for writing such a tool is to automate reports to send out to customers for getting approval for updates during planned maintenance. My aim is to list the risk and information based on information provided by Red Hat.
Another use case would be to send out emails either when new RHSAs are released or updates are made to existing RHSAs or sending out daily or weekly mails for systems that are lacking certain security updates.
I bet other people have other requirements, so I like to hear about those.
PS You may wonder what it offers on top on RHN. In fact it doesn't offer much more than RHN already provides. But in our environment, we don't have RHN access for our systems (some of them are not even connected to the Internet) and security policy does not allow this anyway.
Plus a CLI tool that is able to access and process this information allows for some specialized use that RHN may not provide. Bright ideas are welcomed.
Kind regards, -- dag wieers, dag@wieers.com, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]
On Sat, Jun 25, 2005 at 12:32:35AM +0200, Dag Wieers wrote:
I bet other people have other requirements, so I like to hear about those.
This isn't necessarily directly related to your tool (which sounds neat), but our approach is: we have a kludgy perl script to create entries in our Bugzilla when a Fedora Legacy, Core, or CentOS advisory comes out.
On Fri, 24 Jun 2005, Matthew Miller wrote:
On Sat, Jun 25, 2005 at 12:32:35AM +0200, Dag Wieers wrote:
I bet other people have other requirements, so I like to hear about those.
This isn't necessarily directly related to your tool (which sounds neat), but our approach is: we have a kludgy perl script to create entries in our Bugzilla when a Fedora Legacy, Core, or CentOS advisory comes out.
A plugin system might enable you to do the same, nice idea, not a priority though :) Nevertheless useful.
Thanks. -- dag wieers, dag@wieers.com, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]
Dag Wieers wrote:
Hi,
I'm working on a RHSA tracking tool, named Sarah. It allows you to build a local RHSA database of different RHEL releases and then allows you to verify systems for compliance (and lists applicable RHSA and required packages).
But before releasing my prototype, I would like to know what requirements people have. How they would be using such a tool and what for reports they need to extract.
My main reason for writing such a tool is to automate reports to send out to customers for getting approval for updates during planned maintenance. My aim is to list the risk and information based on information provided by Red Hat.
Another use case would be to send out emails either when new RHSAs are released or updates are made to existing RHSAs or sending out daily or weekly mails for systems that are lacking certain security updates.
I bet other people have other requirements, so I like to hear about those.
PS You may wonder what it offers on top on RHN. In fact it doesn't offer much more than RHN already provides. But in our environment, we don't have RHN access for our systems (some of them are not even connected to the Internet) and security policy does not allow this anyway.
Plus a CLI tool that is able to access and process this information allows for some specialized use that RHN may not provide. Bright ideas are welcomed.
Kind regards, -- dag wieers, dag@wieers.com, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]
Where could I sign ??
:)
Dag Wieers wrote:
Hi,
I'm working on a RHSA tracking tool, named Sarah. It allows you to build a local RHSA database of different RHEL releases and then allows you to verify systems for compliance (and lists applicable RHSA and required packages).
But before releasing my prototype, I would like to know what requirements people have. How they would be using such a tool and what for reports they need to extract.
lman/listinfo/centos
Hi Dag,
I like the idea of this tool but I was wondering what methods you have thought of for running the scan.
Is it intended to run on each individual machine or by remote access from a central server (such as though SSH)?
Other than that I would be interested to see how it goes and also help where I can.
Regards
Lee
Won't yum --generate-rss updates return what we want? I'm going to work on a simple inhouse proof of concept based on this until someone comes out with something better =)
Of course this only will handle what was installed by RPM but RHN only does that as well.
-- William
On Mon, 2005-07-11 at 15:10 -0400, William Suffill wrote:
Won't yum --generate-rss updates return what we want?
FYI, this option is deprecated. Use repo-rss from yum-utils instead.
On Mon, 11 Jul 2005, Ignacio Vazquez-Abrams wrote:
On Mon, 2005-07-11 at 15:10 -0400, William Suffill wrote:
Won't yum --generate-rss updates return what we want?
FYI, this option is deprecated. Use repo-rss from yum-utils instead.
Furthermore it does not relate packages to RHSA numbers, release-time, description and urgency. We have contracts that specifies how much time we have depending on the urgency to implement a fix.
And we have to communicate fixes and descriptions to customers, it's a tedious task to provide this for a number of machines for each customer before a maintenance window.
But it can be automated... so there is hope. :)
-- dag wieers, dag@wieers.com, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]
-
Dag Wieers -
Ignacio Vazquez-Abrams -
Lee W -
Matthew Miller -
Security -
William Suffill