Mailing List
Home
Forum Home
Linux - General Red Hat Linux discussion list
Installation - Getting started with Red Hat Linux
Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)
Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)
Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)
Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)
Apache Web Server
Oracle database, Microsoft SQL server ...
Subjects
application/x mplayer2 plugin
RPM error: db4 error(16) from dbenv >remove: Device or resource
   busy
Command stream end of file while reading
X Windows problem (xauth)
Upgrading openoffice 1 1 rpm
FTP: connection refused
FTP: connection refused
mount: /dev/cdrom: is not a valid block device
Dell Precision 650, RedHat 9, no sound
how to trace the cause resulting in the crash of bind server
Virus on the list
UNINSTALL RPM MYSQL
usb pen drives: mounting as a user
broadcom network interface
make mrproper
sendmail configuration on redhat
Couldn 't open PID file /var/run/named/named pid Permission denied
Promise 378 controller
kernel 2 6 and /dev/sound/mixer not found
Problem using up2date
mrtg step by step howto/configuration for a newbie?
Compiling and Installing Kernel 2 6
Can 't locate module ppp0, can 't locate module ppp compress 21
HOW I CAN MAKE BOOTABLE FLOPPY DISKET
Lotus Notes under Wine
/etc/security/limits conf question
Intel E/1000 driver
Command stream end of file while reading
rpm database corrupt
qla2300 modules
 
Search:  
Power your search with and, or, +, -, or "some phrase" operators.
Sarah: RHSA tracking tool

Sarah: RHSA tracking tool

2005-06-25       - By nodata

 Back
Reply:     1     2     3  

On Sat, 2005-06-25 at 00:32 +0200, Dag Wieers wrote:
> Hi,
>
> I'm working on a RHSA tracking tool, named Sarah. It allows you to build a
> local RHSA database of different RHEL releases and then allows you to
> verify systems for compliance (and lists applicable RHSA and required
> packages).
>
> But before releasing my prototype, I would like to know what requirements
> people have. How they would be using such a tool and what for reports they
> need to extract.
>
> My main reason for writing such a tool is to automate reports to send out
> to customers for getting approval for updates during planned maintenance.
> My aim is to list the risk and information based on information provided
> by Red Hat.
>
> Another use case would be to send out emails either when new RHSAs are
> released or updates are made to existing RHSAs or sending out daily or
> weekly mails for systems that are lacking certain security updates.
>
> I bet other people have other requirements, so I like to hear about those.
>
> PS You may wonder what it offers on top on RHN. In fact it doesn't offer
> much more than RHN already provides. But in our environment, we don't have
> RHN access for our systems (some of them are not even connected to the
> Internet) and security policy does not allow this anyway.
>
> Plus a CLI tool that is able to access and process this information allows
> for some specialized use that RHN may not provide. Bright ideas are
> welcomed.
>
> Kind regards,
> --   dag wieers,  dag@(protected),  http://dag.wieers.com/   --
> [all I want is a warm bed and a kind word and unlimited power]
>
> --
> nahant-list mailing list
> nahant-list@(protected)
> http://www.redhat.com/mailman/listinfo/nahant-list
>
>

It would be useful to keep a record of:
* days from vulnerability discovery -> machine patched
* days from RH patch release -> machine patched
* date of patch install
then the information would help identify:
* machines most at risk
* machines most slowly patched.
* window of risk

For the last few to work, the severity and impact of the patch would
need to be known too.

Just some ideas..

--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list

Earn $52 per hosting referral at Lunarpages.