[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] monitoring patch status?



On Sunday 16 November 2008 09:17:02 Tracy Di Marco White wrote:
> On Sat, Nov 15, 2008 at 5:59 AM, Martin Flemming
>
> <martin.flemming (at) desy.de> wrote:
> > Yep, somedays ago i've "found" pca  too,
> > and a xymon-module for it will be great !

The first thing here in my mind is to agree on the test name. Why? Well, you 
probably want to have the same alerting (or not), no-prop, etc.

For example, we have a script for RHEL < 5, for up2date, but the test name is 
'updates', not up2date, and we have --nopropyellow=updates .

If we had any Debian boxes (using the "apt" test), then I would have to 
duplicate a lot of this ...

> > .. maybe for redhat-clones there will be yum to use,
> > has got somebody work for it ? :-)
>
> I had one of our students write a package auditing script for RHEL
> 5.1, something to match the NetBSD pkgsrc security auditing script we
> use on all our NetBSD machines.  The RHEL version requires 'yum
> install yum-security' and consists of:

You mean it requires the "yum-security" package  (which we install during 
kickstart with the package list, not after-the-fact with yum ...).

> yum-audit - checks security status of yum installed packages on RHEL 5.1
>             and greater
> yum-get-audit-script - to be set up as a root cron job to pull the security
>             statuses from yum
> yum-cve.ignore - an example CVE ignore file to tell the script with CVE's
>             to mark as green
>                - its location is specified in the yum-audit script

Well, I have a sudo rule (in LDAP) allowing the hobbit to run up2date -l, and 
a the hobbit extension script I have runs up2date -l once every 6 hours, 
writing the output to a file, and if the file is not older than 6 hours, will 
evaluate it and send the results to Hobbit. Since we haven't put RHEL5 servers 
in production yet (that will happen very soon), I haven't updated my own check 
to use 'yum --security' yet ...

(RHN complains if your servers check rhn more frequently than once every 6 
hours).