[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] monitoring patch status?
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] monitoring patch status?
- From: Buchan Milne <bgmilne (at) staff.telkomsa.net>
- Date: Mon, 17 Nov 2008 13:37:47 +0200
- Cc: "Tracy Di Marco White" <gendalia (at) iastate.edu>
- References: <1226702319.11679.13.camel (at) mcdonalddj-dc.austin-energy.net> <Pine.LNX.4.64.0811151255200.31457 (at) pal32.desy.de> <7024c8c80811152317kb6be87alc7e50334f18b25f (at) mail.gmail.com>
- User-agent: KMail/1.10.1 (Linux/2.6.27-desktop-0.rc8.2mnb; KDE/4.1.2; x86_64; ; )
On Sunday 16 November 2008 09:17:02 Tracy Di Marco White wrote:
> On Sat, Nov 15, 2008 at 5:59 AM, Martin Flemming
>
> <martin.flemming (at) desy.de> wrote:
> > Yep, somedays ago i've "found" pca too,
> > and a xymon-module for it will be great !
The first thing here in my mind is to agree on the test name. Why? Well, you
probably want to have the same alerting (or not), no-prop, etc.
For example, we have a script for RHEL < 5, for up2date, but the test name is
'updates', not up2date, and we have --nopropyellow=updates .
If we had any Debian boxes (using the "apt" test), then I would have to
duplicate a lot of this ...
> > .. maybe for redhat-clones there will be yum to use,
> > has got somebody work for it ? :-)
>
> I had one of our students write a package auditing script for RHEL
> 5.1, something to match the NetBSD pkgsrc security auditing script we
> use on all our NetBSD machines. The RHEL version requires 'yum
> install yum-security' and consists of:
You mean it requires the "yum-security" package (which we install during
kickstart with the package list, not after-the-fact with yum ...).
> yum-audit - checks security status of yum installed packages on RHEL 5.1
> and greater
> yum-get-audit-script - to be set up as a root cron job to pull the security
> statuses from yum
> yum-cve.ignore - an example CVE ignore file to tell the script with CVE's
> to mark as green
> - its location is specified in the yum-audit script
Well, I have a sudo rule (in LDAP) allowing the hobbit to run up2date -l, and
a the hobbit extension script I have runs up2date -l once every 6 hours,
writing the output to a file, and if the file is not older than 6 hours, will
evaluate it and send the results to Hobbit. Since we haven't put RHEL5 servers
in production yet (that will happen very soon), I haven't updated my own check
to use 'yum --security' yet ...
(RHN complains if your servers check rhn more frequently than once every 6
hours).