On Sunday 16 November 2008 09:17:02 Tracy Di Marco White wrote:
On Sat, Nov 15, 2008 at 5:59 AM, Martin Flemming
<martin.flemming at desy.de> wrote:
Yep, somedays ago i've "found" pca too, and a xymon-module for it will be great !
The first thing here in my mind is to agree on the test name. Why? Well, you probably want to have the same alerting (or not), no-prop, etc.
For example, we have a script for RHEL < 5, for up2date, but the test name is 'updates', not up2date, and we have --nopropyellow=updates .
If we had any Debian boxes (using the "apt" test), then I would have to duplicate a lot of this ...
.. maybe for redhat-clones there will be yum to use, has got somebody work for it ? :-)
I had one of our students write a package auditing script for RHEL 5.1, something to match the NetBSD pkgsrc security auditing script we use on all our NetBSD machines. The RHEL version requires 'yum install yum-security' and consists of:
You mean it requires the "yum-security" package (which we install during kickstart with the package list, not after-the-fact with yum ...).
yum-audit - checks security status of yum installed packages on RHEL 5.1 and greater yum-get-audit-script - to be set up as a root cron job to pull the security statuses from yum yum-cve.ignore - an example CVE ignore file to tell the script with CVE's to mark as green - its location is specified in the yum-audit script
Well, I have a sudo rule (in LDAP) allowing the hobbit to run up2date -l, and a the hobbit extension script I have runs up2date -l once every 6 hours, writing the output to a file, and if the file is not older than 6 hours, will evaluate it and send the results to Hobbit. Since we haven't put RHEL5 servers in production yet (that will happen very soon), I haven't updated my own check to use 'yum --security' yet ...
(RHN complains if your servers check rhn more frequently than once every 6 hours).