I got hit up with the task of using xymon to monitor whether our windows servers are patched. I saw a plugin on deadcat that requires licensed software from shavlik.com, (and being over 4 years old, I have no idea if it works with bbwin, or if shavlik's api was still the same) but wondered if there were any other solutions out there. Minimum functionality is a list of applied patches that would show up on the client data link.
For our linux boxes, I could probably just rpm -qa --last | head and check the date that an RPM was last installed - if it's more than a month, there is probably a problem... But I don't know enough about windows to come up with a simple solution for those boxes.
-- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
I would love to use it for solaris as well. What has anyone done on that venue? I can see pca as a good tool for that.
On Fri, Nov 14, 2008 at 5:38 PM, McDonald, Dan <Dan.McDonald at austinenergy.com> wrote:
I got hit up with the task of using xymon to monitor whether our windows servers are patched. I saw a plugin on deadcat that requires licensed software from shavlik.com, (and being over 4 years old, I have no idea if it works with bbwin, or if shavlik's api was still the same) but wondered if there were any other solutions out there. Minimum functionality is a list of applied patches that would show up on the client data link.
For our linux boxes, I could probably just rpm -qa --last | head and check the date that an RPM was last installed - if it's more than a month, there is probably a problem... But I don't know enough about windows to come up with a simple solution for those boxes.
-- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
The way I get around it is to us WSUS and not Xymon. I monitor WSUS periodically and print up a report. I can think of several ways of getting Xymon (rather BBWin) doing this but they all involve some scripting. Its not much use just checking for the last patch installed because it does not mean that the previous ones have been installed.
The easiest way I can see to get it into Xymon is to check the folders in the windows directory. The patches will leave a folder with the uninstall information there. If the folder is there it means the install of the patch at least nearly completed, it's likely but not %100 certain that install completed.
You could script access to the WSUS database and pull up a report automatically or trigger Xymon on the contents.
That last two is to check for the existence of the registry keys that means it is installed or even better the date and size of the files them selves. This can be scripted and the info passed to Xymon (BBWin).
With all these methods you need to have a list of the updates you want to check for. This can be a long list and they all have to be there or else a change to the installed windows components (e.g. add/remove DHCP) could remove or require a previous update. WSUS does this for you automatically but I haven't looked at how to give a status report to Xymon
Hoe this helps
Graeme
-----Original Message----- From: McDonald, Dan [mailto:Dan.McDonald at austinenergy.com] Sent: Saturday, 15 November 2008 9:39 AM To: hobbit at hswn.dk Subject: [hobbit] monitoring patch status?
I got hit up with the task of using xymon to monitor whether our windows servers are patched. I saw a plugin on deadcat that requires licensed software from shavlik.com, (and being over 4 years old, I have no idea if it works with bbwin, or if shavlik's api was still the same) but wondered if there were any other solutions out there. Minimum functionality is a list of applied patches that would show up on the client data link.
For our linux boxes, I could probably just rpm -qa --last | head and check the date that an RPM was last installed - if it's more than a month, there is probably a problem... But I don't know enough about windows to come up with a simple solution for those boxes.
-- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Early Childhood Development.
Hi,
i have configured alerts in hobbit-alerts.cfg:
HOST=%.* MAIL recipient (at) company.examle DURATION>3 DURATION<10 REPEAT=1
This works fine. Hobbit sent me 7 mails after 3 minutes each minute and after that no more.
But i can't see anything in the "Stop after" column in the info-page.
Any help?
Alex
Alexander Bech schrieb:
Hi,
i have configured alerts in hobbit-alerts.cfg:
HOST=%.* MAIL recipient (at) company.examle DURATION>3 DURATION<10 REPEAT=1
This works fine. Hobbit sent me 7 mails after 3 minutes each minute and after that no more.
But i can't see anything in the "Stop after" column in the info-page.
I have found the bug (?) in loadalerts.c in the line 1081 (-less than/+greater than):
(recip->criteria->maxduration < maxdur)) ...if (recip->criteria && recip->criteria->maxduration &&
(recip->criteria->maxduration > maxdur)) ...if (recip->criteria && recip->criteria->maxduration &&
This works: info
Alex
On mán, 2008-11-17 at 23:36 +0100, Alexander Bech wrote:
I have found the bug (?) in loadalerts.c in the line 1081 (-less than/+greater than):
if (recip->criteria && recip->criteria->maxduration &&
if (recip->criteria && recip->criteria->maxduration &&
Brilliant! This has been bugging me for a while. Please post a patch ASAP. :)
-- Kindest Regards, Anna Jonna Ármannsdóttir, %& A: Because people read from top to bottom. Unix System Aministration, Computing Services, %& Q: Why is top posting bad? University of Iceland.
Anna Jonna Armannsdottir schrieb:
On mán, 2008-11-17 at 23:36 +0100, Alexander Bech wrote:
I have found the bug (?) in loadalerts.c in the line 1081 (-less than/+greater than):
if (recip->criteria && recip->criteria->maxduration &&
if (recip->criteria && recip->criteria->maxduration &&Brilliant! This has been bugging me for a while. Please post a patch ASAP. :)
//here's the patch (attached)
Alex
From: "Asif Iqbal" <vadud3 at gmail.com> Sent: Friday, November 14, 2008 6:24 PM To: <hobbit at hswn.dk> Subject: Re: [hobbit] monitoring patch status?
I would love to use it for solaris as well. What has anyone done on that venue? I can see pca as a good tool for that.
Thanks for pca pointer, this is definitely a very-nice-to-have xymon module. I am checking it out by implementing it on my test xymon environment.
pca - analyze, download and install patches for Sun Solaris
"pca --xymon" is what I am looking to implement. it won't download and install patch just alert the missing patches on xymon server under pca column.
tj
On Fri, Nov 14, 2008 at 5:38 PM, McDonald, Dan <Dan.McDonald at austinenergy.com> wrote:
I got hit up with the task of using xymon to monitor whether our windows servers are patched. I saw a plugin on deadcat that requires licensed software from shavlik.com, (and being over 4 years old, I have no idea if it works with bbwin, or if shavlik's api was still the same) but wondered if there were any other solutions out there. Minimum functionality is a list of applied patches that would show up on the client data link.
For our linux boxes, I could probably just rpm -qa --last | head and check the date that an RPM was last installed - if it's more than a month, there is probably a problem... But I don't know enough about windows to come up with a simple solution for those boxes.
-- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
Yep, somedays ago i've "found" pca too, and a xymon-module for it will be great !
.. maybe for redhat-clones there will be yum to use, has got somebody work for it ? :-)
cheers, martin
On Sat, 15 Nov 2008, T.J. Yang wrote:
From: "Asif Iqbal" <vadud3 at gmail.com> Sent: Friday, November 14, 2008 6:24 PM To: <hobbit at hswn.dk> Subject: Re: [hobbit] monitoring patch status?
I would love to use it for solaris as well. What has anyone done on that venue? I can see pca as a good tool for that.
Thanks for pca pointer, this is definitely a very-nice-to-have xymon module. I am checking it out by implementing it on my test xymon environment.
pca - analyze, download and install patches for Sun Solaris
"pca --xymon" is what I am looking to implement. it won't download and install patch just alert the missing patches on xymon server under pca column.
tj
On Fri, Nov 14, 2008 at 5:38 PM, McDonald, Dan <Dan.McDonald at austinenergy.com> wrote:
I got hit up with the task of using xymon to monitor whether our windows servers are patched. I saw a plugin on deadcat that requires licensed software from shavlik.com, (and being over 4 years old, I have no idea if it works with bbwin, or if shavlik's api was still the same) but wondered if there were any other solutions out there. Minimum functionality is a list of applied patches that would show up on the client data link.
For our linux boxes, I could probably just rpm -qa --last | head and check the date that an RPM was last installed - if it's more than a month, there is probably a problem... But I don't know enough about windows to come up with a simple solution for those boxes.
-- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
On Sat, Nov 15, 2008 at 5:59 AM, Martin Flemming <martin.flemming at desy.de> wrote:
Yep, somedays ago i've "found" pca too, and a xymon-module for it will be great !
.. maybe for redhat-clones there will be yum to use, has got somebody work for it ? :-)
I had one of our students write a package auditing script for RHEL 5.1, something to match the NetBSD pkgsrc security auditing script we use on all our NetBSD machines. The RHEL version requires 'yum install yum-security' and consists of: yum-audit - checks security status of yum installed packages on RHEL 5.1 and greater yum-get-audit-script - to be set up as a root cron job to pull the security statuses from yum yum-cve.ignore - an example CVE ignore file to tell the script with CVE's to mark as green - its location is specified in the yum-audit script
If others are interested, I'll see about making them available.
-Tracy
On Sunday 16 November 2008 09:17:02 Tracy Di Marco White wrote:
On Sat, Nov 15, 2008 at 5:59 AM, Martin Flemming
<martin.flemming at desy.de> wrote:
Yep, somedays ago i've "found" pca too, and a xymon-module for it will be great !
The first thing here in my mind is to agree on the test name. Why? Well, you probably want to have the same alerting (or not), no-prop, etc.
For example, we have a script for RHEL < 5, for up2date, but the test name is 'updates', not up2date, and we have --nopropyellow=updates .
If we had any Debian boxes (using the "apt" test), then I would have to duplicate a lot of this ...
.. maybe for redhat-clones there will be yum to use, has got somebody work for it ? :-)
I had one of our students write a package auditing script for RHEL 5.1, something to match the NetBSD pkgsrc security auditing script we use on all our NetBSD machines. The RHEL version requires 'yum install yum-security' and consists of:
You mean it requires the "yum-security" package (which we install during kickstart with the package list, not after-the-fact with yum ...).
yum-audit - checks security status of yum installed packages on RHEL 5.1 and greater yum-get-audit-script - to be set up as a root cron job to pull the security statuses from yum yum-cve.ignore - an example CVE ignore file to tell the script with CVE's to mark as green - its location is specified in the yum-audit script
Well, I have a sudo rule (in LDAP) allowing the hobbit to run up2date -l, and a the hobbit extension script I have runs up2date -l once every 6 hours, writing the output to a file, and if the file is not older than 6 hours, will evaluate it and send the results to Hobbit. Since we haven't put RHEL5 servers in production yet (that will happen very soon), I haven't updated my own check to use 'yum --security' yet ...
(RHN complains if your servers check rhn more frequently than once every 6 hours).
For my understanding, there is no patch concept for Linux OS. Solaris and HP-UX are two Unix OS that I need to deal with have OS patches. Windows has patch also but is there an open source pca script doing patch report ?
tj
From: "Martin Flemming" <martin.flemming at desy.de> Sent: Saturday, November 15, 2008 5:59 AM To: <hobbit at hswn.dk> Subject: Re: [hobbit] monitoring patch status?
Yep, somedays ago i've "found" pca too, and a xymon-module for it will be great !
.. maybe for redhat-clones there will be yum to use, has got somebody work for it ? :-)
cheers, martin
On Sat, 15 Nov 2008, T.J. Yang wrote:
From: "Asif Iqbal" <vadud3 at gmail.com> Sent: Friday, November 14, 2008 6:24 PM To: <hobbit at hswn.dk> Subject: Re: [hobbit] monitoring patch status?
I would love to use it for solaris as well. What has anyone done on that venue? I can see pca as a good tool for that.
Thanks for pca pointer, this is definitely a very-nice-to-have xymon module. I am checking it out by implementing it on my test xymon environment.
pca - analyze, download and install patches for Sun Solaris
"pca --xymon" is what I am looking to implement. it won't download and install patch just alert the missing patches on xymon server under pca column.
tj
On Fri, Nov 14, 2008 at 5:38 PM, McDonald, Dan <Dan.McDonald at austinenergy.com> wrote:
I got hit up with the task of using xymon to monitor whether our windows servers are patched. I saw a plugin on deadcat that requires licensed software from shavlik.com, (and being over 4 years old, I have no idea if it works with bbwin, or if shavlik's api was still the same) but wondered if there were any other solutions out there. Minimum functionality is a list of applied patches that would show up on the client data link.
For our linux boxes, I could probably just rpm -qa --last | head and check the date that an RPM was last installed - if it's more than a month, there is probably a problem... But I don't know enough about windows to come up with a simple solution for those boxes.
-- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
T.J. Yang wrote:
For my understanding, there is no patch concept for Linux OS. Solaris and HP-UX are two Unix OS that I need to deal with have OS patches. Windows has patch also but is there an open source pca script doing patch report ?
tj
The enterprise or server versions of major distros (like SLES) have regular patch distribution and notification processes. If specific people in an installation sign up for notification of patches, they are sent emails that patches are available. Patch servers can also be set up that can download these patches so that the internal servers can have the patches available without having to all fetch them from the distributor (Novell in this case). I'm going to guess that RedHat Satellite does something similar.
-- Rich Smrcina VM Assist, Inc. Phone: 414-491-6001 Ans Service: 360-715-2467 http://www.linkedin.com/in/richsmrcina
Catch the WAVV! http://www.wavv.org WAVV 2009 - Orlando, FL - May 15-19, 2009
Ok, my fault ... it's only a update not a patch-mechanism ..
martinOn Sat, 15 Nov 2008, Rich Smrcina wrote:
T.J. Yang wrote:
For my understanding, there is no patch concept for Linux OS. Solaris and HP-UX are two Unix OS that I need to deal with have OS patches. Windows has patch also but is there an open source pca script doing patch report ?
tj
The enterprise or server versions of major distros (like SLES) have regular patch distribution and notification processes. If specific people in an installation sign up for notification of patches, they are sent emails that patches are available. Patch servers can also be set up that can download these patches so that the internal servers can have the patches available without having to all fetch them from the distributor (Novell in this case). I'm going to guess that RedHat Satellite does something similar.
-- Rich Smrcina VM Assist, Inc. Phone: 414-491-6001 Ans Service: 360-715-2467 http://www.linkedin.com/in/richsmrcina
Catch the WAVV! http://www.wavv.org WAVV 2009 - Orlando, FL - May 15-19, 2009
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
Gruss
Martin FlemmingMartin Flemming DESY / IT office : Building 2b / 008a Notkestr. 85 phone : 040 - 8998 - 4667 22603 Hamburg mail : martin.flemming at desy.de
Hi Guys
I have used this small report to assist us (Solaris mob) and the Wintel guys to determine kernel update/revision level, which we use an an indication of patch level.
I have created a directory, /usr/lib/hobbit/custom where I put this sort of script.
#!/bin/ksh
export BBHOME=/usr/lib/hobbit
typeset -L20 HOST
mkdir -p /usr/lib/hobbit/custom/data
cd /usr/lib/hobbit/custom/data
INCLUDES=$(grep ^include /etc/hobbit/bb-hosts | awk '{ print $2 }')
cat /etc/hobbit/bb-hosts $INCLUDES | egrep -h -v "^#|^page|^$|^subpage|^group|^include" | awk '{ print $2 }'
| while read HOSTNAME
do
wget -O $HOSTNAME -o /dev/null http://hobbit/hobbit-cgi/bb-hostsvc.sh\?HOST\=$HOSTNAME\&SERVICE\=info &
done
wait
for HOSTNAME in /usr/lib/hobbit/custom/data/*
do
OSVER=$(grep OS: $HOSTNAME | sed 's/OS://g'| sed -e :a -e 's/<[^>]*>//g;/</N;//ba')
HOST=$(basename $HOSTNAME)
echo "$HOST $OSVER"
done
rm /usr/lib/hobbit/custom/data/*
It works for us, but your mileage may vary.
Cheers V
-----Original Message----- From: Martin Flemming [mailto:martin.flemming at desy.de] Sent: Saturday, 15 November 2008 11:19 PM To: hobbit at hswn.dk Subject: Re: [hobbit] monitoring patch status?
Ok, my fault ... it's only a update not a patch-mechanism ..
martinOn Sat, 15 Nov 2008, Rich Smrcina wrote:
T.J. Yang wrote:
For my understanding, there is no patch concept for Linux OS. Solaris and HP-UX are two Unix OS that I need to deal with have OS patches. Windows has patch also but is there an open source pca script doing patch report ?
tj
The enterprise or server versions of major distros (like SLES) have regular patch distribution and notification processes. If specific people in an installation sign up for notification of patches, they are sent emails that patches are available. Patch servers can also be set up that can download these patches so that the internal servers can have the patches available without having to all fetch them from the distributor (Novell in this case). I'm going to guess that RedHat Satellite does something similar.
-- Rich Smrcina VM Assist, Inc. Phone: 414-491-6001 Ans Service: 360-715-2467 http://www.linkedin.com/in/richsmrcina
Catch the WAVV! http://www.wavv.org WAVV 2009 - Orlando, FL - May 15-19, 2009
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
Gruss
Martin FlemmingMartin Flemming DESY / IT office : Building 2b / 008a Notkestr. 85 phone : 040 - 8998 - 4667 22603 Hamburg mail : martin.flemming at desy.de
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
NOTICE: This email and any attachments are confidential. They may contain legally privileged information or copyright material. You must not read, copy, use or disclose them without authorisation. If you are not an intended recipient, please contact us at once by return email and then delete both messages and all attachments.
Ive two hp scripts that may by of use, work on hpux 11.0
ckswstate; a one line that check is all software been configed: /usr/sbin/swlist -l fileset -a state and cksupers that will take a list and return if the patches or active, not present superseded. So if can get a list of patches from hp I believe this will work for you purpose.
If interest I'll post but will take a few days as it on my classed side. T.J. Yang wrote:
For my understanding, there is no patch concept for Linux OS. Solaris and HP-UX are two Unix OS that I need to deal with have OS patches. Windows has patch also but is there an open source pca script doing patch report ?
tj
From: "Martin Flemming" <martin.flemming at desy.de> Sent: Saturday, November 15, 2008 5:59 AM To: <hobbit at hswn.dk> Subject: Re: [hobbit] monitoring patch status?
Yep, somedays ago i've "found" pca too, and a xymon-module for it will be great !
.. maybe for redhat-clones there will be yum to use, has got somebody work for it ? :-)
cheers, martin
On Sat, 15 Nov 2008, T.J. Yang wrote:
From: "Asif Iqbal" <vadud3 at gmail.com> Sent: Friday, November 14, 2008 6:24 PM To: <hobbit at hswn.dk> Subject: Re: [hobbit] monitoring patch status?
I would love to use it for solaris as well. What has anyone done on that venue? I can see pca as a good tool for that.
Thanks for pca pointer, this is definitely a very-nice-to-have xymon module. I am checking it out by implementing it on my test xymon environment.
pca - analyze, download and install patches for Sun Solaris
"pca --xymon" is what I am looking to implement. it won't download and install patch just alert the missing patches on xymon server under pca column.
tj
On Fri, Nov 14, 2008 at 5:38 PM, McDonald, Dan <Dan.McDonald at austinenergy.com> wrote:
I got hit up with the task of using xymon to monitor whether our windows servers are patched. I saw a plugin on deadcat that requires > licensed software from shavlik.com, (and being over 4 years old, I have no > idea if it works with bbwin, or if shavlik's api was still the same) but wondered if there were any other solutions out there. Minimum functionality is a list of applied patches that would show up on the client data link.
For our linux boxes, I could probably just rpm -qa --last | head and check the date that an RPM was last installed - if it's more than a month, there is probably a problem... But I don't know enough about windows to come up with a simple solution for those boxes.
-- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
From: "Tracy Di Marco White" <gendalia at iastate.edu> Sent: Sunday, November 16, 2008 1:17 AM To: <hobbit at hswn.dk> Subject: Re: [hobbit] monitoring patch status?
On Sat, Nov 15, 2008 at 5:59 AM, Martin Flemming <martin.flemming at desy.de> wrote:
Yep, somedays ago i've "found" pca too, and a xymon-module for it will be great !
.. maybe for redhat-clones there will be yum to use, has got somebody work for it ? :-)
I had one of our students write a package auditing script for RHEL 5.1, something to match the NetBSD pkgsrc security auditing script we use on all our NetBSD machines.
The RHEL version requires 'yum install yum-security' and consists of: yum-audit - checks security status of yum installed packages on RHEL 5.1 and greater
I have RH machines ranging from RH9 to RHEL4.
My interest is to learn how to implement counter part of Solaris pca that compare with a central patch/package database file(s) on web server. Audit is the main interest here. This way xymon-pca module can report missed patchs/pkgs on one single column.
yum-get-audit-script - to be set up as a root cron job to pull the security statuses from yum yum-cve.ignore - an example CVE ignore file to tell the script with CVE's to mark as green - its location is specified in the yum-audit script
If others are interested, I'll see about making them available.
I am interested about the *.src.rpm to see/learn how you did it.
tj
-Tracy
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
participants (12)
-
alex@bakarasse.de
-
annaj@hi.is
-
bgmilne@staff.telkomsa.net
-
Dan.McDonald@austinenergy.com
-
gendalia@iastate.edu
-
martin.flemming@desy.de
-
michael.nemeth@lmco.com
-
rsmrcina@wi.rr.com
-
Shea.Graeme.A@edumail.vic.gov.au
-
tj_yang@hotmail.com
-
vadud3@gmail.com
-
Vernon.Everett@woodside.com.au