Hello everyone my name is Sean and I am a Solaris admin. Recently I was given the task of remediating a vast list of scanned vulnerabilities on about 60 servers (with a mix of non-global zones). However since the scan was run I have gone through and patched (using Recommended patch set September 2011). The scan did not show that of course, and it was looking like I would have to showrev each and every patch and check on each and every server (gasp!). With some "Google-fu" I found the PCA page and after reading through the documentation I was unsure if it would do what I had in my head I needed, so an email went off to Martin and he graciously replied.
I was pointed over to We Sun Solve! (wesunsolve.net) and told that "in theory" I should be able to create a custom patchdiag.xref file there, and use the PCA tool to "scan" against it rather than the Oracle xref file (which is much newer than the list of patches the scan tool uses). Martin explained that it *should* work but obviously my mileage may vary. So with great determination I set out first documenting the patches the scan tool checks, then using those patches (about 70) to creat a custom patch list on wesunsolve.net and had it create the xref file. You will be happy to know (in case you haven't already guessed) that it worked like a champ. Thank you so much Martin and Thomas, it worked great. Sean
