Sean, Thumbs up!
Thanks for the feedback! This is always good stuff to read! It's also good to know and confirm that the patchdiag.xref generation is working, since I didn't get much feedback (except from martin and tests I made myself) since it's implementation ;) Kind Regards, Thomas On Thu, 19 Apr 2012 14:44:01 +0000 "Fay, Sean" <[email protected]> wrote: > Hello everyone my name is Sean and I am a Solaris admin. > > Recently I was given the task of remediating a vast list of scanned > vulnerabilities on about 60 servers (with a mix of non-global zones). > However since the scan was run I have gone through and patched (using > Recommended patch set September 2011). The scan did not show that of > course, and it was looking like I would have to showrev each and > every patch and check on each and every server (gasp!). With some > "Google-fu" I found the PCA page and after reading through the > documentation I was unsure if it would do what I had in my head I > needed, so an email went off to Martin and he graciously replied. > > I was pointed over to We Sun Solve! (wesunsolve.net) and told that > "in theory" I should be able to create a custom patchdiag.xref file > there, and use the PCA tool to "scan" against it rather than the > Oracle xref file (which is much newer than the list of patches the > scan tool uses). Martin explained that it *should* work but obviously > my mileage may vary. So with great determination I set out first > documenting the patches the scan tool checks, then using those > patches (about 70) to creat a custom patch list on wesunsolve.net and > had it create the xref file. > > You will be happy to know (in case you haven't already guessed) that > it worked like a champ. > > Thank you so much Martin and Thomas, it worked great. > > Sean -- Thomas Gouverneur _____ _ | ____|___ _ __ (_)_ __ | _| / __| '_ \| \ \/ / | |___\__ \ |_) | |> < |_____|___/ .__/|_/_/\_\ Network |_| SPRL TVA: BE6836018011 T: +32 498 23 00 40 W: http://espix.net M: <[email protected]>
