Haha Dagobert, you're raced again! :d Here is below, a copy of the mail sent to Martin:
Any other thoughts? :) Other ppl? -- Subject: PCA additions (fork?) Hello martin, Please check the URL for the last 2 points of the "API" part... http://wiki.wesunsolve.net/Todo#API I was thinking about integrating this directly into PCA... You could, for example, do a quick: ./pca --register-server ./pca --add-patch-level "current" ./pca --check-cve "current" or so... and maybe some other functionalities... What do you think? could this be integrated into "vanilla" pca, or should we make a fork? What do you think about the concept itself? Regards, Thomas On Thu, 19 Apr 2012 17:38:25 +0200 Dagobert Michelsen <[email protected]> wrote: > Hi, > > Am 19.04.2012 um 17:03 schrieb Fay, Sean: > > One wish I have though is perhaps there is a way to mass load a > > patch list on the site. For instance, I had approximately 70 > > patches to input and it seemed to take a considerable amount of > > time and clicking. If I had the patches I want (with patch number > > and level) in a specific format, I would think it easy to implement > > a load from file type operation. > > > > Just a thought. > > Thomas, I suggest adding an API for this and use a wrapper for PCA > that interacts with wesunsolve and does the necessary communication. > > > Best regards > > -- Dago > > > > > Thanks > > > > Sean > > > > -----Original Message----- > > From: Thomas Gouverneur [mailto:[email protected]] > > Sent: Thursday, April 19, 2012 9:59 AM > > To: PCA (Patch Check Advanced) Discussion > > Cc: Fay, Sean > > Subject: Re: [pca] Hurray to PCA and We Sun Solve! They have spared > > me numerous hours of tedious work > > > > Sean, > > > > Thumbs up! > > > > Thanks for the feedback! This is always good stuff to read! > > > > It's also good to know and confirm that the patchdiag.xref > > generation is working, since I didn't get much feedback (except > > from martin and tests I made myself) since it's implementation ;) > > > > > > Kind Regards, > > > > Thomas > > > > > > On Thu, 19 Apr 2012 14:44:01 +0000 > > "Fay, Sean" <[email protected]> wrote: > > > >> Hello everyone my name is Sean and I am a Solaris admin. > >> > >> Recently I was given the task of remediating a vast list of > >> scanned vulnerabilities on about 60 servers (with a mix of > >> non-global zones). However since the scan was run I have gone > >> through and patched (using Recommended patch set September 2011). > >> The scan did not show that of course, and it was looking like I > >> would have to showrev each and every patch and check on each and > >> every server (gasp!). With some "Google-fu" I found the PCA page > >> and after reading through the documentation I was unsure if it > >> would do what I had in my head I needed, so an email went off to > >> Martin and he graciously replied. > >> > >> I was pointed over to We Sun Solve! (wesunsolve.net) and told that > >> "in theory" I should be able to create a custom patchdiag.xref > >> file there, and use the PCA tool to "scan" against it rather than > >> the Oracle xref file (which is much newer than the list of patches > >> the scan tool uses). Martin explained that it *should* work but > >> obviously my mileage may vary. So with great determination I set > >> out first documenting the patches the scan tool checks, then using > >> those patches (about 70) to creat a custom patch list on > >> wesunsolve.net and had it create the xref file. > >> > >> You will be happy to know (in case you haven't already guessed) > >> that it worked like a champ. > >> > >> Thank you so much Martin and Thomas, it worked great. > >> > >> Sean > > > > > > -- > > Thomas Gouverneur > > _____ _ > > | ____|___ _ __ (_)_ __ > > | _| / __| '_ \| \ \/ / > > | |___\__ \ |_) | |> < > > |_____|___/ .__/|_/_/\_\ > > Network |_| SPRL > > TVA: BE6836018011 > > > > T: +32 498 23 00 40 > > W: http://espix.net > > M: <[email protected]> > > > > -- Thomas Gouverneur _____ _ | ____|___ _ __ (_)_ __ | _| / __| '_ \| \ \/ / | |___\__ \ |_) | |> < |_____|___/ .__/|_/_/\_\ Network |_| SPRL TVA: BE6836018011 T: +32 498 23 00 40 W: http://espix.net M: <[email protected]>
