Am 23. Februar 2017 07:45:41 MEZ schrieb Spamm <spa...@e.lublin.pl>: >On Wed, 22 Feb 2017 22:31:29 +0100, Robert Paschedag wrote >> Damn... Missed the list again..... See answer at the end >> >> -------- Ursprüngliche Nachricht -------- >> Von: Robert Paschedag <robert.pasche...@web.de> >> Gesendet: 22. Februar 2017 17:06:55 MEZ >> An: Daryl Rose <darylr...@outlook.com> >> Betreff: Re: [Spacewalk-list] How to tell what Errata has been >applied >> >> Am 22. Februar 2017 16:02:22 MEZ schrieb Daryl Rose ><darylr...@outlook.com>: >> >Robert, >> > >> > >> >We don't apply every single patch to every single server. Our >> >environment has been neglected for so long, that by applying every >> >patch that comes out will most certainly break something. So, we >have >> >to be selective about what we patch. I need to be able to easily >> >identify what patch has been applied to which server when auditors >> >come. We are an ISO270001 shop, and get audited every year. So >far >> >they've been pleased with my putting up the Spacewalk environment, >and >> >current patching efforts, but some day they're going to ask for a >list >> >of applied patches and I want to be able to produce that report when >> >they ask. Currently, I track everything in a spreadsheet, but >that's >> >getting difficult to maintain, and I was hoping for something that I >> >could either run on the command line, or from the WUI. >> > >> > >> >Thank you for your input Robert. >> > >> > >> >Daryl >> > >> >________________________________ >> >From: Robert Paschedag <robert.pasche...@web.de> >> >Sent: Tuesday, February 21, 2017 2:21 PM >> >To: spacewalk-list@redhat.com; Daryl Rose >> >Subject: Re: [Spacewalk-list] How to tell what Errata has been >applied >> > >> >Am 21. Februar 2017 20:15:13 MEZ schrieb Robert Paschedag >> ><robert.pasche...@web.de>: >> >>Am 21. Februar 2017 19:52:00 MEZ schrieb Daryl Rose >> >><darylr...@outlook.com>: >> >>>Daniel, >> >>> >> >>> >> >>>I've tried that command, but it tells me what patches are >available. >> >>I >> >>>need to know what patches have already been applied. >> >>> >> >>> >> >>>Thanks >> >>> >> >>> >> >>>Daryl >> >>> >> >>>________________________________ >> >>>From: spacewalk-list-boun...@redhat.com >> >>><spacewalk-list-boun...@redhat.com> on behalf of Daniel Swan >> >>><swan_dan...@hotmail.com> >> >>>Sent: Tuesday, February 21, 2017 11:51 AM >> >>>To: spacewalk-list@redhat.com >> >>>Subject: Re: [Spacewalk-list] How to tell what Errata has been >> >applied >> >>> >> >>>spacecmd system_listerrata $SYSTEM >> >>> >> >>>________________________________ >> >>>From: darylr...@outlook.com >> >>>To: spacewalk-list@redhat.com >> >>>Date: Tue, 21 Feb 2017 15:11:31 +0000 >> >>>Subject: [Spacewalk-list] How to tell what Errata has been applied >> >>> >> >>>Is there a way to list what errata has already been applied to a >> >>>machine? I can list what is available, but I need to know what >has >> >>>been applied. >> >>> >> >>> >> >>>Thank you. >> >>> >> >>> >> >>>Daryl >> >>> >> >>>_______________________________________________ Spacewalk-list >> >mailing >> >>>list Spacewalk-list@redhat.com >> >>>https://www.redhat.com/mailman/listinfo/spacewalk-list >> >Spacewalk-list Info Page - Red >> >Hat<https://www.redhat.com/mailman/listinfo/spacewalk-list> >> >www.redhat.com >> >To see the collection of prior postings to the list, visit the >> >Spacewalk-list Archives. Using Spacewalk-list: To post a message to >all >> >the list ... >> > >> > >> > >> >> >> >>I think you have to search the history of the system which errata >> >>succeeded. >> >> >> >>Regards >> >>Robert >> >> >> >>_______________________________________________ >> >>Spacewalk-list mailing list >> >>Spacewalk-list@redhat.com >> >>https://www.redhat.com/mailman/listinfo/spacewalk-list >> >Spacewalk-list Info Page - Red >> >Hat<https://www.redhat.com/mailman/listinfo/spacewalk-list> >> >www.redhat.com >> >To see the collection of prior postings to the list, visit the >> >Spacewalk-list Archives. Using Spacewalk-list: To post a message to >all >> >the list ... >> > >> > >> > >> > >> >Also... It is not really necessary to know which errata already have >> >been applied. Either your system has one or more packages, available >> >within an errata, installed (in a lower version!), then an errata >"is" >> >available (and can/should/must be applied) OR the system has not >such >> >package installed and therefore "that" errata is not needed on that >> >system. >> > >> >Regards >> >Robert >> >> Just thinking... What if you replace your servers right before the >> audit to a brand new os version (just released with the newest >> versions available), where the are not yet any patches available? >> Your answer to the question will be "none". >> >> But as I said...I think your only chance is to review the history of >> each system within spacewalk. >> >> Regards >> Robert >> >> _______________________________________________ >> Spacewalk-list mailing list >> Spacewalk-list@redhat.com >> https://www.redhat.com/mailman/listinfo/spacewalk-list >When audit asks me for exact dates and patches I just give them lists >of >'rpm -qa --last' from every server they want. >To collect from all servers I simply run netcat in listen mode on >spacewalk >server and put on all servers via "Remote Command" something like: for >i in >`rpm -qa --last`; do echo -n `hostname` $i |nc <spacewalk ip> <port>. >As the >result I have list of server name, package and dates. Maybe there are >better >ways but for my experiences with audits it was ok. > >_______________________________________________ >Spacewalk-list mailing list >Spacewalk-list@redhat.com >https://www.redhat.com/mailman/listinfo/spacewalk-list
But this does not show you the "errata" installed... Just the versions of the packages. Regards Robert _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list