On Jun 23, 2009, at 17:16 , unix_fan wrote:
Two generic scenarios come to my MacOSX rookie mind: 1. Write ssh queries that look for OS versions and patch status, or 2. Utilize a CM tool like puppet/bcfg2/lfcg/<fill in your fave>.
Apple's blessed solution seems to be radmind.sw_vers gives you the OS revision and kernel build level, but no patch information. softwareupdate lets you see what updates are available. Anything else I think ends up with you poking around under /Library/ Receipts/boms. The good news is that security updates are easy to track there:
mress:4819 Z$ ls /Library/Receipts/boms/*update* /Library/Receipts/boms/com.apple.pkg.update.os.10.5.3.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.4.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.5.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.6.combo.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.7.bom /Library/Receipts/boms/com.apple.pkg.update.security.2008.002.bom /Library/Receipts/boms/com.apple.pkg.update.security.2008.005.bom /Library/Receipts/boms/com.apple.pkg.update.security.2008.007.bom /Library/Receipts/boms/com.apple.pkg.update.security.2009.001.bom
(The bad news, as shown above, is that you have to intuit that 2008.005 also includes 2008.003 and 2008.004.)
What do people who manage groups of MacOSX desktop machines actually use? To bound the exercise, let's just call patch management the following task.
At present we're doing them all manually. I'd love to change this, but a not-insignificant number of them are laptops that might or might not be on our network at any given time. (Windows laptops have always given us problems as well.)
-- brandon s. allbery [solaris,freebsd,perl,pugs,haskell] [email protected] system administrator [openafs,heimdal,too many hats] [email protected] electrical and computer engineering, carnegie mellon university KF8NH
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
