On Tue, 2009-06-23 at 14:16 -0700, unix_fan wrote: > Folks, my google fu and lopsa.org searches are not narrowing it down > for me. > > I've been handed a group that uses MacOSX and asked to craft a patch > management approach for them. I use MacOSX at home, but have never > managed a group of MacOSX machines (not server). > > We need to do some sort of patch management for these MacOSX machines. > I could have sworn Ski or Leon had been in on a discussion about that > long ago, but all I find is the bemoaning of a lack of Enterprise-ish > tools and discussion of MacOSX vs. Linux. I'm trying to find what > patch management approaches MacOSX sysadmins actually utilize, that > they like. > > Two generic scenarios come to my MacOSX rookie mind: > 1. Write ssh queries that look for OS versions and patch status, or > 2. Utilize a CM tool like puppet/bcfg2/lfcg/<fill in your fave>. > > What do people who manage groups of MacOSX desktop machines actually > use? To bound the exercise, let's just call patch management the > following task. > > A vulnerability is announced, along with the patch. I want to generate > a report that shows how many machines are affected in the denominator, > and how many machines have actually been patched in the numerator. How > do you manage MacOSX group patch deployment in this scenario? > > For this query, it doesn't matter whether your approach is home grown, > open source, or commercial.
Unix_fan, After trying cfengine and puppet, we are now using a tool called Kace Kbox that works very well in our situation. We did not have enough senior system admin resources to do the programming that cfengine/puppet required. Kace is a point and click tool that does patching and much more across Mac and Windows and as such does not require a senior person to set up and maintain. cheers, ski -- "When we try to pick out anything by itself, we find it connected to the entire universe" John Muir Chris "Ski" Kacoroski, [email protected], 206-501-9803 or ski98033 on most IM services _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
