Hi, I'm working on a RHSA tracking tool, named Sarah. It allows you to build a local RHSA database of different RHEL releases and then allows you to verify systems for compliance (and lists applicable RHSA and required packages). But before releasing my prototype, I would like to know what requirements people have. How they would be using such a tool and what for reports they need to extract. My main reason for writing such a tool is to automate reports to send out to customers for getting approval for updates during planned maintenance. My aim is to list the risk and information based on information provided by Red Hat. Another use case would be to send out emails either when new RHSAs are released or updates are made to existing RHSAs or sending out daily or weekly mails for systems that are lacking certain security updates. I bet other people have other requirements, so I like to hear about those. PS You may wonder what it offers on top on RHN. In fact it doesn't offer much more than RHN already provides. But in our environment, we don't have RHN access for our systems (some of them are not even connected to the Internet) and security policy does not allow this anyway. Plus a CLI tool that is able to access and process this information allows for some specialized use that RHN may not provide. Bright ideas are welcomed. Kind regards, -- dag wieers, dag at wieers.com, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]
On Sat, Jun 25, 2005 at 12:32:35AM +0200, Dag Wieers wrote:> I bet other people have other requirements, so I like to hear about those.This isn't necessarily directly related to your tool (which sounds neat), but our approach is: we have a kludgy perl script to create entries in our Bugzilla when a Fedora Legacy, Core, or CentOS advisory comes out. -- Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> Current office temperature: 80 degrees Fahrenheit.
Dag Wieers wrote:>Hi, > >I'm working on a RHSA tracking tool, named Sarah. It allows you to build a >local RHSA database of different RHEL releases and then allows you to >verify systems for compliance (and lists applicable RHSA and required >packages). > > >But before releasing my prototype, I would like to know what requirements >people have. How they would be using such a tool and what for reports they >need to extract. > >My main reason for writing such a tool is to automate reports to send out >to customers for getting approval for updates during planned maintenance. >My aim is to list the risk and information based on information provided >by Red Hat. > >Another use case would be to send out emails either when new RHSAs are >released or updates are made to existing RHSAs or sending out daily or >weekly mails for systems that are lacking certain security updates. > >I bet other people have other requirements, so I like to hear about those. > >PS You may wonder what it offers on top on RHN. In fact it doesn't offer >much more than RHN already provides. But in our environment, we don't have >RHN access for our systems (some of them are not even connected to the >Internet) and security policy does not allow this anyway. > >Plus a CLI tool that is able to access and process this information allows >for some specialized use that RHN may not provide. Bright ideas are >welcomed. > >Kind regards, >-- dag wieers, dag at wieers.com, http://dag.wieers.com/ -- >[all I want is a warm bed and a kind word and unlimited power] > >Where could I sign ?? :)
Dag Wieers wrote:>Hi, > >I'm working on a RHSA tracking tool, named Sarah. It allows you to build a >local RHSA database of different RHEL releases and then allows you to >verify systems for compliance (and lists applicable RHSA and required >packages). > >But before releasing my prototype, I would like to know what requirements >people have. How they would be using such a tool and what for reports they >need to extract. > >lman/listinfo/centos >Hi Dag, I like the idea of this tool but I was wondering what methods you have thought of for running the scan. Is it intended to run on each individual machine or by remote access from a central server (such as though SSH)? Other than that I would be interested to see how it goes and also help where I can. Regards Lee