Hi all I thought I would let you people know of a script that I coded that facilitates security patch updating on FreeBSD. When I wrote it I decided to called it Quickpatch for some reason even though because its source based its not necessarily the least bit quick at all :) I had kept it for my self for a while but I was recently provoked to release it as it could do greater good being out there on the net, because its in Perl its quite hackable for custom needs. http://www.roq.com/projects/quickpatch/ It has the ability to do a range of different update tasks. These features include the ability to easily verify (using PGP) any and all advisories, easy setup and use of CVSUP for source and ports tree updates. Ability to extract all the useful data out of the official FreeBSD security advisories, such as necessary patch commands, security advisory topic, exact hours since the patch was made/released, then can create ready to run patch files or display/email a full report of that information. Also, it can optionally apply the patch files with no attendance. Because its highly cronable you can schedule in a 'patch mode' kernel recompile and reboot at early morning hours to minimize down time inconvenience to others.
Hi Michael, That Sounds like some super cool stuff. Going to check it out. Thx! horcy ----- Original Message ----- From: "Michael Vince" <michael@roq.com> To: <freebsd-security@freebsd.org> Sent: Thursday, March 04, 2004 5:27 AM Subject: FreeBSD source auto patcher script> Hi all > I thought I would let you people know of a script that I coded that > facilitates security patch updating on FreeBSD. When I wrote it I > decided to called it Quickpatch for some reason even though because its > source based its not necessarily the least bit quick at all :) I had > kept it for my self for a while but I was recently provoked to release > it as it could do greater good being out there on the net, because its > in Perl its quite hackable for custom needs. > > http://www.roq.com/projects/quickpatch/ > > It has the ability to do a range of different update tasks. These > features include the ability to easily verify (using PGP) any and all > advisories, easy setup and use of CVSUP for source and ports tree > updates. Ability to extract all the useful data out of the official > FreeBSD security advisories, such as necessary patch commands, security > advisory topic, exact hours since the patch was made/released, then can > create ready to run patch files or display/email a full report of that > information. Also, it can optionally apply the patch files with no > attendance. Because its highly cronable you can schedule in a 'patch > mode' kernel recompile and reboot at early morning hours to minimize > down time inconvenience to others. > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Sounds like my job, will it monitor 24/7 /var/log/messages too ? :) On Thu, 4 Mar 2004, Michael Vince wrote:> Hi all > I thought I would let you people know of a script that I coded that > facilitates security patch updating on FreeBSD. When I wrote it I > decided to called it Quickpatch for some reason even though because its > source based its not necessarily the least bit quick at all :) I had > kept it for my self for a while but I was recently provoked to release > it as it could do greater good being out there on the net, because its > in Perl its quite hackable for custom needs. > > http://www.roq.com/projects/quickpatch/ > > It has the ability to do a range of different update tasks. These > features include the ability to easily verify (using PGP) any and all > advisories, easy setup and use of CVSUP for source and ports tree > updates. Ability to extract all the useful data out of the official > FreeBSD security advisories, such as necessary patch commands, security > advisory topic, exact hours since the patch was made/released, then can > create ready to run patch files or display/email a full report of that > information. Also, it can optionally apply the patch files with no > attendance. Because its highly cronable you can schedule in a 'patch > mode' kernel recompile and reboot at early morning hours to minimize > down time inconvenience to others. > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
On Thu, Mar 04, 2004 at 03:27:17PM +1100, Michael Vince wrote:> Hi all > I thought I would let you people know of a script that I coded that > facilitates security patch updating on FreeBSD. When I wrote it I > decided to called it Quickpatch for some reason even though because its > source based its not necessarily the least bit quick at all :) I had > kept it for my self for a while but I was recently provoked to release > it as it could do greater good being out there on the net, because its > in Perl its quite hackable for custom needs. > > http://www.roq.com/projects/quickpatch/ > > It has the ability to do a range of different update tasks. These > features include the ability to easily verify (using PGP) any and all > advisories, easy setup and use of CVSUP for source and ports tree > updates. Ability to extract all the useful data out of the official > FreeBSD security advisories, such as necessary patch commands, security > advisory topic, exact hours since the patch was made/released, then can > create ready to run patch files or display/email a full report of that > information. Also, it can optionally apply the patch files with no > attendance. Because its highly cronable you can schedule in a 'patch > mode' kernel recompile and reboot at early morning hours to minimize > down time inconvenience to others.Michael, that's terrific! We've contemplated switching to a machine-readable format for advisories time and again. Now that there is a tool that could make use of that, I'm going to investigate switching again. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org