Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Patch management tool - a rethink

from [Dr. S. A. Vetha Manickam] Network Security [Permanent Link]
Subject: Re: Patch management tool - a rethink
Date: Wed, 8 Sep 2004 22:24:56 -0700 (PDT) 
Hi,
The below said points are valid in the case of Linux. There is no concept of 
Registray in

the Linux. RPM has its own database. If one installs software  through RPM 
installer, 
then one can obtain the package information about what is installed or what is 
not 
installed. If anybody downloads the source code  of a software and compiles and 
installs,
then no 
way one can patch automatically. This argument is valid for all Linux 
Distribution.


The one way to overcome these difficulties is in bringing of "Registray 
concept", where 
all the installed packages information is stored.  We have tried to explore 
this option 
very seriously. It is very nascent stage. We have made some progress on this. 

with regards

Dr. Manickam
NSS (www.mynetsec.com)

Miles Stevenson <miles@mstevenson.org> wrote:
Milind,

I don't see what your question has to do with pen-testing. Please try and 
keep your questions relevant to the discussion topic of the list. This post 
would be more appropriate for the security-basics list.

I'm not aware of a tool that can push package updates to all the different 
linux distributions out there. You have to remember, some of these distro's 
are RPM based such as SuSe and RedHat/Fedora, while some are source based, 
such as Gentoo and Slackware. It is a good idea to treat each individual 
linux distro as a seprate operating system. Just as you would differentiate 
FreeBSD from RedHat, you should differentiate RedHat from SuSe. Each of these 
systems have their own way of managing updates. You will be much better off 
sticking to just a few different operating systems in your environment and 
managing updates to them using tools that were meant for that OS. 

Keeping your systems patched and up-to-date takes constant vigilance. There 
is no magic tool that is going to solve all your problems here. Sorry.






        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Any caveats for linux under VMware, pen testing?, Wozny, Scott (US - New York)
Next by Date:  Re: Problem with Hacme Bank Install, Martin Mkrtchian
Previous by Thread:  RE: [ok] Windows 2003 HAck, Todd Towles
Next by Thread:  Re: Patch management tool - a rethink, J. Oquendo
Indexes:  [Date] [Thread] [Top] [All Lists]