How Best to Keep Operating Systems Current?

I'm surprised at the lack of information on how to keep current patches on large-scale enterprise deployments of operating systems and applications. Most documentation targets single machines. I was happy to find the Infrastructures.org site, which is dedicated to "the standarized tooling needed for mass customization within IT." The site houses cfengine, "an autonomous agent and a middle to high level policy language for building expert systems which administrate and configure large computer networks." This looks promising but complicated to set up.

In the medium term I'm looking at binary patches for my BSD operating systems, inspired by "An Automated Binary Security Update System for FreeBSD" (.pdf), posted at daemonology.net. While rebuilding from source works well, it's slow on older systems. I'm going to try building packages from source on fast systems that I can install elsewhere. Similar projects exist for OpenBSD and NetBSD. The OpenPkg project is another factor. Their goal is "the creation and maintenance of portable and easy to install software packages for use on the major Unix server platforms." It's based on .rpm.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics