From Josh on Fri, 25 Dec 1998
A quick suggestion for the updates question.
A student at georgia tech has written two excellent scripts, autorpm and logwatch. Autorpm will automatically keep your system up to date with the current redhat updates. Autorpm can be found at ftp.kaybee.org. It saves a lot of work on the system admins part.
He was going to add them to the LSM, but I'm not sure if he has yet.
There's also an 'autoup.sh' script for Debian systems.
I'd suggest that these systems be used with considerable trepidation (if at all). However, they do make sense for some cases. For example I'm pretty sure you can configure these to watch some internal server.
So, as the sysadmin for a medium to large installation you could manually grab and test updates --- or set up a "sacrificial" system to automatically grab them. Then, when you've vetted the updates you can post the RPM or .deb files to your internal server where you're client systems would pick it up.
There's also a package called 'cfengine' by Mark Burgess which can help with various configuration details that might need to be tuned after any sort of automated update or software/configuration file distribution. (The old fashioned Unix way to automate updates to client systems is to use 'rdist' --- preferably over 'ssh' for better security).
'cfengine' is the "awk of configuration management." Basically a 'cfengine' script is a series of class descriptions, assertions and corrective actions. So you can express policies like: All Red Hat Linux systems running 2.0.30 kernel in this DNS subdomain and in this NIS netgroup, on any Tuesday (a series of class specifications) should have less than 100Mb of log files under /var/log (an assertion) and should have more that 40Mb of free space thereunder (another assertion) OR we should rotate the logs, removing the really old ones and compressing the other non-current ones (a corrective action).
'cfengine' is an interesting project I'd like to see the security features beefed up considerably and I'd like to see it undergo a comprehensive security audit (by the OpenBSD and/or Linux SecAudit teams).
Naturally 'cfengine' is one of those tools with which you can shoot off your foot, at about the HIP! So you should be very careful when you first start playing with it.
More info on that package can be found at its canonical home page: http://www.iu.hioslo.no/cfengine
Kirk Bauer (autorpm's author) doesn't seem to maintain a web page touting it's features. So you'll have to grab the file via FTP.
There's also a package called 'rpmwatch' which is listed at: http://www.iaehv.nl/users/grimaldo/info/scripts
More info on autoup.sh can be found in the Debian FAQ:
... or directly at these sites: