For anybody who is using redhat or mandrake and is intrested in a free copy of rpmup and information on how to setup and rpmup server please let me know. rpmup is a system that will keep a list of redhat/mandrake/suse security updates on the rpm up server. When the rpmup script is run on the client it will go fetch and install the updates. This has saved me hours :-). I'm a little hesidant to give this script out because it eats bandwidth off updates.darkorb.net, so if anybody wants to do this on a large scale let me know so I can show them how to setup an rpmup server. I'd like to get a whole mirroring system setup if thats possible. Also, If you haven't noticed http://www.securityfocus.com is a good place to checkout all the latest security problems.

Auto-updates via rpm are often better than nothing, but you lose the configuration options on install, as well as any new, relevant switches you might need to use to enable or disable certain options or services. I'm not sure I'd suggest that simply auto-updating to the newest rpm's will do much in the way of security, unless there's simply a major bug in a specific build, which does happen, but not that often.
--
Regards,
Tim Greer: chatmaster@c-zone.net | Tel: (530) 247-1749
Programming: CGI, Perl, C/C++, ASP, SQL, PHP and more.
Server & network administration, security, consulting,
Installation & configuration. Unix/Linux/FreeBSD & NT.

Actually rpm has a way of determinating while files are conf files, if you use the -U option it won't change them.

Nick

Originally posted by bdraco
Actually rpm has a way of determinating while files are conf files, if you use the -U option it won't change them.

Nick

My point was updating automaticly to be more secure isn't plausible, since new options very well may need to be added, which would require this program to be updated often as well. I didn't say it wasn't a good idea. Just needs some sort of interaction somehow.

--
Regards,
Tim Greer: chatmaster@c-zone.net | Tel: (530) 247-1749
Programming: CGI, Perl, C/C++, ASP, SQL, PHP and more.
Server & network administration, security, consulting,
Installation & configuration. Unix/Linux/FreeBSD & NT.

Personally I love rpmup... We only have one server at VDI at this time so it doesn't save a lot of time but if we had a lot of server it would save us many hours of updating when a new version or bug fix comes out.

FYI, if you have WHM on your server just click on the Update System Software link to run rpmup. If you have not ran it in a few weeks you might want to since it updates Bind.

Scott