To carry on the thread of keeping Solaris patched, I wrote a script to automatically update a systems patches overnight via cron. The script uses perl and runs under 5.0004, although it should work under most new versions (it certainly doesn't use any wierd perl calls). The script (and associated patches) should reside in an NFS-mounted directory so that they can be updated centrally (that was the reason for writing the script in the first place). I chose /var/spool/pkg, but it is easily changed in the script. Under that directory, OS versions and architecture specific versions can be placed. It uses uname -m for the architecture (eg, sun4m) since some patches are specific to the sun4u platform (and presumably some are specific to other architectures, although I haven't noticed them). If you don't care about that, simply change to uname -p (sparc/i386) or symlink the directories. The script has no output unless an error occurs, so you don't get the entire patchadd output from 50 machines every time you add a patch. If you have any comments/modifications, mail them to me and I'll post a summary to the list. Ok, here's the script: #!/usr/local/bin/perl use strict # Script to automatically update patches on solaris machines # Designed to be run automatically through cron every night # and only report when there is a problem. # Copyright (c) 1998 John Riddoch (jrat_private) # Feel free to redistribute/modify with attribution # Set location for logging $PATCHLOG="/var/log/patchupdate"; # select OS version and architecture for patches: $OS=`uname -s`; chomp $OS; $OSVER=`uname -r`; chomp $OSVER; $ARCH=`uname -m`; chomp $ARCH; $patchdir="/var/spool/pkg/" . $OS . "-" . $OSVER . "/" . $ARCH; $patchlist=$patchdir . "/patch_list"; # Get a list of currently installed patches: # Sort these so that the newest patch rev. will be last. open ( SHOWREV, "/usr/bin/showrev -p|/usr/bin/sort|" ) ||\ die "Can't read patch list\n"; while ( <SHOWREV> ) { ( $patch ) = ( split / / ) [1]; ( $patchid, $rev ) = split ( "-", $patch ); $installed{$patchid} = $rev; } close (SHOWREV); # Now go through list of patches we want installed open (PATCHLIST, $patchlist) || die "Cannot open list of required patches"; while ( $patch = <PATCHLIST> ) { chomp $patch; ( $patchid, $rev ) = split ( "-", $patch ); if ( $installed{$patchid} eq "" || $installed{$patchid} < $rev ) { system ( "/usr/sbin/patchadd -M $patchdir $patch >> $PATCHLOG" ) &&\ print "Installation of patch $patch failed!\n"; } } close (PATCHLIST); -- John Riddoch Email: jrat_private Telephone: (01224)262730 Room C4, School of Computer and Mathematical Science Robert Gordon University, Aberdeen, AB25 1HG Any sufficiently advanced technology is indistinguishable from a rigged demo.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:38 PDT