[Spacewalk-list] Fwd: Re: How to tell what Errata has been applied

Robert Paschedag robert.paschedag at web.de
Thu Feb 23 18:14:55 UTC 2017 

Am 23. Februar 2017 07:45:41 MEZ schrieb Spamm <spamm9 at e.lublin.pl>:
>On Wed, 22 Feb 2017 22:31:29 +0100, Robert Paschedag wrote
>> Damn... Missed the list again..... See answer at the end
>> 
>> -------- Ursprüngliche Nachricht --------
>> Von: Robert Paschedag <robert.paschedag at web.de>
>> Gesendet: 22. Februar 2017 17:06:55 MEZ
>> An: Daryl Rose <darylrose at outlook.com>
>> Betreff: Re: [Spacewalk-list] How to tell what Errata has been
>applied
>> 
>> Am 22. Februar 2017 16:02:22 MEZ schrieb Daryl Rose
><darylrose at outlook.com>:
>> >Robert,
>> >
>> >
>> >We don't apply every single patch to every single server.  Our
>> >environment has been neglected for so long, that by applying every
>> >patch that comes out will most certainly break something.  So, we
>have
>> >to be selective about what we patch.  I need to be able to easily
>> >identify what patch has been applied to which server when auditors
>> >come.   We are an ISO270001 shop, and get audited every year.  So
>far
>> >they've been pleased with my putting up the Spacewalk environment,
>and
>> >current patching efforts, but some day they're going to ask for a
>list
>> >of applied patches and I want to be able to produce that report when
>> >they ask.  Currently, I track everything in a spreadsheet, but
>that's
>> >getting difficult to maintain, and I was hoping for something that I
>> >could either run on the command line, or from the WUI.
>> >
>> >
>> >Thank you for your input Robert.
>> >
>> >
>> >Daryl
>> >
>> >________________________________
>> >From: Robert Paschedag <robert.paschedag at web.de>
>> >Sent: Tuesday, February 21, 2017 2:21 PM
>> >To: spacewalk-list at redhat.com; Daryl Rose
>> >Subject: Re: [Spacewalk-list] How to tell what Errata has been
>applied
>> >
>> >Am 21. Februar 2017 20:15:13 MEZ schrieb Robert Paschedag
>> ><robert.paschedag at web.de>:
>> >>Am 21. Februar 2017 19:52:00 MEZ schrieb Daryl Rose
>> >><darylrose at outlook.com>:
>> >>>Daniel,
>> >>>
>> >>>
>> >>>I've tried that command, but it tells me what patches are
>available.
>> >>I
>> >>>need to know what patches have already been applied.
>> >>>
>> >>>
>> >>>Thanks
>> >>>
>> >>>
>> >>>Daryl
>> >>>
>> >>>________________________________
>> >>>From: spacewalk-list-bounces at redhat.com
>> >>><spacewalk-list-bounces at redhat.com> on behalf of Daniel Swan
>> >>><swan_daniel at hotmail.com>
>> >>>Sent: Tuesday, February 21, 2017 11:51 AM
>> >>>To: spacewalk-list at redhat.com
>> >>>Subject: Re: [Spacewalk-list] How to tell what Errata has been
>> >applied
>> >>>
>> >>>spacecmd system_listerrata $SYSTEM
>> >>>
>> >>>________________________________
>> >>>From: darylrose at outlook.com
>> >>>To: spacewalk-list at redhat.com
>> >>>Date: Tue, 21 Feb 2017 15:11:31 +0000
>> >>>Subject: [Spacewalk-list] How to tell what Errata has been applied
>> >>>
>> >>>Is there a way to list what errata has already been applied to a
>> >>>machine?  I can list what is available, but I need to know what
>has
>> >>>been applied.
>> >>>
>> >>>
>> >>>Thank you.
>> >>>
>> >>>
>> >>>Daryl
>> >>>
>> >>>_______________________________________________ Spacewalk-list
>> >mailing
>> >>>list Spacewalk-list at redhat.com
>> >>>https://www.redhat.com/mailman/listinfo/spacewalk-list
>> >Spacewalk-list Info Page - Red
>> >Hat<https://www.redhat.com/mailman/listinfo/spacewalk-list>
>> >www.redhat.com
>> >To see the collection of prior postings to the list, visit the
>> >Spacewalk-list Archives. Using Spacewalk-list: To post a message to
>all
>> >the list ...
>> >
>> >
>> >
>> >>
>> >>I think you have to search the history of the system which errata
>> >>succeeded.
>> >>
>> >>Regards
>> >>Robert
>> >>
>> >>_______________________________________________
>> >>Spacewalk-list mailing list
>> >>Spacewalk-list at redhat.com
>> >>https://www.redhat.com/mailman/listinfo/spacewalk-list
>> >Spacewalk-list Info Page - Red
>> >Hat<https://www.redhat.com/mailman/listinfo/spacewalk-list>
>> >www.redhat.com
>> >To see the collection of prior postings to the list, visit the
>> >Spacewalk-list Archives. Using Spacewalk-list: To post a message to
>all
>> >the list ...
>> >
>> >
>> >
>> >
>> >Also... It is not really necessary to know which errata already have
>> >been applied. Either your system has one or more packages, available
>> >within an errata, installed (in a lower version!), then an errata
>"is"
>> >available (and can/should/must be applied) OR the system has not
>such
>> >package installed and therefore "that" errata is not needed on that
>> >system.
>> >
>> >Regards
>> >Robert
>> 
>> Just thinking... What if you replace your servers right before the 
>> audit to a brand new os version (just released with the newest 
>> versions available), where the are not yet any patches available? 
>> Your answer to the question will be "none".
>> 
>> But as I said...I think your only chance is to review the history of 
>> each system within spacewalk.
>> 
>> Regards
>> Robert
>> 
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>When audit asks me for exact dates and patches I just give them lists
>of 
>'rpm -qa --last' from every server they want. 
>To collect from all servers I simply run netcat in listen mode on
>spacewalk
>server and put on all servers via "Remote Command" something like: for
>i in
>`rpm -qa --last`; do echo -n `hostname` $i |nc <spacewalk ip> <port>.
>As the
>result I have list of server name, package and dates. Maybe there are
>better
>ways but for my experiences with audits it was ok.
>
>_______________________________________________
>Spacewalk-list mailing list
>Spacewalk-list at redhat.com
>https://www.redhat.com/mailman/listinfo/spacewalk-list

But this does not show you the "errata" installed... Just the versions of the packages.

Regards
Robert

More information about the Spacewalk-list mailing list