[Spacewalk-list] Fwd: Re: How to tell what Errata has been applied

Thu Feb 23 06:45:41 UTC 2017

On Wed, 22 Feb 2017 22:31:29 +0100, Robert Paschedag wrote
> Damn... Missed the list again..... See answer at the end
> 
> -------- Ursprüngliche Nachricht --------
> Von: Robert Paschedag <robert.paschedag at web.de>
> Gesendet: 22. Februar 2017 17:06:55 MEZ
> An: Daryl Rose <darylrose at outlook.com>
> Betreff: Re: [Spacewalk-list] How to tell what Errata has been applied
> 
> Am 22. Februar 2017 16:02:22 MEZ schrieb Daryl Rose <darylrose at outlook.com>:
> >Robert,
> >
> >
> >We don't apply every single patch to every single server.  Our
> >environment has been neglected for so long, that by applying every
> >patch that comes out will most certainly break something.  So, we have
> >to be selective about what we patch.  I need to be able to easily
> >identify what patch has been applied to which server when auditors
> >come.   We are an ISO270001 shop, and get audited every year.  So far
> >they've been pleased with my putting up the Spacewalk environment, and
> >current patching efforts, but some day they're going to ask for a list
> >of applied patches and I want to be able to produce that report when
> >they ask.  Currently, I track everything in a spreadsheet, but that's
> >getting difficult to maintain, and I was hoping for something that I
> >could either run on the command line, or from the WUI.
> >
> >
> >Thank you for your input Robert.
> >
> >
> >Daryl
> >
> >________________________________
> >From: Robert Paschedag <robert.paschedag at web.de>
> >Sent: Tuesday, February 21, 2017 2:21 PM
> >To: spacewalk-list at redhat.com; Daryl Rose
> >Subject: Re: [Spacewalk-list] How to tell what Errata has been applied
> >
> >Am 21. Februar 2017 20:15:13 MEZ schrieb Robert Paschedag
> ><robert.paschedag at web.de>:
> >>Am 21. Februar 2017 19:52:00 MEZ schrieb Daryl Rose
> >><darylrose at outlook.com>:
> >>>Daniel,
> >>>
> >>>
> >>>I've tried that command, but it tells me what patches are available.
> >>I
> >>>need to know what patches have already been applied.
> >>>
> >>>
> >>>Thanks
> >>>
> >>>
> >>>Daryl
> >>>
> >>>________________________________
> >>>From: spacewalk-list-bounces at redhat.com
> >>><spacewalk-list-bounces at redhat.com> on behalf of Daniel Swan
> >>><swan_daniel at hotmail.com>
> >>>Sent: Tuesday, February 21, 2017 11:51 AM
> >>>To: spacewalk-list at redhat.com
> >>>Subject: Re: [Spacewalk-list] How to tell what Errata has been
> >applied
> >>>
> >>>spacecmd system_listerrata $SYSTEM
> >>>
> >>>________________________________
> >>>From: darylrose at outlook.com
> >>>To: spacewalk-list at redhat.com
> >>>Date: Tue, 21 Feb 2017 15:11:31 +0000
> >>>Subject: [Spacewalk-list] How to tell what Errata has been applied
> >>>
> >>>Is there a way to list what errata has already been applied to a
> >>>machine?  I can list what is available, but I need to know what has
> >>>been applied.
> >>>
> >>>
> >>>Thank you.
> >>>
> >>>
> >>>Daryl
> >>>
> >>>_______________________________________________ Spacewalk-list
> >mailing
> >>>list Spacewalk-list at redhat.com
> >>>https://www.redhat.com/mailman/listinfo/spacewalk-list
> >Spacewalk-list Info Page - Red
> >Hat<https://www.redhat.com/mailman/listinfo/spacewalk-list>
> >www.redhat.com
> >To see the collection of prior postings to the list, visit the
> >Spacewalk-list Archives. Using Spacewalk-list: To post a message to all
> >the list ...
> >
> >
> >
> >>
> >>I think you have to search the history of the system which errata
> >>succeeded.
> >>
> >>Regards
> >>Robert
> >>
> >>_______________________________________________
> >>Spacewalk-list mailing list
> >>Spacewalk-list at redhat.com
> >>https://www.redhat.com/mailman/listinfo/spacewalk-list
> >Spacewalk-list Info Page - Red
> >Hat<https://www.redhat.com/mailman/listinfo/spacewalk-list>
> >www.redhat.com
> >To see the collection of prior postings to the list, visit the
> >Spacewalk-list Archives. Using Spacewalk-list: To post a message to all
> >the list ...
> >
> >
> >
> >
> >Also... It is not really necessary to know which errata already have
> >been applied. Either your system has one or more packages, available
> >within an errata, installed (in a lower version!), then an errata "is"
> >available (and can/should/must be applied) OR the system has not such
> >package installed and therefore "that" errata is not needed on that
> >system.
> >
> >Regards
> >Robert
> 
> Just thinking... What if you replace your servers right before the 
> audit to a brand new os version (just released with the newest 
> versions available), where the are not yet any patches available? 
> Your answer to the question will be "none".
> 
> But as I said...I think your only chance is to review the history of 
> each system within spacewalk.
> 
> Regards
> Robert
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
When audit asks me for exact dates and patches I just give them lists of 
'rpm -qa --last' from every server they want. 
To collect from all servers I simply run netcat in listen mode on spacewalk
server and put on all servers via "Remote Command" something like: for i in
`rpm -qa --last`; do echo -n `hostname` $i |nc <spacewalk ip> <port>. As the
result I have list of server name, package and dates. Maybe there are better
ways but for my experiences with audits it was ok.