Since PCA patches the server depending on what patches are installed and what applications are installed, getting a baseline would depend on the OS installation. If you started your base OS on the same U release and patched the server using PCA, then you would need to categorise your servers according to the extra applications installed on the server.
Example: Servers with Veritas, Apache, Database, etc change the number of patches installed. So to create a baseline, you would follow this process: 1. Install base OS 2. Install patches to latest or acceptable splitgate release. 3. Create baseline 4. Now install Veritas/Apache/Middleware/Database and create individual baselines for each extra software installed. Each of these software may/may-not require extra patches, so drawing different baselines for each extra 3rd party software installed, gives you a very good idea what you are up against, when security comes knocking. Drawing a baseline also helps in determining if your OS has a patch that CVE says creates a vulnerability. Hope, this gave you some kind of an idea for your environment. -GG On Tue, Apr 15, 2014 at 1:50 PM, Luis <[email protected]> wrote: > has anyone done any digging into producing patch reports across a number > of machines for 'baseline' comparison purposes? for example if you have a > bunch of machines running solaris, and given the showrev and pkginfo > outputs from the machines > > I'm thinking that pca could be used/modified to do something like that, > but not sure if anyone has thought of or done something already. > > Thanks, > > > Luis >
