1

I am trying to determine patch levels and how long some Solaris machines have been without patching in order to support triaging which systems to patch first. How can I determine the last time a Solaris machine was patched?

romandas
  • 3,302
  • 8
  • 39
  • 44

5 Answers5

3

I dunno about determinng the last time a solaris box was patched, but you can work out the patch level with showrev -p

Cian
  • 5,838
  • 1
  • 28
  • 40
3

Well, don't know any good direct ways, but these might help. 'showrev -p' will tell you all the installed patches. And I guess the dates in /var/sadm/pkg would be from the last time the packages were modified (or patched).

af.
  • 1,019
  • 1
  • 9
  • 4
  • This seems to be the closest to what I'm looking for -- it at least showed when the last time a patch was applied, which was half of what I needed to know. – romandas Aug 27 '09 at 13:55
  • I think /var/sadm/pkg/ only gets entries if the patch is installed without -d (i.e. if previous content is saved for backout). That would be the normal case, but '/var/sadm/patch/' ought to always get entries created for each patch added post-installation (certain patches are incorporated into a release but show up as installed with 'showrev -p') – jrg Sep 01 '09 at 00:39
0

I'll agree with the above showrev -p comments and add that uname -a to get the kernel version is also useful to give a general picture.

chris
  • 11,944
  • 6
  • 42
  • 51
0

You should check first /etc/release that shows which version of Solaris was originally installed, then check with 'uname -a' which kernel patch are you currently using (it's the number XXXXXX-XX that shows up) then start comparing the kernel patches with the other machines, the kernel patch is a critical component so a newer kernel patch usually means a more up to date system in almost every aspect.

And then if you're not a faint of heart you can use the (unofficial) PCA tool to update your systems automatically just by providing a valid SunSolve account.

0

To determine how long a Solaris (10) system has been without patching, I remotely check the following (from a Linux system, because GNU date is handy).

1) Remotely grab the date/time from the most recent thing in the patch directory;

(See below for the explanation of the ls options)

ls -terd /var/sadm/patch/* | tail -1 | awk '{print $6,$7,$9,$8 }'

Note; The awk command prints the date in the MMM DD YYYY HH:mm:ss format;

Jan 28 2017 01:48:14

2) Calculate $days_since with days_since{} (this works in ksh, might in bash);

function days_since { 
  d2=$(date -d "$1" +%s)
  d1=$(date -d now +%s)
  echo $(( (d1 - d2) / 86400 ))
}

Now we know that Solaris 10 system hasn't been patched in 192 days! :)

Quick reference for the Solaris 10 ls command;

 -t           Sorts by time stamp (latest first)  instead  of
              by  name.  The default is the last modification
              time. (See -u and -c.

 -e           The same as -l, except  displays  time  to  the
              second,  and  with  one  format  for  all files
              regardless of age: mmm dd hh:mm:ss yyyy.

 -r           Reverses the  order  of  sort  to  get  reverse
              alphabetic or oldest first as appropriate.

 -d           If an argument is a directory, lists  only  its
              name  (not its contents). Often used with -l to
              get the status of a directory.
Signal15
  • 952
  • 7
  • 29