I find it amazing that an enterprise product has no secure means of
remotely installing client software/updates. Yes, one can pretty easily
hack the install scripts to use scp, but why on Earth should we have to?
it's a really easy hack for us, who knows why Symantec/Veritas has never
done it. It really is low-hanging fruit. Last September when I spoke
with the lead developer for the team that maintains this portion of the
application, he became red-faced and thought that it would be included
in 6.1. We'll see........
ida3248b at post.cybercity.dk wrote:
> Hello Dave
>
> There was howto on replacing rsh with ssh on this list at some point, if
> that's any help.
>
> regards
> Michael
>
> On Tue, 15 Aug 2006 13:00:02 +0100, Clooney, David wrote
>
>> Thanks for that Ed
>>
>> Pushing out from the master would be ideal, however remote shell is a
>> def no no in this environment.
>> I certainly don't have logins to all the servers for Ftp_to client
>> either.
>>
>> In a fix I'm afraid, like you idea of a template though.
>>
>> Regards
>>
>> Dave
>> -----Original Message-----
>> From: Ed Wilts [mailto:ewilts at ewilts.org]
>> Sent: 15 August 2006 12:52
>> To: Clooney, David
>> Cc: List Veritas List
>> Subject: Re: [Veritas-bu] bpgp ?
>>
>> On Tue, Aug 15, 2006 at 12:35:03PM +0100, Clooney, David wrote:
>>
>>> Trying to rollout an upgrade of x number of solaris clients , the
>>> problem I have is the SA'a want to simply remove the package and then
>>> add the new, which will detroy any exclude_lists out there in the
>>> environment.
>>>
>> Teach your admins that removing the exclude_lists will be bad for their
>> health :-). Not only is removing those files bad, but they could wiping
>> out files like NET_BUFFER_SZ, etc.
>>
>>
>>> I use bpgp quite a bit in secured environments and find very useful
>>> indeed, albeit I have seen technotes in the past it cause issues I
>>> have yet to have a prob in the last 4 years.
>>>
>>> Problem is that you have to know the specific file you are after on
>>> the client, has anyone incorpated wildcards in some sort of way or
>>> fashion to bring down say,
>>> exclude* ??
>>>
>> You could do a restore to each of the new clients... A restore can use
>> wildcards. Alternatively, do a bpdir before they upgrade to get the
>> list (including the special files), bpgp to pull the files, and then
>> bpgp after the upgrade to put them back.
>>
>> Personally, I like the restore approach - build up a template which
>> includes all of the special files in your environment plus the
>> pattern for the exlude files, and as soon as the upgrade is done,
>> run the restore.
>>
>> I do have to ask though, why don't you just push out the upgrade from
>> the master? Push outs work very well to Unix boxes... No work
>> required at all from the admins (so they can't screw it up).
>>
>> .../Ed
>>
>> --
>> Ed Wilts, Mounds View, MN, USA
>> mailto:ewilts at ewilts.org
>>
>> Notice to recipient:
>> The information in this internet e-mail and any attachments is
>> confidential and may be privileged. It is intended solely for the
>> addressee. If you are not the intended addressee please notify the
>> sender immediately by telephone. If you are not the intended
>> recipient, any disclosure, copying, distribution or any action taken
>> or omitted to be taken in reliance on it, is prohibited and may be unlawful.
>>
>> When addressed to external clients any opinions or advice contained
>> in this internet e-mail are subject to the terms and conditions
>> expressed in any applicable governing terms of business or client
>> engagement letter issued by the pertinent Bank of America group entity.
>>
>> If this email originates from the U.K. please note that Bank of
>> America, N.A., London Branch and Banc of America Securities Limited
>> are authorised and regulated by the Financial Services Authority.
>>
>> _______________________________________________
>> Veritas-bu maillist - Veritas-bu at mailman.eng.auburn.edu
>> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>>
>
>
> --
> Cybercity Webhosting (http://www.cybercity.dk)
>
> _______________________________________________
> Veritas-bu maillist - Veritas-bu at mailman.eng.auburn.edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>
--
===================================
Steven L. Sesar
Lead Operating Systems Programmer/Analyst
UNIX Application Services R101
The MITRE Corporation
202 Burlington Road - MS K101
Bedford, MA 01730
tel: (781) 271-7702
fax: (781) 271-2600
mobile: (617) 519-8933
email: ssesar at mitre.org
===================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mailman.eng.auburn.edu/pipermail/veritas-bu/attachments/20060815/989d6afc/attachment.html
|