Just wondering how people do this for their linux server deployments. Even if you're using config management like puppet or chef, you typically only know that, say, an sshd package is installed on the system, not what exact version it is and the versions of all the dependencies etc. If you want to know at a glance which servers have a vulnerable OpenSSL version installed, or what have you, it's not obvious how to get that information in one place.
You can certainly do this yourself by collecting information from the package manager's logs and doing some other checks with a script, but I feel like there must be some mature tool(s) that already exist for collecting and storing this kind of info. Am I missing something blindingly obvious?
A libre solution would be nice, but commercial products aren't verboten...
[link][2 comments]