Ahoy there.
Is there a centralized patch management tool or combination of tools with web interface out there which can do the following for server environments?
- Compare installed packages against packages in RHEL and Amazon Linux repos (and possibly other distros and repos such as EPEL) to see which need updating
- Highlight security update patches
- Display CVE number of security patches that'll be fixed by updating to that package
Optional:
- Ability to mark packages to be updated on a server / server group and execute the update.
- Separate out environments e.g. Development, Staging, Production (similar in a way one can do with Katello)
I've come across Pakiti which comes in the form of running your own server, but it appears fairly quiet there now, the v3 repository did not receive an update in over a year (not necessarily means much, current point release happened three years after the prior version.), but I'm still having a few issues with it, notably adding Amazon Linux repos to it (it'll tell me to update CentOS 6 machines using Amazon repos or vice versa), or using a very functional / non-class programming style, with many functions being deprecated in PHP5.5. I've also had a look of Scalextreme (contrary to Pakiti, it's a third party hosted service), though at the moment trials etc. are disabled on their site since their takeover by Citrix, so no chance of trying it out.
To be fair I'm a bit surprised I did not find more available tools which include the CVE options for security patches, or generally even good open source patch management / patch status tools. However the latter may also just be because quite often I do not see the forest due to all the trees, hence any help would be appreciated.
[link][6 comments]