For years my employer has only patched *nix systems on an annual basis. We've now been directed to apply security patches quarterly. Due to the infrequency of patching in the past, there has developed a fairly high level of paranoia around patching "breaking" things, particularly related to servers not coming back from the post-patch reboot. To mitigate these fears I've been asked to document procedures for backing-out the applied patches and/or recovering the server in the event of one not coming back up.
Given that tools like RHN Satellite or Novell Zenworks don't have the ability to do extensive pre-patch preparations like breaking hardware root mirrors or running filesystem dumps, I have the impression that at least in enterprise Linuxes there aren't frequently issues caused by normal, regular patching activities. So I'm curious what other people are doing on the Linux platform. Do you use root disk mirrors and break the mirror prior to patching? Do you utilize filesystem dumps (dumpe2fs, etc) or rely on enterprise backups of the OS filesystems? Do you use rpm rollbacks? Rebuild / re-image the server if there are problems? Additionally, have you experienced many instances of patching tanking an enterprise Linux server in the last couple of years? Thanks much! -- Bryce T. Pier btp...@menolly.net UNIX Geek _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
