Sie sind auf Seite 1von 11

8/19/2014

Sponsored by
Using System Center
Configuration Manager 2012 R2
to Patch Linux, UNIX and Macs

2014 Monterey Technology Group Inc.

Thanks to www.Lumension.com

2014 Monterey Technology Group Inc.

1
8/19/2014

Need for patching from Data center to desktop


System Center support for *nix
8 steps for patching *nix from System Center
Preview of Key How far does that get you and whats left?
Points Show elegant Lumension Patch Manager DataCenter solution for
bringing WSUS functionality to *nix with compliance reporting unified
with SC for single pane of glass patch management from Data center
to desktop

Have to be compliant and secure


Everything has to be patched
Everything includes
Windows
MS Apps
3rd party apps
UNIX
The situation Linux
Mac OS X

Dont just have to be secure


Have to be able show you are secure and compliant
Can waste a lot of time on
Patching the one-offs and minority systems 80/20 rule
Showing compliance

2
8/19/2014

System Center de facto standard in MS-centric environments


25% of OpsMgr environments already monitor Linux and UNIX
System Center 2012 R2 has Linux, UNIX and Mac support
System Center Inventory
Hardware
Software
Script execution

Can you patch *nix from SC?


Yes
Manual
Patch by patch
Watering can
Can you show compliance?
System Center Not without significant custom work
Everything repeated for each flavor/distribution
Walk you through how to do the above
Show elegant Lumension Patch Manager DataCenter solution for
bringing WSUS functionality to *nix with compliance reporting unified
with SC for single pane of glass patch management from Data center
to desktop

3
8/19/2014

1. Install SCCM agents


2. Create collections
3. Get inventory
4. Pick out a patch for a given OS
Patching *nix OpenSSL fix for HeartBleed for SUSE
from System 5. Download the patch to distribution point(s)
Center 6. Determine applicability criteria
7. Create a package
8. Deploy

Microsoft System Center 2012 R2 Configuration Manager - Clients for


Additional Operating Systems
Specific versions supported for each flavor/distro
http://technet.microsoft.com/en-us/library/c1e93ef9-761f-4f60-8372-
df9bf5009be0#BKMK_SupConfigLnUClientReq
http://www.microsoft.com/en-us/download/details.aspx?id=39360

1. Install SCCM
Agents

4
8/19/2014

Mac
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/PCIT-
B336#fbid=
Steps
1. Install SCCM Download the Mac client msi file to a Windows system
Run the msi and it will create a dmg file under the default location
Agents C:\Program Files (x86)\Microsoft\System Center 2012 Configuration
Manager Mac Client on the Windows system
Copy the dmg file to a network share or a folder on a Mac computer
Access and open the dmg file on a Mac computer and install the client using
instructions in the online documentation. http://technet.microsoft.com/en-
us/library/jj591553.aspx

Linux
http://prajwaldesai.com/how-to-install-sccm-2012-sp1-client-agent-on-
linux-computers/
https://vlabs.holsystems.com/vlabs/technet?eng=VLabs&auth=none&src
=microsoft.holsystems.com&altadd=true&labid=10436
Steps
1. Install SCCM On a Windows computer download the Linux client
Agents The downloaded file is a self-extracting exe and will extract tar files for
the different versions of your operating system.
Copy the install script and the .tar file for your computers operating
system version to a folder on your Linux computer.
Install the client using instructions in the online documentation.
http://technet.microsoft.com/en-us/library/jj573939.aspx

5
8/19/2014

UNIX
http://technet.microsoft.com/en-us/library/jj573939.aspx
Steps
On a Windows computer download the appropriate file for UNIX flavor
you wish to manage
1. Install SCCM The downloaded file is a self-extracting exe and will extract tar files for
Agents the different versions of your operating system.
Copy the install script and the .tar file for your computers operating
system version to a folder on your UNIX computer.
Install the client using instructions in the online documentation.
http://technet.microsoft.com/en-us/library/jj573939.aspx

Rootless discover
http://blogs.catapultsystems.com/ttaylor/archive/2012/01/17/scom-
manual-linux-agent-install-and-rootless-discovery-1.aspx

Troubleshooting
http://social.technet.microsoft.com/wiki/contents/articles/4966.troubles
hooting-unixlinux-agent-discovery-in-system-center-2012-operations-
A little more manager.aspx

Licensing
Remember, you probably need valid subscriptions to legally patch most
flavors

6
8/19/2014

1. Install SCCM agents


2. Create collections
3. Get inventory
4. Pick out a patch for a given OS
Patching *nix OpenSSL fix for HeartBleed for SUSE
from System 5. Download the patch to distribution point(s)
Center 6. Determine applicability criteria
7. Create a package
8. Deploy

Automatic updates on Linux


Yum
Zypper
Others?
Mac
Automatic Updates
http://blogs.technet.com/b/scd-odtsp/archive/2013/05/29/system-center-
Watering can configuration-manager-2012-sp1-automatic-updates-on-a-mac-2.aspx
patching
Problems with this approach
No control, granularity, management
Every computer downloads directly from vendor over Internet
No maintenance windows
Not an enterprise solution
No reporting or compliance

7
8/19/2014

Discover
Whats left?
Reporting
Think about this Download
Weve patched one vulnerability on SUSE
What if you also have
Whats left? Redhat Package
AIX
Macs
etc
What if you have
Assess
What if you arent a *nix troll expert?
What if someone else manages *nix?
Deploy

Report

Wouldnt it be nice
If you could get WSUS-like functionality for Linux, UNIX, Mac
Download patches
Assess applicability
Wouldnt be

Deploy
Report
nice Without leaving System Center
And be able to report on everything from one console?

And wouldnt be nice


To add 3rd Party Windows apps to all of that?

8
8/19/2014

Wouldnt be
HP-UX
nice
Windows
AIX
Solaris

CentOS MS Apps
SUSE
Oracle
Linux
Mac
3rd Party
OS
Windows Apps
X
Red Hat

Wouldnt be
HP-UX
nice
Windows
AIX
Solaris

CentOS MS Apps
SUSE
Oracle
Linux
Mac
3rd Party
OS
Windows Apps
X
Red Hat

9
8/19/2014

Wouldnt be
HP-UX
nice
Windows
AIX
Solaris

Patch Manager DataCenter


CentOS MS Apps
SUSE
Oracle
Linux
Mac
3rd Party
OS
Windows Apps
X
Red Hat

Wouldnt be
HP-UX
nice
Windows
AIX
Solaris

Patch Manager DataCenter


CentOS MS Apps
SUSE
Oracle
Linux
Mac
3rd Party
OS
Windows Apps
X
Red Hat

Patch Manager DeskTop

10
8/19/2014

Wouldnt be Discover
HP-UX
nice Download
Windows
AIX
Solaris Package

Assess
Patch Manager DataCenter
CentOS MS Apps
SUSE Deploy

Oracle Report
Linux
Mac
3rd
Party
OS
Windows Apps
X
Red Hat

Patch Manager DeskTop

Additional Information
Whitepaper Free Adobe SCUP Catalog
Practical Patch Compliance https://lumension.com/system-center/patch-
manager-desktop/free-catalog.aspx
Relieving IT Security Audit Pain, From the
Data Center to the Desktop

https://www.lumension.com/sccm

22

11