Mailing List Archive

On Wednesday 04 October 2006 06:37, Ochal Christophe wrote:
> I've been looking for a way to use our internal gentoo box (file - &
> printserver) to also cache windowsupdates & mac updates.
> Since we have a computershop we need to update *ALOT* of machines, and
> there's no flatrate internet available in Belgium, meaning we tend to
> run into our download limits.
>
> Does anyone know if this is feasable? If so, how?

I'd start by looking at squid proxying. It would help your bandwidth
usage in general.

http://www.squid-cache.org/

emerge squid squidguard squid-graph

You could set special proxy rules for files from windowsupdate and mac
update sites.

Regards,

- Brian
--
gentoo-security@gentoo.org mailing list

On Wed, 04 Oct 2006 13:37:04 +0200
Ochal Christophe <ochal@kefren.be> bubbled:

> Hi,
>
> I've been looking for a way to use our internal gentoo box (file - &
> printserver) to also cache windowsupdates & mac updates.

Ask Microsoft and Apple... Maybe a squid proxy could help you save
bandwidth?!

Isn't Windows able to distribute patches from one machine over network?

> Since we have a computershop we need to update *ALOT* of machines,
> and there's no flatrate internet available in Belgium, meaning we
> tend to run into our download limits.
>
> Does anyone know if this is feasable? If so, how?
>
> With kind regards,
> Ochal Christophe


--
MyExcuse:
system needs to be rebooted

Martin Zwickel <martin.zwickel@technotrend.de>
Research & Development

TechnoTrend AG <http://www.technotrend.de>

Martin Zwickel schrieb:
> On Wed, 04 Oct 2006 13:37:04 +0200
> Ochal Christophe <ochal@kefren.be> bubbled:
>
>> Hi,
>>
>> I've been looking for a way to use our internal gentoo box (file - &
>> printserver) to also cache windowsupdates & mac updates.
>
> Ask Microsoft and Apple... Maybe a squid proxy could help you save
> bandwidth?!
>
> Isn't Windows able to distribute patches from one machine over network?

Yes, of course. If you have a Windows 2000/2003 server, there is a
package (SUS = Software Update Services) intended to do this.

Helpfull link: http://en.wikipedia.org/wiki/Windows_Server_Update_Services


regards Martin
--
gentoo-security@gentoo.org mailing list

I don't have a script on hand to show you as an example, but I had a
small script for doing the windows updates. Basically, I went through
and downloaded all of the updates manually (the kb****** executables
from MS). Then I threw them all in a a folder on a flash drive and had a
small script execute them one by one - so for each client's machine I
would stick in my flash drive and run the update script. Obviously, new
KB's are bound to come out, so I usually ran Windows Update after that,
but it still saved a load on bandwidht. I don't have a solution for the
Mac updates. Hope this helps!

Regards,
Benjamin Koren

Ochal Christophe wrote:
> Hi,
>
> I've been looking for a way to use our internal gentoo box (file - &
> printserver) to also cache windowsupdates & mac updates.
> Since we have a computershop we need to update *ALOT* of machines, and
> there's no flatrate internet available in Belgium, meaning we tend to
> run into our download limits.
>
> Does anyone know if this is feasable? If so, how?
>
> With kind regards,
> Ochal Christophe
--
gentoo-security@gentoo.org mailing list

--On October 4, 2006 8:08:05 AM -0500 Ben Koren <benkoren@gmail.com> wrote:

> I don't have a script on hand to show you as an example, but I had a
> small script for doing the windows updates. Basically, I went through
> and downloaded all of the updates manually (the kb****** executables
> from MS).

Since the beginning of the year Microsoft bundles all of it's monthly
updates into an ISO file. You can download that instead of searching for
them manually. Of course, this being Microsoft, the ISO's are not
cumulative so you need each one, and there isn't one for patches prior to
January 2006.

<http://support.microsoft.com/kb/913086>
--
gentoo-security@gentoo.org mailing list

> > Hi,

Hi

> >
> > I've been looking for a way to use our internal gentoo box (file - &
> > printserver) to also cache windowsupdates & mac updates.
> > Since we have a computershop we need to update *ALOT* of machines,
> > and there's no flatrate internet available in Belgium, meaning we
> > tend to run into our download limits.
> >
> > Does anyone know if this is feasable? If so, how?

You could setup a http (transparent?) proxy box caching requests to
windowsupdate. Squid should do the trick - it's pretty configurable.

cheers,
Marek Kierdelewicz
--
gentoo-security@gentoo.org mailing list

--On October 4, 2006 8:08:05 AM -0500 Ben Koren <benkoren@gmail.com> wrote:

> I don't have a solution for the Mac updates. Hope this helps!

Sorry for breaking this into 2 messages. I forgot this in the first one.

Apple makes cumulative updates available of their point releases. These
include all security releases prior to that point release. They do not
release a cumulative for each security patch released after a point
release, until the next point release.

These do not include updates to anything other than the OS (so no iLife
updates in the combo updaters.) You need to download each of those
individually.

Here's the one for PPC macs for 10.4.8
<http://www.apple.com/support/downloads/macosx1048comboupdateppc.html>

And the Intel one:
<http://www.apple.com/support/downloads/macosx1048comboupdateintel.html>

--
gentoo-security@gentoo.org mailing list

This answer is *not* Gentoo based (sorry guys), but if this is to
install the machines from scratch, you could use DiegoStart. Simply put
the DiegoStart files in your gentoo machine with samba and then install
all your machines automatically in unattended mode including all updates
and any software that you want (if it can be installed in unattended
mode, or you have a Ghost license to use AI Builder and create silent
install packages). There are also things like nlite and Ryan VM update
packs that will allow you to apply updates to your Windows install
sources, but none of these will work on machines which are already
installed.

Links:
http://diegostart.dijuremo.org
http://www.nliteos.com/
http://www.nliteos.com/

For machines already installed, you could manually download the updates
to a share and then write a batch script that basically applies all
updates in silent mode. Look here for the silent install switches.
http://support.microsoft.com/kb/262841

If you get CYGWIN with ssh installed in all the windows machines then
you could actually ssh in and run the commands without having to walk to
the machines.

Diego


Ochal Christophe wrote:

> Hi,
>
> I've been looking for a way to use our internal gentoo box (file - &
> printserver) to also cache windowsupdates & mac updates.
> Since we have a computershop we need to update *ALOT* of machines, and
> there's no flatrate internet available in Belgium, meaning we tend to
> run into our download limits.
>
> Does anyone know if this is feasable? If so, how?
>
> With kind regards,
> Ochal Christophe


--
gentoo-security@gentoo.org mailing list

Brian G. Peterson schreef:
> On Wednesday 04 October 2006 06:37, Ochal Christophe wrote:
>> I've been looking for a way to use our internal gentoo box (file - &
>> printserver) to also cache windowsupdates & mac updates.

> I'd start by looking at squid proxying. It would help your bandwidth
> usage in general.
>
> http://www.squid-cache.org/
>
> emerge squid squidguard squid-graph
>
> You could set special proxy rules for files from windowsupdate and mac
> update sites.

That was what i was thinking of doing, but i've got zero experiance with
squid sofar.

Another thing i'd like to implement is a way to see what machines used
how much bandwidth & wich user. (something akin of a watchguard i suppose)

I'll have to read up on squid i guess
--
gentoo-security@gentoo.org mailing list

Martin Pajak schreef:
> Martin Zwickel schrieb:
>> On Wed, 04 Oct 2006 13:37:04 +0200
>> Ochal Christophe <ochal@kefren.be> bubbled:
>>
>>> Hi,
>>>
>>> I've been looking for a way to use our internal gentoo box (file - &
>>> printserver) to also cache windowsupdates & mac updates.

>> Isn't Windows able to distribute patches from one machine over network?
>
> Yes, of course. If you have a Windows 2000/2003 server, there is a
> package (SUS = Software Update Services) intended to do this.
>
> Helpfull link: http://en.wikipedia.org/wiki/Windows_Server_Update_Services

The problem with these tools is that they aren't transparent, squid
seems like a far better choice for our situation (new machines &
repairs), however, i've found various conflicting info on this, will
have to test it to find out.
--
gentoo-security@gentoo.org mailing list

Ben Koren schreef:
> I don't have a script on hand to show you as an example, but I had a
> small script for doing the windows updates. Basically, I went through
> and downloaded all of the updates manually (the kb****** executables
> from MS). Then I threw them all in a a folder on a flash drive and had a
> small script execute them one by one - so for each client's machine I
> would stick in my flash drive and run the update script. Obviously, new
> KB's are bound to come out, so I usually ran Windows Update after that,
> but it still saved a load on bandwidht. I don't have a solution for the
> Mac updates. Hope this helps!

That's one possibility, but rather clumsy, and i'd have to rely on my
collegue's to help keep the local repository on the media up to date,
knowing some of my collegue's, i don't see that happen ;)

Squid sofar seems the best route to follow
--
gentoo-security@gentoo.org mailing list

Kevin van Haaren schreef:
> --On October 4, 2006 8:08:05 AM -0500 Ben Koren <benkoren@gmail.com> wrote:
>
>> I don't have a script on hand to show you as an example, but I had a
>> small script for doing the windows updates. Basically, I went through
>> and downloaded all of the updates manually (the kb****** executables
>> from MS).
>
> Since the beginning of the year Microsoft bundles all of it's monthly
> updates into an ISO file. You can download that instead of searching for
> them manually. Of course, this being Microsoft, the ISO's are not
> cumulative so you need each one, and there isn't one for patches prior
> to January 2006.
>
> <http://support.microsoft.com/kb/913086>


Hey, thx for the info, didn't know that, cheers!
--
gentoo-security@gentoo.org mailing list

Squid doesn't work properly to cache the updates without hacking it
(unless MS have made some squid friendly changes in version 5 -- I'm not
holding my breath)...

My rudimentary understanding is the updates send unique queries,
including per-machine unique data as part of the request which prevents
most of the data being cached, even if the updates data is identical.

Refer to: http://www.glob.com.au/windowsupdate_cache/ for more info.

Microsoft SUS is probably the most reliable automated solution I'm aware
of (if you have control of the machines you are trying to update).

Good luck!
Ben.


Ochal Christophe wrote:
> Ben Koren schreef:
>> I don't have a script on hand to show you as an example, but I had a
>> small script for doing the windows updates. Basically, I went through
>> and downloaded all of the updates manually (the kb****** executables
>> from MS). Then I threw them all in a a folder on a flash drive and had a
>> small script execute them one by one - so for each client's machine I
>> would stick in my flash drive and run the update script. Obviously, new
>> KB's are bound to come out, so I usually ran Windows Update after that,
>> but it still saved a load on bandwidht. I don't have a solution for the
>> Mac updates. Hope this helps!
>
> That's one possibility, but rather clumsy, and i'd have to rely on my
> collegue's to help keep the local repository on the media up to date,
> knowing some of my collegue's, i don't see that happen ;)
>
> Squid sofar seems the best route to follow
--
gentoo-security@gentoo.org mailing list

On Thu, 05 Oct 2006 10:20:04 +0200
Ochal Christophe <ochal@kefren.be> bubbled:

> Brian G. Peterson schreef:
> > On Wednesday 04 October 2006 06:37, Ochal Christophe wrote:
> >> I've been looking for a way to use our internal gentoo box (file -
> >> & printserver) to also cache windowsupdates & mac updates.
>
> > I'd start by looking at squid proxying. It would help your
> > bandwidth usage in general.
> >
> > http://www.squid-cache.org/
> >
> > emerge squid squidguard squid-graph
> >
> > You could set special proxy rules for files from windowsupdate and
> > mac update sites.
>
> That was what i was thinking of doing, but i've got zero experiance
> with squid sofar.
>
> Another thing i'd like to implement is a way to see what machines
> used how much bandwidth & wich user. (something akin of a watchguard
> i suppose)

vnstat, ipfm2, ...

>
> I'll have to read up on squid i guess


--
MyExcuse:
interrupt configuration error

Martin Zwickel <martin.zwickel@technotrend.de>
Research & Development

TechnoTrend AG <http://www.technotrend.de>

For windows updates you can use SUSFL. But documentation exist only on
russian.

For windows I've found WPKG to be a pretty good solution at work. For
deploying applications, application updates, and OS updates. It doesn't
require you to install anything on the server or the window clients.

http://www.wpkg.org/
--
David