(Re-submitted) Sorry, previous message had a misleading subject line.
Has the method of checking for patches/updates changed for Linux
(specifically Red Hat)? Starting in August, our monthly patch scans
showed a ridiculously low number of vulnerabilities: 1 missing patch
(total) across 140 Linux servers. Our most recent patch scan ran this
past Saturday with the same results, yet running 'up2date --dry-run' on
4 randomly-chosen servers showed between 10 and 12 missing patches on
all four hosts. Most of the patches were released slightly less than
one month ago (since our last maintenance window, which is when we patch
our production systems).
I can send the nessusrc file and/or KB for the sample hosts privately.
John Scherff
24 Hour Fitness
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Has the method of checking for patches/updates changed for Linux
(specifically Red Hat)? Starting in August, our monthly patch scans
showed a ridiculously low number of vulnerabilities: 1 missing patch
(total) across 140 Linux servers. Our most recent patch scan ran this
past Saturday with the same results, yet running 'up2date --dry-run' on
4 randomly-chosen servers showed between 10 and 12 missing patches on
all four hosts. Most of the patches were released slightly less than
one month ago (since our last maintenance window, which is when we patch
our production systems).
I can send the nessusrc file and/or KB for the sample hosts privately.
John Scherff
24 Hour Fitness
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus