Patch

> I heard that there is a motto in system

> administration that not to update the patches unless

> it brokes. Is it true?

Wow. Not at all! If that were true, we'd all be running outdated, insecure systems.

> I'm quite new to unix, could you give some links to

> follow the system monitoring.

Well... you could start at http://www.unix.com/ and I'm sure you'll get many more replies.

Red_Oregon at 2007-7-5 18:48:24 >

[[[n other words, in most cases, you wouldn't want to *not* patch just because you don't have any obvious problems, that's my point.]]]

Actually it makes more sense to "Not patch" something you don't have a problem with. But just because one doesn't have a problem doesn't mean the problem doesn't exist... :) (if we do go down to picking knits)....

If there are *bullet-train* patches that the vendor has released - by all means -- you have to patch your system.

But would I want to install a telnet vulnerability patch on a system that has telnet disabled? Maybe you should...depends on many things.

Experience shows that most cases, you can simply run through and do a cluster install and it's going to be just fine. But then again, you have some of those "special moments" when something breaks and you can't log back into the box or can't back a patch out...

implicate_order at 2007-7-5 18:48:24 >

Yes, thanks to all for your useful informations, and definitely agree that experience will teach a lot. As "implicate_order" said, it doesn't mean that probem didn't exist, if one doesn't have problem. From my windows experience, all the patches released for operating system need to be patched, otherwise there is a lot of performance related problem. For example, if 50 users using a 8GB memory unix box, not all users using at one time and not even half of them. So how can we identify there is a problem exist, if there is no downtime, everyone thinks the system is ok, thats why its up and running. no one can notice a problem until it affect something.

Thiru_Sab at 2007-7-5 18:48:24 >