Home / server / Questions / 58628
Accepted
romandas
Asked: 2009-08-26 11:33:04 +0800 CST

How can I determine the last time a Solaris machine was patched?

  • 772

I am trying to determine patch levels and how long some Solaris machines have been without patching in order to support triaging which systems to patch first. How can I determine the last time a Solaris machine was patched?

solaris patch-management

5 Answers

  1. I dunno about determinng the last time a solaris box was patched, but you can work out the patch level with showrev -p

    • 3
  2. Best Answer

    Well, don't know any good direct ways, but these might help. 'showrev -p' will tell you all the installed patches. And I guess the dates in /var/sadm/pkg would be from the last time the packages were modified (or patched).

    • 3

  3. I'll agree with the above showrev -p comments and add that uname -a to get the kernel version is also useful to give a general picture.

    • 0

  4. You should check first /etc/release that shows which version of Solaris was originally installed, then check with 'uname -a' which kernel patch are you currently using (it's the number XXXXXX-XX that shows up) then start comparing the kernel patches with the other machines, the kernel patch is a critical component so a newer kernel patch usually means a more up to date system in almost every aspect.

    And then if you're not a faint of heart you can use the (unofficial) PCA tool to update your systems automatically just by providing a valid SunSolve account.

    • 0

  5. To determine how long a Solaris (10) system has been without patching, I remotely check the following (from a Linux system, because GNU date is handy).

    1) Remotely grab the date/time from the most recent thing in the patch directory;

    (See below for the explanation of the ls options)

    ls -terd /var/sadm/patch/* | tail -1 | awk '{print $6,$7,$9,$8 }'

    Note; The awk command prints the date in the MMM DD YYYY HH:mm:ss format;

    Jan 28 2017 01:48:14

    2) Calculate $days_since with days_since{} (this works in ksh, might in bash);

    function days_since { 
  d2=$(date -d "$1" +%s)
  d1=$(date -d now +%s)
  echo $(( (d1 - d2) / 86400 ))
}

    Now we know that Solaris 10 system hasn't been patched in 192 days! :)

    Quick reference for the Solaris 10 ls command;

     -t           Sorts by time stamp (latest first)  instead  of
              by  name.  The default is the last modification
              time. (See -u and -c.

 -e           The same as -l, except  displays  time  to  the
              second,  and  with  one  format  for  all files
              regardless of age: mmm dd hh:mm:ss yyyy.

 -r           Reverses the  order  of  sort  to  get  reverse
              alphabetic or oldest first as appropriate.

 -d           If an argument is a directory, lists  only  its
              name  (not its contents). Often used with -l to
              get the status of a directory.
    • 0