Are you patched?

May 8, 2010, by | Start Discussion

We all have heard this in every advisory “patch your OS & software regularly”

In this issue of command line gyan, we’ll see how  we can check the status of updates/patches on windows & different flavors of Linux

Windows

Starting from this issue, we’ll see a lot of windows examples using Windows Management Instrumentation Command (WMIC).

WMIC  is  set of extensions to the Windows Driver Model that provides an OS interface through which instrumented components provide information & notification.

For checking the status of patches, we can use the Quick Fix Engineering (QFE) alias of WMIC.

In this example we’ll try to find if MS08-067 is installed on the client which was affected by conficker virus

      C:> wmic qfe where hotfixid="KB958644" list full

This will show whether the patch is installed or not. So the idea is to use the command with the appropriate KB number of Microsoft patch

If you want to run the same command on the remote machine you can do the same by

      C:> wmic qfe where hotfixid="KB958644" list full /node:192.168.1.25 /user:administrator /password:i_wont_tell;)

Very obviously you need to have appropriate privileges on the remote machine to fetch this information.

If you want to use the same command on a number of machines, try passing a file name in /node with an @ sign

      C:> wmic qfe where hotfixid="KB958644" list full /node:@ip_list.txt /user:administrator

Here if you leave the password parameter, the command will prompt for the password.

Remember, this command also prints the date of patch installation, so you can keep an eye on your admin too, with this.

Linux

For a redhat based system we’ll use yum to do this task.

      # yum list-security

Will list all the available security updates

&

      # yum update –security

Will install all the security related updates

But the question is installation time because you want to catch your admin, right? For that you’ll have to run the rpm command and get the info

      # rpm -q –qf "%{NAME}t%{VERSION}t%{INSTALLTIME:date}n" mysqld

This will produce result like

      mysqld 5.0.45 Wed 17 Mar 2010 02:39:56 AM IST

If you want to generate the list of all products with such information, simply try

      # rpm -qa –qf "%-30{NAME} %-15{VERSION} %{INSTALLTIME:date}n"

Which will produce a nice list in easy to read format The way UBUNTU & other debian based systems are getting popular, it would be unfair if we don’t mention the debian trick

# apt-show-versions -u

Isn’t it pretty easy, like ubuntu itself.  Interestingly in apt, it doesn’t show you the timestamp and to get that you’ll have to dig into the /var/cache/apt/archives and see the timestamp of download, unless that has been cleaned by the command

# apt-get clean

Happy finding the dates & happy eating the head of your admin 🙂

bio data - Rohit Srivastwa

Leave a Reply