We all have heard this in every advisory “patch your OS & software regularly”
In this issue of command line gyan, we’ll see how we can check the status of updates/patches on windows & different flavors of Linux
Windows
Starting from this issue, we’ll see a lot of windows examples using Windows Management Instrumentation Command (WMIC).
WMIC is set of extensions to the Windows Driver Model that provides an OS interface through which instrumented components provide information & notification.
For checking the status of patches, we can use the Quick Fix Engineering (QFE) alias of WMIC.
In this example we’ll try to find if MS08-067 is installed on the client which was affected by conficker virus
C:> wmic qfe where hotfixid="KB958644" list full
This will show whether the patch is installed or not. So the idea is to use the command with the appropriate KB number of Microsoft patch
If you want to run the same command on the remote machine you can do the same by
C:> wmic qfe where hotfixid="KB958644" list full /node:192.168.1.25 /user:administrator /password:i_wont_tell;)
Very obviously you need to have appropriate privileges on the remote machine to fetch this information.
If you want to use the same command on a number of machines, try passing a file name in /node with an @ sign
C:> wmic qfe where hotfixid="KB958644" list full /node:@ip_list.txt /user:administrator
Here if you leave the password parameter, the command will prompt for the password.
Remember, this command also prints the date of patch installation, so you can keep an eye on your admin too, with this.
Linux
For a redhat based system we’ll use yum to do this task.
# yum list-security
Will list all the available security updates
&
# yum update –security
Will install all the security related updates
But the question is installation time because you want to catch your admin, right? For that you’ll have to run the rpm command and get the info
# rpm -q –qf "%{NAME}t%{VERSION}t%{INSTALLTIME:date}n" mysqld
This will produce result like
mysqld 5.0.45 Wed 17 Mar 2010 02:39:56 AM IST
If you want to generate the list of all products with such information, simply try
# rpm -qa –qf "%-30{NAME} %-15{VERSION} %{INSTALLTIME:date}n"
Which will produce a nice list in easy to read format The way UBUNTU & other debian based systems are getting popular, it would be unfair if we don’t mention the debian trick
# apt-show-versions -u
Isn’t it pretty easy, like ubuntu itself. Interestingly in apt, it doesn’t show you the timestamp and to get that you’ll have to dig into the /var/cache/apt/archives and see the timestamp of download, unless that has been cleaned by the command
# apt-get clean
Happy finding the dates & happy eating the head of your admin 🙂
