test

Sun Update Connection - Enterprise 1.0 User's Guide

Chapter 6 Solaris Baselines

This chapter describes how to use Solaris baselines to update your Solaris hosts with patches.

Using Baselines to Update a Solaris Host With Patches (Task Map)

A Solaris baseline is a dated collection of patches, patch metadata, and tools. Sun releases Solaris baselines on a monthly basis. When you install the patches of a baseline on a host, that host is considered to be compliant with that baseline.

Baselines only pertain to Solaris hosts.

Using Solaris baselines enables you to easily know the patch level of your hosts. For example, you install some test hosts with a particular baseline. Then, you test these hosts for a period of time to see whether the patches in this baseline are stable enough to be used on your production hosts. When the testing reveals that this baseline is stable, you can install the same baseline you tested on your production hosts.

You can modify a baseline to create a custom patch set by the use of black lists and white lists. A black list is a list of patch IDs that you never want to be applied to a host. A white list is a list of patch IDs that you always want to be applied to a host.

Solaris baselines appear as a category in the Components list. The Solaris Baselines category contains a list of dated baselines. Each dated baseline contains these three patch sets:

Selecting a baseline patch set and choosing Details from the Components menu shows you the list of the patches in the baseline.

An installed baseline appears in the Components list marked as (Installed). If you install the baseline and use a policy as a black list, the baseline is not marked as (Installed) even though it has been installed.

The following table identifies the tasks that you might perform when using Solaris baselines to update a system with patches.

Task 

Description 

For Instructions 

Create a white list of patches. 

Your white list must include the baseline you want to install and can optionally include any patches that you want to always install. 

To Create a Solaris Baseline White List

(Optional) Create a black list of patches. 

You can optionally create a black list that includes the patches that are never to be installed. 

To Create a Solaris Baseline Black List

Perform a Solaris baseline compliance analysis. 

The result of this analysis is a list of the number of patches to be installed to bring it in to compliance with the baseline, the white list, and the black list you specify. 

To Perform a Solaris Baseline Compliance Analysis

Install a Solaris baseline on a managed host. 

This procedure describes how to use the white list and black list you created to deploy a Solaris baseline to selected Solaris hosts. 

To Install a Solaris Baseline

View details about a baseline installation job. 

You must have run a Solaris baseline deployment job or a Solaris baseline compliance analysis job that has successfully completed before you can view details. 

To View a Summary of a Baseline Installation Job

ProcedureTo Create a Solaris Baseline White List

This procedure uses the profile mechanism to create a white list that contains a baseline and an optional white list.

For information about working with Solaris baselines, see the following:

Note –

The terms update and patch are the same.

  1. From the Hosts list, select the host or group for which you want to create a baseline white list.

    Note that the white list must contain a baseline and can optionally include a list of patches to install.

  2. Select the baseline you want to install.

    1. From the Components list, expand the Solaris Baselines category.

    2. Find and expand the dated baseline you want to install.

    3. Select one of the following patch sets:

      • Full – Includes all Solaris patches

      • Recommended – Includes Solaris recommended patches and security patches

      • Security – Includes only Solaris security patches

    4. (Optional) View the contents of the baseline, by choosing Details from the Components menu.

      The Details window opens.

    5. Add the baseline to the Action list by choosing Required from the Components menu.

      Note –

      You can select only one baseline to for installation on a host, hosts, group or groups. If you select another baseline for the same host, hosts, group, or groups and choose Required from the Components menu, an error message appears.

      • To replace the current baseline with the one you just selected, click OK.

      • To use the original baseline, click Cancel.

  3. (Optional) Add one or more patches to the white list.

    1. From the Components list, expand the Patches category.

    2. Find and expand the patch ID range for the patch or patches you want.

    3. (Optional) View a description of the patch.

      Choose Details from the Components menu.

      The Component Information window opens. This window presents information on the following tabbed pages:

      • General tab – Shows the patch ID, the size of the patch, and the platform for which the patch was created.

      • Incident tab – Shows the patch ID, the patch type, and a URL to the patch README file.

      • Dependencies tab – Shows any patches that depend on the one you selected.

      • Installed tab – Shows you the list of hosts on which the patch has been installed.

    4. Select a patch ID, and then choose Required from the Components menu.

      The patches you mark as required are added to the Action list.

    5. Repeat Substeps b through d for each patch you want to add to the white list.

  4. Choose Save As Profile from the Action menu.

    The Profile Editor window opens.

  5. Review the list of patches in the Action list.

  6. Give the profile a name that you can easily remember.

    Using identifiable names is especially helpful if you want to use this profile again for other jobs.

  7. Click OK to save the profile.

    The profile is saved and appears in the Profiles window.

  8. Click Close to dismiss the Profiles window.

ProcedureTo Create a Solaris Baseline Black List

This procedure describes how to use the policy mechanism to create a black list of updates that are never to be installed.

Note –

The terms update and patch are the same.

  1. From the Hosts list, select the host, hosts, group, or group for which you want to create a black list.

  2. Open the Policies window by choosing Policies from the Tools menu.

  3. Click the New button to open the Policy Editor window.

  4. Give the policy a name that you can easily remember.

    Using identifiable names is especially helpful if you want to use this policy again for other jobs.

  5. Expand the Patches category.

  6. Find and expand the patch ID range in which the patch or patches you want to add to the black list is found.

  7. Select a patch ID, and add the patch to the black list by choosing No from the Apply Fix drop-down menu.

  8. Repeat Steps 6 and 7 for each patch you want to add to the black list.

  9. Click OK to save the policy on the Policies window.

ProcedureTo Perform a Solaris Baseline Compliance Analysis

This procedure describes how to perform a Solaris baseline compliance analysis. The result of this analysis is a list of the number of patches to be installed to bring it in to compliance with the baseline, the white list, and the black list you specify.

Before You Begin

You must have a Solaris baseline white list and an optional black list to perform this task. For more information about creating these lists, see the following:

Note –

The terms update and patch are the same.

  1. Open the New Job window by choosing New from the Jobs menu.

  2. Select Simulate to run the job in simulation mode.

  3. Open the Task Editor window by clicking the Add (New) Task button.

    1. Choose your white list from the Profiles drop-down menu.

    2. (Optional) Choose your black list from the Policy drop-down menu.

    3. Open the Select Hosts window by clicking the Host Select button.

    4. Select the host or group, click the Add button (right-facing arrow) to add it to the list, and then click OK.

    5. Click OK to save the task.

  4. Repeat Step 3 for each baseline compliance analysis task you want to run as part of this job.

  5. (Optional) Click the Options tab to specify the task execution parameters.

    If you plan to have more than one task in this job to run analyses against more than one baseline, you can select Parallel to run the tasks simultaneously. By default, tasks are run sequentially.

  6. Click OK to submit the job.

  7. (Optional) View the progress of the job running on the host by choosing Host Progress from the Host list.

  8. View the job summary when the job completes.

    For more information, see To View a Summary of a Baseline Installation Job.

ProcedureTo Install a Solaris Baseline

This procedure describes how to deploy a Solaris baseline to selected Solaris hosts.

Before You Begin

You must have a Solaris baseline white list and an optional black list to perform this task. For more information about creating these lists, see the following:

Note –

The terms update and patch are the same.

  1. Open the New Job window by choosing New from the Jobs menu.

  2. Select Deploy to deploy the baseline to the selected hosts.

  3. Open the Task Editor window by clicking the Add Task button.

    1. Choose your white list from the Profiles drop-down menu.

    2. (Optional) Choose your black list from the Policy drop-down menu.

    3. Open the Select Hosts window by clicking the Host Select button.

    4. Select the host or group, click the Add button (right-facing arrow) to add it to the list, and then click OK.

    5. Click OK to save the task.

  4. Repeat Step 3 for each baseline deployment task you want to run as part of this job.

  5. Click OK to submit the job.

  6. (Optional) View the progress of the job running on the host by choosing Host Progress from the Host list.

  7. View the job summary when the job completes.

    For more information, see To View a Summary of a Baseline Installation Job.

  8. (Optional) Perform a profile compliance check of the selected hosts.

    See To Check Profile Compliance.

    Note –

    Perform this check only if you used a profile to install the baseline and white list. If you also used a policy to specify a black list, this check will show the host to be non-compliant.

ProcedureTo View a Summary of a Baseline Installation Job

Before You Begin

You must have run a Solaris baseline deployment job or a Solaris baseline compliance analysis job that has successfully completed.

Note –

The terms update and patch are the same.

  1. Select the job for which you want view a summary from the Jobs list.

  2. Open the Job Summary window by choosing Summary from the Jobs menu.

  3. View the following summary information for each task:

    • Host – Shows the host name on which you ran the task.

    • Distribution – Shows the operating system and platform architecture of the host.

    • Task – Shows the task type.

    • Number of Changes – Shows the number of changes made or will be made to the host.

  4. (Optional) View details about a task.

    1. Select a task from the table, and click the View Changes button.

      The Host Changes Report window opens.

    2. Select a patch ID from the table, and click the Component Info button.

      The Incident Information window opens.

    3. View information about the patch by clicking one of the following tabs:

      • READ ME – Shows the URL to the patch README file.

      • General – Shows the patch ID, patch category, and release date.

      • CVE ID – Shows the CVE ID of the patch.

      • Package – Shows the packages modified by the patch.

      • Obsolete – Shows the patches that this patch renders obsolete.

    4. Click Close to dismiss the Incident Information window.

    5. Click Close to dismiss the Host Changes Report window.

  5. Repeat Step 4 for each task for which you want to view details.

  6. Click Close to dismiss the Job Summary window.