The knowledge base is updated continuously, providing you with relevant update management from the Linux community and public update releases.
In addition, you may have private components that your own organization has patched and customized. Using Sun Update Connection – Enterprise, you can mark a local component as a security fix for a previous local component and upload the security fix to the local knowledge base.
Marking a local component as a security fix has the following results:
During the predefined profile Security Check, if a host has the first version installed, it is upgraded to the Security Fix version.
During a user-defined profile, if the job should install the local package as a dependency, the Security Fix version is given priority over the earlier version. If the job is marked for Use secure components only, only the Security Fix version can be installed. The job fails instead of installing the unsecured version.
If a later update is created that provides enhancements on the Security Fix package, you may decide that both local packages are Security Fixes, or that only the latest package is the one preferred Fix. From the console , you can select a Local Software component and then change its Security Fix mark.
Ensure that the Inventory panel is visible. From the View menu, choose Inventory.
Log in to the system as a superuser.
From the drop-down list in the tool bar, select a distribution-architecture.
The Components list changes to show the components relevant to your selection. The NCOs that you add with this procedure are added to the inventory of the displayed distribution.
Under the Local category, select Local RPMs or a user-defined category under it.
Right-click the selected category and choose Local, then choose Add.
The Add Software window opens.
Select whether the RPM is accessed from the localhost (console) or from a remote managed host.
Browse to the file if it is on the console; type in the path name if it is on a remote host.
Check Security Fix.
Click OK.
The Add Package window closes. The software is added to the knowledge base as an update to the previous like-named added components.
The job option Use secure components only, which makes sure that all dependencies installed for a job do not have later uninstalled updates, makes the job run slower and take up more resources; therefore, it is deselected by default. If you are sure that you want all jobs to run this check before installing anything, you can change the default settings.
From the Tools menu, choose Preferences.
The Preferences window opens.
Select the Console radio button.
In the Category list, choose Jobs.
Select the Check security checkbox.
Click Submit.
The Preferences Confirmation window opens.
Click Submit.
You do not need to logout to apply this setting.
Open the New Job window, Options tab.
Notice that Use secure components only is selected by default.