USENIX Technical Program - Abstract - 13th Systems Administration Conference - LISA '99
Cro-Magnon: A Patch Hunter-Gatherer
Jeremy Bargen, University of Colorado at Boulder and
Raytheon Systems Company, and Seth Taplin, University of Colorado at Boulder and
On a relatively large and heterogeneous network, there may be
several operating systems and dozens of major applications in general
use. Locating and maintaining patches for these systems can take up a
significant portion of a system administrator's time. In addition,
groups of machines must all be kept at consistent patch levels, and
the exact patch level may vary depending on the group. Security
patches are especially problematic because they appear at irregular
intervals, and the administrator generally wants to find and install
them as soon as possible after they become available.
describes Cro-Magnon, a system for automating the process of patch
downloading and application. Cro-Magnon can be configured with a list
of patch sites and will mirror those sites, downloading new patches as
they are detected and notifying the administrator of the downloads.
Cro-Magnon can verify patch authenticity and can maintain patch data
for multiple machine groups and architectures, all with different
The Cro-Magnon architecture is intended to be as
flexible as possible. It allows for multiple download methods such as
FTP and HTTP and multiple authentication schemes like MD5 and PGP.
Although it currently deals primarily with patch downloading and
notification, it is intended to be extended to allow automated patch
application and maintenance.