[gentoo-security] Using a gentoo box to cache windows updates & mac updates

[gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Ochal Christophe]

Hi,

I've been looking for a way to use our internal gentoo box (file - & 
printserver) to also cache windowsupdates & mac updates.
Since we have a computershop we need to update *ALOT* of machines, and 
there's no flatrate internet available in Belgium, meaning we tend to 
run into our download limits.

Does anyone know if this is feasable? If so, how?

With kind regards,
Ochal Christophe
-- 
gentoo-security@gentoo.org mailing list

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Brian G. Peterson]

On Wednesday 04 October 2006 06:37, Ochal Christophe wrote:
> I've been looking for a way to use our internal gentoo box (file - &
> printserver) to also cache windowsupdates & mac updates.
> Since we have a computershop we need to update *ALOT* of machines, and
> there's no flatrate internet available in Belgium, meaning we tend to
> run into our download limits.
>
> Does anyone know if this is feasable? If so, how?

I'd start by looking at squid proxying.  It would help your bandwidth 
usage in general.

http://www.squid-cache.org/

emerge squid squidguard squid-graph

You could set special proxy rules for files from windowsupdate and mac 
update sites.

Regards,

  - Brian
-- 
gentoo-security@gentoo.org mailing list

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Ochal Christophe]

Brian G. Peterson schreef:
> On Wednesday 04 October 2006 06:37, Ochal Christophe wrote:
>> I've been looking for a way to use our internal gentoo box (file - &
>> printserver) to also cache windowsupdates & mac updates.

> I'd start by looking at squid proxying.  It would help your bandwidth 
> usage in general.
> 
> http://www.squid-cache.org/
> 
> emerge squid squidguard squid-graph
> 
> You could set special proxy rules for files from windowsupdate and mac 
> update sites.

That was what i was thinking of doing, but i've got zero experiance with 
squid sofar.

Another thing i'd like to implement is a way to see what machines used 
how much bandwidth & wich user. (something akin of a watchguard i suppose)

I'll have to read up on squid i guess
-- 
gentoo-security@gentoo.org mailing list

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Martin Zwickel]

[-- Attachment #1: Type: text/plain, Size: 1100 bytes --]

On Thu, 05 Oct 2006 10:20:04 +0200
Ochal Christophe <ochal@kefren.be> bubbled:

> Brian G. Peterson schreef:
> > On Wednesday 04 October 2006 06:37, Ochal Christophe wrote:
> >> I've been looking for a way to use our internal gentoo box (file -
> >> & printserver) to also cache windowsupdates & mac updates.
> 
> > I'd start by looking at squid proxying.  It would help your
> > bandwidth usage in general.
> > 
> > http://www.squid-cache.org/
> > 
> > emerge squid squidguard squid-graph
> > 
> > You could set special proxy rules for files from windowsupdate and
> > mac update sites.
> 
> That was what i was thinking of doing, but i've got zero experiance
> with squid sofar.
> 
> Another thing i'd like to implement is a way to see what machines
> used how much bandwidth & wich user. (something akin of a watchguard
> i suppose)

vnstat, ipfm2, ...

> 
> I'll have to read up on squid i guess


-- 
MyExcuse:
interrupt configuration error

Martin Zwickel <martin.zwickel@technotrend.de>
Research & Development

TechnoTrend AG <http://www.technotrend.de>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[David Miller]

[-- Attachment #1: Type: text/plain, Size: 245 bytes --]

For windows I've found WPKG to be a pretty good solution at work.   For
deploying applications, application updates, and OS updates.  It doesn't
require you to install anything on the server or the window clients.

http://www.wpkg.org/
--
David

[-- Attachment #2: Type: text/html, Size: 316 bytes --]

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Martin Zwickel]

[-- Attachment #1: Type: text/plain, Size: 839 bytes --]

On Wed, 04 Oct 2006 13:37:04 +0200
Ochal Christophe <ochal@kefren.be> bubbled:

> Hi,
> 
> I've been looking for a way to use our internal gentoo box (file - & 
> printserver) to also cache windowsupdates & mac updates.

Ask Microsoft and Apple... Maybe a squid proxy could help you save
bandwidth?!

Isn't Windows able to distribute patches from one machine over network?

> Since we have a computershop we need to update *ALOT* of machines,
> and there's no flatrate internet available in Belgium, meaning we
> tend to run into our download limits.
> 
> Does anyone know if this is feasable? If so, how?
> 
> With kind regards,
> Ochal Christophe


-- 
MyExcuse:
system needs to be rebooted

Martin Zwickel <martin.zwickel@technotrend.de>
Research & Development

TechnoTrend AG <http://www.technotrend.de>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Martin Pajak]

Martin Zwickel schrieb:
> On Wed, 04 Oct 2006 13:37:04 +0200
> Ochal Christophe <ochal@kefren.be> bubbled:
> 
>> Hi,
>>
>> I've been looking for a way to use our internal gentoo box (file - & 
>> printserver) to also cache windowsupdates & mac updates.
> 
> Ask Microsoft and Apple... Maybe a squid proxy could help you save
> bandwidth?!
> 
> Isn't Windows able to distribute patches from one machine over network?

Yes, of course. If you have a Windows 2000/2003 server, there is a 
package (SUS = Software Update Services) intended to do this.

Helpfull link: http://en.wikipedia.org/wiki/Windows_Server_Update_Services


regards Martin
-- 
gentoo-security@gentoo.org mailing list

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Ochal Christophe]

Martin Pajak schreef:
> Martin Zwickel schrieb:
>> On Wed, 04 Oct 2006 13:37:04 +0200
>> Ochal Christophe <ochal@kefren.be> bubbled:
>>
>>> Hi,
>>>
>>> I've been looking for a way to use our internal gentoo box (file - & 
>>> printserver) to also cache windowsupdates & mac updates.

>> Isn't Windows able to distribute patches from one machine over network?
> 
> Yes, of course. If you have a Windows 2000/2003 server, there is a 
> package (SUS = Software Update Services) intended to do this.
> 
> Helpfull link: http://en.wikipedia.org/wiki/Windows_Server_Update_Services

The problem with these tools is that they aren't transparent, squid 
seems like a far better choice for our situation (new machines & 
repairs), however, i've found various conflicting info on this, will 
have to test it to find out.
-- 
gentoo-security@gentoo.org mailing list

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Ben Koren]

I don't have a script on hand to show you as an example, but I had a
small script for doing the windows updates. Basically, I went through
and downloaded all of the updates manually (the kb****** executables
from MS). Then I threw them all in a a folder on a flash drive and had a
small script execute them one by one - so for each client's machine I
would stick in my flash drive and run the update script. Obviously, new
KB's are bound to come out, so I usually ran Windows Update after that,
but it still saved a load on bandwidht. I don't have a solution for the
Mac updates. Hope this helps!

Regards,
Benjamin Koren

Ochal Christophe wrote:
> Hi,
> 
> I've been looking for a way to use our internal gentoo box (file - &
> printserver) to also cache windowsupdates & mac updates.
> Since we have a computershop we need to update *ALOT* of machines, and
> there's no flatrate internet available in Belgium, meaning we tend to
> run into our download limits.
> 
> Does anyone know if this is feasable? If so, how?
> 
> With kind regards,
> Ochal Christophe
-- 
gentoo-security@gentoo.org mailing list

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Kevin van Haaren]

--On October 4, 2006 8:08:05 AM -0500 Ben Koren <benkoren@gmail.com> wrote:

> I don't have a script on hand to show you as an example, but I had a
> small script for doing the windows updates. Basically, I went through
> and downloaded all of the updates manually (the kb****** executables
> from MS).

Since the beginning of the year Microsoft bundles all of it's monthly 
updates into an ISO file. You can download that instead of searching for 
them manually. Of course, this being Microsoft, the ISO's are not 
cumulative so you need each one, and there isn't one for patches prior to 
January 2006.

<http://support.microsoft.com/kb/913086>
-- 
gentoo-security@gentoo.org mailing list

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Ochal Christophe]

Kevin van Haaren schreef:
> --On October 4, 2006 8:08:05 AM -0500 Ben Koren <benkoren@gmail.com> wrote:
> 
>> I don't have a script on hand to show you as an example, but I had a
>> small script for doing the windows updates. Basically, I went through
>> and downloaded all of the updates manually (the kb****** executables
>> from MS).
> 
> Since the beginning of the year Microsoft bundles all of it's monthly 
> updates into an ISO file. You can download that instead of searching for 
> them manually. Of course, this being Microsoft, the ISO's are not 
> cumulative so you need each one, and there isn't one for patches prior 
> to January 2006.
> 
> <http://support.microsoft.com/kb/913086>


Hey, thx for the info, didn't know that, cheers!
-- 
gentoo-security@gentoo.org mailing list

Re: ***SPAM*** Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Marek Kierdelewicz]

> > Hi,

Hi

> > 
> > I've been looking for a way to use our internal gentoo box (file - &
> > printserver) to also cache windowsupdates & mac updates.
> > Since we have a computershop we need to update *ALOT* of machines,
> > and there's no flatrate internet available in Belgium, meaning we
> > tend to run into our download limits.
> > 
> > Does anyone know if this is feasable? If so, how?

You could setup a http (transparent?) proxy box caching requests to
windowsupdate. Squid should do the trick - it's pretty configurable.

cheers,
Marek Kierdelewicz
-- 
gentoo-security@gentoo.org mailing list

Re: ***SPAM*** Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 80 bytes --]

For windows updates you can use SUSFL. But documentation exist only on
russian.

[-- Attachment #2: Type: text/html, Size: 84 bytes --]

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Kevin van Haaren]

--On October 4, 2006 8:08:05 AM -0500 Ben Koren <benkoren@gmail.com> wrote:

> I don't have a solution for the Mac updates. Hope this helps!

Sorry for breaking this into 2 messages. I forgot this in the first one.

Apple makes cumulative updates available of their point releases. These 
include all security releases prior to that point release. They do not 
release a cumulative for each security patch released after a point 
release, until the next point release.

These do not include updates to anything other than the OS (so no iLife 
updates in the combo updaters.) You need to download each of those 
individually.

Here's the one for PPC macs for 10.4.8
<http://www.apple.com/support/downloads/macosx1048comboupdateppc.html>

And the Intel one:
<http://www.apple.com/support/downloads/macosx1048comboupdateintel.html>

-- 
gentoo-security@gentoo.org mailing list

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Ochal Christophe]

Ben Koren schreef:
> I don't have a script on hand to show you as an example, but I had a
> small script for doing the windows updates. Basically, I went through
> and downloaded all of the updates manually (the kb****** executables
> from MS). Then I threw them all in a a folder on a flash drive and had a
> small script execute them one by one - so for each client's machine I
> would stick in my flash drive and run the update script. Obviously, new
> KB's are bound to come out, so I usually ran Windows Update after that,
> but it still saved a load on bandwidht. I don't have a solution for the
> Mac updates. Hope this helps!

That's one possibility, but rather clumsy, and i'd have to rely on my 
collegue's to help keep the local repository on the media up to date, 
knowing some of my collegue's, i don't see that happen ;)

Squid sofar seems the best route to follow
-- 
gentoo-security@gentoo.org mailing list

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Ben Anderson]

Squid doesn't work properly to cache the updates without hacking it 
(unless MS have made some squid friendly changes in version 5 -- I'm not 
holding my breath)...

My rudimentary understanding is the updates send unique queries, 
including per-machine unique data as part of the request which prevents 
most of the data being cached, even if the updates data is identical.

Refer to:  http://www.glob.com.au/windowsupdate_cache/ for more info.

Microsoft SUS is probably the most reliable automated solution I'm aware 
of (if you have control of the machines you are trying to update).

Good luck!
Ben.


Ochal Christophe wrote:
> Ben Koren schreef:
>> I don't have a script on hand to show you as an example, but I had a
>> small script for doing the windows updates. Basically, I went through
>> and downloaded all of the updates manually (the kb****** executables
>> from MS). Then I threw them all in a a folder on a flash drive and had a
>> small script execute them one by one - so for each client's machine I
>> would stick in my flash drive and run the update script. Obviously, new
>> KB's are bound to come out, so I usually ran Windows Update after that,
>> but it still saved a load on bandwidht. I don't have a solution for the
>> Mac updates. Hope this helps!
> 
> That's one possibility, but rather clumsy, and i'd have to rely on my 
> collegue's to help keep the local repository on the media up to date, 
> knowing some of my collegue's, i don't see that happen ;)
> 
> Squid sofar seems the best route to follow
-- 
gentoo-security@gentoo.org mailing list

Re: [gentoo-security] Using a gentoo box to cache windows updates & mac updates

[Diego Julian Remolina]

This answer is *not* Gentoo based (sorry guys), but if this is to 
install the machines from scratch, you could use DiegoStart. Simply put 
the DiegoStart files in your gentoo machine with samba and then install 
all your machines automatically in unattended mode including all updates 
and any software that you want (if it can be installed in unattended 
mode, or you have a Ghost license to use AI Builder and create silent 
install packages). There are also things like nlite and Ryan VM update 
packs that will allow you to apply updates to your Windows install 
sources, but none of these will work on machines which are already 
installed.

Links:
http://diegostart.dijuremo.org
http://www.nliteos.com/
http://www.nliteos.com/

For machines already installed, you could manually download the updates 
to a share and then write a batch script that basically applies all 
updates in silent mode. Look here for the silent install switches.
http://support.microsoft.com/kb/262841

If you get CYGWIN with ssh installed in all the windows machines then 
you could actually ssh in and run the commands without having to walk to 
the machines.

Diego


Ochal Christophe wrote:

> Hi,
>
> I've been looking for a way to use our internal gentoo box (file - & 
> printserver) to also cache windowsupdates & mac updates.
> Since we have a computershop we need to update *ALOT* of machines, and 
> there's no flatrate internet available in Belgium, meaning we tend to 
> run into our download limits.
>
> Does anyone know if this is feasable? If so, how?
>
> With kind regards,
> Ochal Christophe


-- 
gentoo-security@gentoo.org mailing list