My not so uninteresting notes

To content | To menu | To search

Sunday 19 October 2008

Putting all together

I have been busy last weeks making L4SUS more friendly or at least less complicated !

I am quite happy of what I acheived so far. As the title says I put everything together to make a real install guide and some documentation.

All of this is the 0.1 release you will need the zip and the tar file because it was easier to package one for windows and the other one for Unix/Linux/....

Enjoy !

l4sus_0.10.zip and l4sus_0.10.tar.gz

Sunday 22 June 2008

L4SUS update

My first public release included some bugs.

I just release right now the version 0.02, it fixes lots of typo in my first release.

The whole system is pretty stable now, but it rely on automation both on the client and the server so now it's time to move on something else:

  • Create installer for windows using something like nsis so that simple configuration and scheduled tasks can be created automaticaly
  • See with OCS Ng what can be done to go further in the automation
  • Use offline database wsusscn2.cab to save bandwith when checking for updates (at least as an option)
  • Dig more deeply in the documentation of WSUS API in order to have more informations about updates.

The lastest version is here

To be continued ...

Sunday 1 June 2008

L4SUS

From the theory to practice there is a huge gap use to say my teachers.

Well I faced them well trying for real the script described here in short every thing was mostly but in order to get something that is really exploitable more efforts were needed.

Now it's done and I packaged every thing in the zipfile attached to this post. This is mostly 3 scripts (and a few subscripts) bundled together, it require a samba server. I called this L4SUS and it stands for Linux For Server Update Service.

Using L4SUS should be quite simple:

  • Extract all .vbs script in a folder on each computer you want to manage updates
  • Rename updatelist.conf.example to updatelist.conf and adapt configuration (ie. the name of the samba server and the root path serving update)
  • Install perl script in the samba server, make it executable (chmod a+x) and adapt paths at the top of the script ($dest_base_dir and $update_file_dir)
  • Verify that Windows update is configurated to search (and only search) from udpates
  • On the samba server create a directory called files in the directory pointed by $dest_base_dir, and for each computer a directory of the name of the computer also is the directory pointed by $dest_base_dir

The most tricky part is that $dest_base_dir (in download_winupdate) must be exported as the value of filePath (in updatelist.conf).

Main components of this systems are :

  • getupdatelist.vbs, this script search for applicable updates on the computer where it is running, it create a file in its own folder called yyyymmddproposedupdate.log which contains a list of all updates, their id and their file's url.
  • download_winupdate, provide a computer name to this script and it will parse the latest proposedupdate.log file, then download missing updates files and create a command list:: upatelist which indicate to doupdates.vbs how to do the updates
  • doupdates.vbs, this script execute as most quietly as possible the different updates listed in updatelist

You can get a nearly automatic systems by scheduling the scripts via cron and windows scheduler. Of course in this case it does mostly the same as using directly windows update (well it should use less bandwidth but it seems not as clever as windows update when it comes to do all the updates quietly ...).

Expect more updates soon, because it still a bit rough and should need more polish.