Back in March I was looking for something analogous to WSUS for windows
systems to keep our small minority of Mac's patched.
We didn't find a way to centrally manage mac updates, but we did find a
way to make the Macs update themselves. Our solution probably won't
work for everyone, but in our environment we typically approve all of
the mac updates, people don't have admin rights on their own systems,
people don't remotely connect to their macs, and they don't work in the
wee hours on Sundays.
The solution we came up with involves:
---------------------------------------
1) OS X Power Management
2) crontab
3) softwareupdate command
What happens:
---------------
1) Computer automatically powers on at 3AM Sundays
2) crontab calls a "softwareupdate" command to automatically download
and install updates, if any are needed, at 3:10AM Sundays
3) Computer power management powers off at 5AM Sundays
To set this up:
Power Management:
---------------------
1) Click the "Apple Icon" in far left corner -> Choose "System Preferences"
2) Click "Show All" in upper left corner.
3) Choose "Energy Saver" (Lightbulb icon)
4) Set start and stop times.
Crontab
---------
Note: crontab is a common unix tool used to schedule events (tutorial
http://linuxweblog.com/node/24).
1) As root get to a terminal window (e.g. Macintosh HD ==>Applications
==>Utilities ==>Terminal)
2) type:
crontab -l
to list your current crontab settings.
3) as root type:
crontab -e
to edit your settings. Note you'll be using the default editor "vi"
(tutorial here: http://math.la.asu.edu/vi_tutorial/vi3.html).
Add these entries (#comments not needed). Make sure not to erase other
crontabs you may have (e.g. symantec).
#DOWNLOAD AND INSTALL UPDATES.
#created on 01 May 2006 by Chuck Harris
10 3 * * 0 /var/root/scripts/download_install_updates
4) Make a folder called scripts and create a script file called
"download_install_updates".
5) Make that file executable (e.g. chmod +x download_install_updates)
6) paste this data into the file:
/var/root/scripts/download_install_updates:
-------------------------------------------
#created on 01 May 2006 by Chuck Harris
#purpose: install updates, then shutdown when done
#called by cron job once per week
#
echo "Update script run. Any updates installed?" >> /var/root/softupdate.log
date >> /var/root/softupdate.log
/usr/sbin/softwareupdate -l -i -a >> /var/root/softupdate.log
7) Your done, you can look at the softwareupdate.log to see how it's
doing and what patches, if any, it installed.
Note these scripts could do more (e.g. mail someone, log rotate, check
if someone is really logged and if not reboot, etc..). Also we could
have added a shutdown command to the script instead of having power
management do it for us, but wanted friendly shutdown warnings provided
by power management just in case.
-- Mike Patterson Systems Manager UC Berkeley Extension ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Mon May 15 17:00:53 2006
This archive was generated by hypermail 2.1.8 : Mon May 15 2006 - 17:00:57 PDT