University of Illinois. Help Desk. Office of the CIO. Departmental Services. Educational Technologies. About CITES. Status Server.
CITES.  

Superglue

 

  Workstation Services Group
*
 WSG Home
*
 Contract Services
*
 Software
*
 Technical Resources
*
 Linux Academy
*
 News and Projects
*
 Contact Us

 
The Easy Way to Patch Solaris Systems

In an effort to make it easier for people to keep their Solaris systems up to date with the latest recommended patches, WSG has developed a program called Superglue. Directions for the application of patches on a Solaris 2.6, 7, 8, or 9 system are as follows:

As root...

/usr/sbin/mount solaris-patches.cites.uiuc.edu:/services/patches /mnt

/mnt/superglue
/usr/sbin/umount /mnt

Superglue compares the patches already on your system with the ones in the latest patch cluster from Sun, and installs the patches you are missing. This software is being made available to campus on an "as-is" basis.

Some notes on the use of superglue:

  • Remember that superglue is designed to work only on Solaris 2.6, 7, 8, and 9.
  • After checking what you need, superglue uses the standard patchadd command to install the patches. Patchadd saves saves a copy of the replaced system files under the /var/sadm directory, so you need to have some free space available there. The size of the saved files depends on the patch, and usually ranges from a few kilobytes to a few megabytes.
  • The underlying patchadd command does a lot of bookkeeping and integrity checking before installing patches. If your system needs a lot of patches, this could take some time.
  • superglue -h will list all its options.
  • If, for any reason you want to install patches without using superglue, you can download the patch clusters from Sun directly. Then you can run the install_cluster script included with the clusters. Individual patches are available at http://sunsolve.sun.com/security. Features new to superglue-2.0, released in August, 2000, include:
    • support for Solaris 8
    • more concise output from the -n flag
    • patch descriptions printed in the initial list
    • support for a /.superglue.ignore file to specify a list of patches to ignore
    • new -I flag to tell superglue not to read /.superglue.ignore

    The latest version of superglue, superglue-2.4, released in August of 2002, now supports Solaris 9.

    Keep in mind that patching is only one aspect of good security. For others, see:
    Practical Unix Security Workshop Notes
    CERT UNIX Security Configuration Guidelines
    Other CERT Security Tips

    Last modified on Fri 6 December 2002 by areynold