Identify newly built RHEL 7/8 servers

hemantgaikwad10 · June 28, 2021, 2:36pm

Hello,
I’m looking for a way to identify RHEL 7/8 servers that were built in last 7 days.
I’ll use the relevance to create an automatic group & then apply a patch policy to the group to patch my newly built servers.
I’ve set it up for Windows by having an automatic group with following relevance:

(version of client >= “6.0.0.0”) AND (exists true whose (if true then (windows of operating system AND (((value “InstallDate” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion” of native registry as integer) * second + “01 Jan 1970 00:00:00 +0000” as local time) > (now - 7*day))) else false))

brolly33 · June 28, 2021, 3:52pm

@hemantgaikwad10
If you were trying to detect the build date of a RHEL box without BigFix, for example from an SSH session, how would you do it?

Would you check file time stamps somewhere? config files? run some sort of command?

ncpeteusa · June 28, 2021, 5:09pm

This link might help you to find the date the besagent rpm was installed

https://www.thegeekdiary.com/centos-rhel-how-to-find-when-was-the-rpm-installed/

SLB · June 28, 2021, 7:30pm

Just in case its applicable in your use case, one note regarding your Windows install date approach, that registry value is updated each time a feature update gets installed so each time you apply a feature update, those will also get captured by your detection. An approach we use to detect the actual OS install date is by looking at the OS and feature update dates then pick the lowest value and convert that to a time. Eg

The install date based on your method

Q: (it * second + "01 Jan 1970 00:00:00" as local time) of (value "InstallDate" of key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry as integer)
A: Mon, 22 Mar 2021 18:41:38 +0100
T: 1.572 ms
I: singular time

Dates from base install as well as and feature updates

Q: (it * second + "01 Jan 1970 00:00:00" as local time) of ((values "InstallDate" of keys whose (name of it starts with "Source OS") of key "HKEY_LOCAL_MACHINE\SYSTEM\Setup" of native registry as integer) ; (value "InstallDate" of key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry as integer))
A: Thu, 12 Dec 2019 12:51:38 +0100
A: Thu, 08 Oct 2020 17:38:11 +0100
A: Mon, 22 Mar 2021 18:41:38 +0100
T: 1.359 ms
I: plural time

Get the actual OS install date

Q: (it * second + "01 Jan 1970 00:00:00" as local time) of (minimum of ((values "InstallDate" of keys whose (name of it starts with "Source OS") of key "HKEY_LOCAL_MACHINE\SYSTEM\Setup" of native registry as integer) ; (value "InstallDate" of key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry as integer)))
A: Thu, 12 Dec 2019 12:51:38 +0100
T: 0.585 ms
I: singular time

I don’t have much Linux experience but I read that tune2fs can output several factors of the boot file system so you can run that via a task, output to a file then parse the file with relevance

Action command
tune2fs -l {device name of filesystem "/boot"} | grep "Filesystem created:" > "/var/opt/BESClient/__BESData/__Global/Logs/filesystemcreationdate"

Read the output and covert to a date
((year of it as string & "/" &(if (length of it =1) then ("0"&it) else it) of (month of it as integer as string) & "/" & (if (length of it =1) then ("0"&it) else it) of (day_of_month of it as string)) of date ("GMT" as time zone) of it & " " & ((if (length of it =1) then ("0"&it) else it) of (hour_of_day of it as string) & ":" & (if (length of it =1) then ("0"&it) else it) of (minute_of_hour of it as string)) of time ("GMT" as time zone) of it) of ((concatenation " " of substrings (8,2;4,3;20,4;11,8) of (following text of first "ed:" of lines of file "/var/opt/BESClient/__BESData/__Global/Logs/filesystemcreationdate" as trimmed string)) as local time) | ""