Can anyone please help me to relevance which can be utilized to pull data from the Linux system for the Last OS Patch Date?
Some ideas:
at point in time of patching, create a textfile containing date and import it using an analysis.
Or use something like output from yum history in case of having yum/dnf as packetmanager.
I think you need to define what an OS Patch is, since Linux doesn’t have a patch Tuesday. I’ve been toying with the idea of writing an analysis that would look for any systems with a kernel version that is less than the version that I would consider current. This would have to be updated manually on a regular basis but I think it would be a good indicator of a system that hasn’t been kept up to date.
apt-get and yum both keep log files…maybe checking the date of the logs would be useful? Generally I think “Last Patch Date” doesn’t provide a lot of useful information, since it wouldn’t show which patches were installed on that date.
I usually prefer to measure compliance in terms of which fixlets are relevant, and the severities and ages of the fixlets.