Patch management on multiple systems

security unix update

It is common to have some sort of proxy cache service acting as an intermediary between the upstream repositories and the target machines. It helps to save bandwidth and makes deployments faster, in the RHEL/CentOS world that would be spacewalk, in Debian and derivatives a debmirror and in the AIX world possibly a NIM server.

Given the absence of ruby for AIX (some ports do exist, though), the appropriate configuration management for your environment would be cfengine. If that looks overkill, you can also try ansible, which only requires python. And there is python even for AIX.

It is also common and even expected that the versions, name of the services, name of the packages, etc... differ from platform to platform. You need to deal with separating data and code. If a mature configuration management system does not meet your requirements, I seriously doubt that a bunch of home-brewed scripts will.

The third requirement: "I can't install anything on the target system..." is not clear at all, and seems to be in conflict with the fact that you are using private repositories.

Last but not least, managing packages is only 1% of the tasks you need to perform in order to secure and audit your systems.

Related

Min/Max-value validators in asp.net mvc
How to convert webpage into PDF by using Python
Can you target an elements parent element using event.target?
Docker run vs create
Permission denied when activating venv
How to add a primary key to a MySQL table?
Spring-boot default profile for integration tests
How can I get (query string) parameters from the URL in Next.js?
DBMS_OUTPUT.PUT_LINE not printing
Pry: show me the stack
Search for selection in Vim
Memcache(d) vs. Varnish for speeding up 3 tier web architecture