Secunia takes a lot of the work out of patching applications across the fleet. It runs as an independent agent\scanner which creates a software inventory database of clients on your network. You can then create individual ‘update packages’ and push them to your WSUS server (and\or SCCM server). The best part is that Secunia handles package creation for most applications — you don’t need to know the install\uninstall switches of every application. Here’s a quick overview of how Secunia works and looks. The next post will cover the actual installation and configuration.
Secunia needs to get a software inventory to function. It can do this via remote scanning or agent-based scanning. Remote scanning refers to scanning a group of agent-less computers on your network via a central server. Agent-based scanning refers to installing an agent on your host that scans itself and reports back to the central server. Remote scanning requires only a couple firewall holes and works well for always-connected computers. Agent-scanning works well for laptops and desktops without a reliable maintenance schedule.
There are 3 agent types:
- CSI Host Agent – command-line agent that doesn’t interact with the user.
- CSI Network Appliance Agent – proxy-style command-line agent that can be used to remotely scan its host and subnet(s).
- PSI – adds a GUI-agent to the CSI that allows the user to install patches if they’re administrator.
The CSI Network Appliance Agent is what you’d install on a dedicated scanning server\VM. CSI Host Agent is great for laptops because it will upload scan results to the central server whenever it can. The PSI is a great compromise for power users who like to manage their own machines, and for IT who still want reporting and the ability to force patch compliance. PSI contains all the features of a CSI host agent (as far as I can tell).
Here are a few screen shots of Secunia in action.
- Secunia’s inventory of our network.
- Secunia patch page, showing the right-click features.
- The updates, as published to my SCCM Repo.
It’s a pretty cool program. Stay tuned for help installing the system.