Security APAR Assist (SAAssist) is a tool (Open Source) to help System Administrators manage APARs (Security Fixes) for IBM AIX and IBM PowerVM environment.
This tool works like Linux "yum" or "apt-get" to manage the security fixes (CVE and IVs).
SAAssist works as client/server reducing time to verify if fix is applicable, reducing time to deploy the fix to AIX and VIOS servers, reducing false-positives, and is not necessary high skill knowledge about AIX filesets/version management :)
SAAssist works directly with Fix Level Recommendation Tool, the IBM official website.
The installation and configuration is simple and also can be integrated with orchestrator or automation software (IBM BigFix, Chef, Puppet, etc)
There are two basic components on SAAssist: SAAssist Server (saassist-server) and SAAssist Client (saassist-client). This is an Open Source software licensed under Apache License 2.0.
Important:
**The Security APAR Assistant (including saassist-server and saassist-client) is not an IBM software and it is not supported or guaranteed by IBM**.
IBM AIX, IBM PowerVM and IBM Fix Level Recommended Tool website are registered trademarks of IBM Corporation in the United States, other countries, or both.
SAAssist Server (saassist-server) is a tool that works directly with the IBM Fix Level Recommendation Tool (FLRT) website and it creates a local repository with APARs information and packages based on CVE or IV number.
These APARs information and packages are accessed by SAAssist Client (saassist-client) by HTTP or NFS protocol and checks if the APAR affects the server and if a fix can be installed.
Only the SAAssist Server needs to have access to IBM FLRT website directly or using a web proxy. SAAssist Client needs to have access only to your local SAAssist Server using HTTP or NFS protocol.
For more details about how to install and use, check out:
Any kind of contribution is welcome (see Contributing link)
Remark:
SAAssist works with fix/APAR for AIX and PowerVM but Java, OpenSSH, OpenSSL and IBM System Mirror (PowerHA/HACMP) is not supported yet. See ToDo