Linux Patch Management
Sorin Srbu
sorin.srbu at ki.se
Thu Nov 3 06:44:30 UTC 2022
On Wed, 2022-11-02 at 13:53 +0000, I.A. Taylor via ubuntu-users wrote:
>
> Good afternoon
>
> I am looking to see if there any recommendations for "patch management"
>
> As in software/procedures to
> a) install patches
> b) email an admin account of patches installed
>
> Further :-
>
> Is there a way to automatically schedule a system reboot if new kernel
> installed ?
Hello!
We use Jenkins jobs with ansible to trigger patch updates on groups of
servers. The jobs are manually started from Jenkins according to reminders
from our calendars.
Jenkins provides log outputs of what's happening during the patching.
When the patching is done, we have other Jenkins reboot jobs.
Would your environment be a server one, or desktops?
In the desktop case, automatic updates and reboots might not be as critical,
so unattended updates may in that case be practical.
Have a look at this;
https://www.cyberciti.biz/faq/set-up-automatic-unattended-updates-for-ubuntu-20-04
For email notifications, just install postfix or sendmail and redirect root
mail to your external email address of choice. There might be a lot of
emails flying about though, if your environment is large.
On a sidenote, I'm personally not to keen on running automatic unattended
updates and reboots, should something fail during the patching.
An automatic reboot on a borked patch procedure might bork stuff even more.
We in fact make a point to uninstall the unattended-upgrades package on our
servers when we create new ones.
FWIW, I turned on automatic security updates on my mother's Kubuntu desktop.
That's as far as I trust unattended patching. :-)
--
Sorin Srbu, Serverdrift
Tele: 08-524 84166
Karolinska Institutet Universitetsbibliotek
Avdelningen för Verksamhetsstöd
Enheten för Teknikstöd och Bildproduktion
# They say you can't buy happiness, but you can buy a
# motorcycle, and that's pretty damn close!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 858 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20221103/66064289/attachment.sig>
More information about the ubuntu-users
mailing list