Creating a Custom Patch Configuration

To create your own custom patch configuration, on the Patch settings page, click Create configuration.

  • Configuration name: The name you want to assign to this configuration.
  • Comment: Provide a comment that describes the purpose of this configuration.

Contentless approach to patching on Linux

Ivanti's patching solution for Linux differs from that used for Windows and macOS. It is important to understand how the contentless approach to Linux patching differs from the content-based approach to Windows and macOS patching because it results in patch data for the different operating systems appearing at different times in Ivanti's products.

Watch a related video (02:44)

For Windows and macOS, the patch content data is curated and tested by Ivanti before being released to the products for use. For full details of this process, see the Ivanti Community. This approach is required as these operating systems allow software to be installed from a variety of sources.

Linux has a different approach, where deploying and maintaining the installed software is controlled using a Package Manager connected to distribution-specific repositories. Ivanti’s patching products use the device's repository sources to populate the patch content that is required during the patch scan. This is the contentless approach and enables the products to be more flexible. It enables you to use third party and internal repositories without the need for Ivanti to update its own patch content. Additionally, as soon as updates are available from the repository they are available for installation without the need for a Patch Content update from Ivanti.

Initially, no Linux patch data appears in Neurons until a device has been scanned and the data for that device has been uploaded and processed. As more devices are scanned, any additional data is merged to provide a more complete picture.

Ivanti Neurons for Patch Management follows the convention in patching Linux devices by always updating to the latest package available in the repository, even if an earlier version is selected. Note that for some distributions this is actually the only option available, as earlier versions of a package are not available from the repository.

When using the original dnf package manager provided with Linux distributions derived from Red Hat Kernel versions 8.1 - 8.4, the dnf pre-deployment scan may generate false-positive notifications that do not appear in the post-deployment scan results. This was corrected by Red Hat in the package manager provided with version 8.5, and can also be corrected using the command sudo dnf update dnf.

Configuration Behavior tab

This tab enables you to configure a number of different options related to the deployment of patches.

Select Show summary to see a summary of your custom patch configuration options, with a tab for each operating system. This summary is updated in real time as you add, delete or modify your patch configuration options.

Associations tab

This tab enables you to associate the patch configuration with one or more agent policies. The association of the patch configuration to a policy defines the endpoints to which the configuration will be deployed. All devices using a specific policy will be governed by the patch configuration you associate with that policy.

The agent policy must have the Patch Management capability enabled in order to utilize the patch configuration.

You can associate a patch configuration with multiple agent policies.

History tab

This tab enables you to track changes that have been made to the patch configuration.

Saving and Activating Your Custom Patch Configuration

The following buttons are available while using any of the three patch configuration tabs.

  • Save and make active: Save the patch configuration and make it active for the devices that are assigned to the associated policies. Each device will receive the new configuration the next time the device's agent checks in with Ivanti Neurons.
  • Save: Saves the patch configuration without closing the page, enabling you to keep working.
  • Undo changes: Undoes any changes, returning the patch configuration to its previous saved state.
  • Archive / Restore configuration: Archives or restores the configuration. You cannot archive configurations that have a policy associated with them.
  • Close: Closes the page without saving the latest changes to the patch configuration.