Introduction to Linux-based Patch Management
Patch management activities on Linux-based machines are always performed using agents.
In 2024, Linux patching in Security Controls is undergoing a major change as it transitions away from the content-based patching described in this section to contentless patching directly from the distribution's repository. This provides a much more efficient and exhaustive mechanism for patching Linux devices. For more information, see the main Security Controls help (opens in a new window).
Patching Process
The complete patching process is as follows:
- Identify your Linux machines.
- If you know the identities or whereabouts of all your Linux machines, you can create a Linux machine group. For complete details, see the Ivanti Security Controls help system.
- If you are unsure about the identities and locations of all your Linux machines, perform a power status scan on the My Domain or Entire Network group. The scan will identify the OS type of each machine in the group and your Linux machines will be displayed on the Linux patch tab in Machine View. For details on performing a power status scan, see the Ivanti Security Controls help system.
- Create one or more Linux patch groups and configurations.
- Create a Linux patch group: This is optional but it is generally a good idea. Creating a patch group gives you greater control over your scans and deployments. With a patch group you can scan for and deploy a particular set of patches.
- Create a Linux patch scan configuration: You use this configuration to specify exactly how your Linux machines will be scanned.
- Create a Linux patch deployment configuration: You use this configuration to specify exactly how patches will be deployed to your Linux machines.
- Create one or more agent policies.
An agent policy defines exactly what an agent can or cannot do. You will create one or more Linux patch tasks in the agent policy. - Install the agent policy.
Once installed, the agent will automatically perform its tasks and report the results to the console.