Creating and Editing a Linux Patch Deployment Configuration

A Linux patch deployment configuration defines how a patch deployment will be performed. Security Controls provides one predefined configuration named Update All. This configuration specifies that the agent will deploy all patches that were identified as missing by a patch scan. A patch group will not be used and a post-deploy reboot will not be performed.

You cannot edit the predefined configuration. If the predefined configuration is not adequate for your needs, you can create a custom configuration.

To work with a custom Linux patch deployment configuration, do one of the following:

To create a new deployment configuration:

Click New > Linux Patch > Linux Patch Deployment Configuration

In the Linux Patch Deployment Configurations list in the navigation pane, right-click and select New Linux Patch Deployment Configuration

To edit an existing group, in the Linux Patch Deployment Configurations list, double-click the deployment configuration name

 

Name

The name that you wish to assign to this configuration.

Path

This box is used to specify the folder path that this configuration will reside in within the Linux Patch Deployment Configurations list in navigation pane. If you do not specify a path, the configuration will reside at the root level of the My Linux Patch Deployment Configurations list. For more details, see Organizing Linux Patch Groups and Configurations.

Description

A description of the configuration.

Post-deploy reboot when needed by the target patches

If enabled, specifies that Security Controls will review the patches being deployed and determine whether or not a reboot is required.

If you do not enable this option, a reboot will not be performed after deployment.

Deploy all missing patches

If enabled, all patches that were identified as missing by a patch scan will be deployed.

Deploy by patch group

If enabled, only those patches that were identified as missing by a patch scan and that are contained within the specified Linux patch groups will be deployed.

Deploy only explicit version

If enabled, only the explicit version of the patch that was detected as missing will be deployed. If a newer version of the patch is available it will not be deployed.

Used by tab

This tab shows you the agent policies that are currently using this configuration. This is important to know if you are considering modifying the configuration, as it tells you which agents are affected.

Deployments are Performed Using YUM

Yellowdog Updater, Modified (YUM) is a command-line utility that is used for retrieving, installing and managing RPM packages from official Red Hat and CentOS software repositories. When an agent needs to deploy a patch, it does so by instructing YUM to download and install the patch. If you have Linux client machines that reside in a disconnected network, the agent will not be able to utilize YUM and you must set up one or more local repositories.