Creating and Editing a Linux Patch Group

Security Controls provides the ability to use a patch group to scan for (content-based only) or deploy a particular set of updates. There are multiple ways to create or edit Linux patch groups for both contentless patching and content-based patching:

  • To create a new patch group:
    • Click New > Linux Patch > Patch Group
    • In the Linux Patch Groups list in the navigation pane, right-click and select New Linux Patch Group
  • To edit an existing group, in the Linux Patch Groups list under Linux Patching in the navigation pane, double-click the patch group name.

    • Be careful when editing an existing patch group. Any modifications you make will affect any Linux scan or deployment configuration that references the patch group. Also, if you edit and save a patch group that is currently being used by an agent policy, the agents using that policy will be updated the next time they check in with the console.

Linux Patch Group dialog

Field Descriptions

Name

The name that you wish to assign to this patch group.

Path

This box is used to specify the folder path that this patch group will reside in within the Linux Patch Groups list in navigation pane. If you do not specify a path, the patch group will reside at the root level of the list. For more details, see Organizing Linux Patch Groups and Configurations.

Filter tab

The Filter tab lists the contents of the patch group, providing filters and a search control to help you to find details about specific items in the group.

There are three different actions you can perform on this tab: Add, Remove and View packages.

  • Add: Enables you to add one or more updates using the Linux Patch Group Editor.

    • Patch group editor

    The pane on the left of the dialog shows the updates that have been added to the patch group.

    The pane on the right enables you to select updates to add to the patch group:

    • The Advisories tab shows advisories that have been discovered on your target machines
    • The Packages tab shows packages that have been discovered on your target machines
    • The Manual addition tab enables you to enter the ID of a specific package or advisory, including those that do not appear in the other tabs

    To add advisories from the Advisories tab or packages from the Packages tab:

    1. Use the column headers and filters to group or further refine the information in the grid.

      2. Use the search box to locate specific items in the grid.

    2. Select one or more items in the grid and then click Add update.
      The updates are added to the Included updates list.

    To add advisories or packages from the Manual addition tab:

    1. In the Type list, select Advisory or Package as required.
    2. In the Enter identifier field, type the ID of the advisory or package.
    3. Click Add update.
      The update is added to the Included updates list. If the identifier you enter matches a package found in the patch scan metadata, then when you save the changes and close the editor, additional information including the associated repository names appear in the Patch Group dialog.

    You can combine updates for different distributions in the same group. You may choose to create separate patch groups for the different distributions, and if you do, you should use the Path box to organize the groups.

  • Remove: To remove one or more updates from either the Linux Patch Group or the Linux Patch Group Editor dialog, select the desired updates and then click Remove update.
  • View packages: To view the packages that are affected by the updates contained in either the Linux Patch Group or the Linux Patch Group Editor dialog, select the desired updates and then click View packages. A single update may update one or more packages.

    • The packages listed in the Package view for a specific advisory may differ depending on the context of which machine you viewed it from. For more information, see Viewing Details of Linux Packages.

Used By tab

This tab shows you the agent policies that are currently using this patch group. This is important to know if you are considering modifying the patch group, as it tells you which agents are affected.

How to delete a patch group

Patch groups can be deleted from the Linux Patch Groups list using the right-click menu.
  • To create a new patch group:
    • Click New > Linux Patch (Content-Based) > Patch Group (Content-Based)
    • In the Linux Patch Groups (Content-Based) list in the navigation pane, right-click and select New Linux Patch Group
  • To edit an existing group, in the Linux Patch Groups list under Linux Patching (Content-Based) in the navigation pane, double-click the patch group name.

    • Be careful when editing an existing patch group. Any modifications you make will affect any Linux scan or deployment configuration that references the patch group. Also, if you edit and save a patch group that is currently being used by an agent policy, the agents using that policy will be updated the next time they check in with the console.

Field Descriptions

Name

The name that you wish to assign to this patch group.

Path

This box is used to specify the folder path that this patch group will reside in within the Linux Patch Groups list in navigation pane. If you do not specify a path, the patch group will reside at the root level of the list. For more details, see Organizing Linux Patch Groups and Configurations.

Filter tab

There are three different actions you can perform on this tab: Add, Remove and View packages.

  • Add: Enables you to add one or more patches using the Linux Patch Group Editor.

    • Use the Patch filter pane to narrow the list of patches presented in the grid on the right. You can then use the column headers and filters to further refine the information in the grid. Finally, you can use the search box to locate specific items in the grid.

    To add one or more patches to the group, select them in the grid and then click Add patch. The patches will be added to the Included patches list.

    The program will allow you to combine CentOS and Red Hat patches in the same group. You may choose to create separate CentOS and Red Hat patch groups, and if you do, you should use the Path box to organize the groups.

  • Remove: To remove one or more patches from either the Linux Patch Group or the Linux Patch Group Editor dialog, select the desired patches and then click Remove patch.
  • View packages: To view the packages that are affected by the patches contained in either the Linux Patch Group or the Linux Patch Group Editor dialog, select the desired patches and then click View packages. A single patch may update one or more packages.

    • The packages listed in the Package view for a specific advisory may differ depending on the context of which machine you viewed it from. For more information, see Viewing Details of Linux Packages.

Used By tab

This tab shows you the agent policies that are currently using this patch group. This is important to know if you are considering modifying the patch group, as it tells you which agents are affected.

How to delete a patch group

Patch groups can be deleted from the Linux Patch Groups list using the right-click menu.

Tips for Using the Search Tool

You can easily search for patches contained in a Linux patch group. To initiate a search you type the text you want to find and then press Enter. Only those patches matching the search criteria are displayed; all other patches are hidden.

  • The Search tool works only on the information currently visible in the grid. You can right-click on the column headers to add or remove columns to be searched.
  • If a filter is applied, only patches matching both the search criteria and the filter criteria are displayed.
  • All partial matches are displayed.
  • The search is not case sensitive.
  • The use of wildcards is not allowed.
  • To clear the search criteria, click the icon located on the right side of the search box.