Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Patch management for Ubuntu
- Features
- SA Client Library
- SA management of Debian metadata database
- Roles for Ubuntu patch management
- Patch management process
- Specifying Ubuntu patch settings
- Ubuntu patch management tasks
- Policy management
- Remediating patch policies
- Patch compliance
- Patch administration
- Patch locale configuration tasks
- Patch installation
Features
SA automates Ubuntu patching by providing the following features and capabilities:
- A central repository where packages are stored and organized in their native formats.
- A database that stores information about every package that has been applied.
- Dynamic Patch Policies that analyze platform vulnerabilities based on the latest metadata from the vendor.
- Advanced search abilities that identify servers that require package updates.
- Auditing abilities for tracking the deployment of important package updates.
Scheduling and notifications
In the SA Client, you can separately schedule when you want patches to be imported from Microsoft into Server Automation, either by a schedule or on demand, and when you want these patches to be downloaded to managed servers.
Best Practice: Schedule patch installations for a day and time that minimize disruption to your business operation.
Ubuntu patching also allows you to set up email notifications that alert you when the download and installation operations completed, succeeded, or failed. When you schedule a patch installation, you can also specify reboot preferences to adopt, override, postpone, or suppress the vendor’s reboot options.
Patch policies
To provide flexibility in how you identify and distribute packages on managed servers or groups of servers, Ubuntu patching allows you to create patch policies that define groups of packages you need to install. By creating a patch policy and attaching it to a server or a group of servers, you can manage which packages get installed, and where, in your organization.
The Patch Policy model that Ubuntu uses is based on software and packages that are imported as patches.
- Dynamic Policies can automatically import the latest Ubuntu packages from the vendor. When new Debian binary packages are imported, the icon shows that the policy now contains the latest package content and is active.
- Dynamic Policies are designed to remediate servers.
- Static Patch Policies contain metadata that defines the Debian binary package updates.
Best Practice: For reliable automated updates, use the Dynamic Policies.
For more information, see Creating a patch policy .
Patch installation preview
While Patch Management allows you to react quickly to newly discovered security vulnerabilities, it also provides support for strict testing and standardization of patch installation.
After you have scanned servers and have identified packages to install, Patch Management allows you to simulate (preview) the installation before you actually install a package. Use the preview process to identify whether the servers that you selected for the patch installation already have that package installed. In some cases, a server could already have a package installed if a system administrator had manually installed it.
After this type of package installation, if a compliance scan has not been run or the installed package has not been registered, SA does not know about it. Use the preview process for an up-to-date report of the package state of servers.
The preview process also reports on package dependency and supersedence information, such as packages that require certain Ubuntu products, and packages that supersede other packages or are superseded by other packages.
Exporting patch data
To help you track the patch state of servers or groups of servers, Patch Management allows you to export this information. This information can be exported in a comma‑separated value (.csv) file and includes details about when a patch was last detected as being installed, when a patch was installed by Server Automation, the patch compliance level, what patch policy exceptions exist, and so on. You can then import this information into a spreadsheet or database to perform a variety of patch analysis tasks.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: