Use > Server patching > Patch management for Ubuntu > Specifying Ubuntu patch settings

Specifying Ubuntu patch settings

Ubuntu patch settings provide extensive options for configuring the patching options and functionality to fit your environment.

Ubuntu patch settings

Setting

Description

Proxy

Define the Ubuntu proxy configuration.

Repositories

Define the Ubuntu repositories to access.

Policy Settings

Configure the Ubuntu Patch Policy Settings.

Scanner Options

Specify the Ubuntu scanner behavior.

General

Specify the Ubuntu log settings.

Ubuntu patch settings: Set the proxy

Specify the proxy information for your environment. Proxies provide network security and are used in most environments.

Ubuntu proxy settings

Setting

Description

User ID

Enter the User ID to access the Web proxy.

Password

Enter the Password to access the Web proxy.

Proxy URL

Enter the full URL to access the Web proxy. For example: http://web-proxy.company.com:8080

User Agent

Specify the User Agent to pass to the proxy server, if required.

Ubuntu patch settings: Set the repositories

Define the repository settings for your environment. The repository settings include the desired Ubuntu repository as well as how it will be stored in SA.

Ubuntu repository settings

Setting

Description

Ubuntu URL

Enter the full URL to access the Ubuntu repositories. For example: http://archive.ubuntu.com/ubuntu/dists/

Repositories

Select one or more repositories to use:

Security: Import security packages.

Updates: Import updates to official packages.

Suite Code Name

Specify the Ubuntu Suite Code Names:

Precise Pangolin

Component Name

Specify the Ubuntu Component name(s):

Main: Officially supported software. This is the major part of the distribution, and is supported by Ubuntu.

Restricted: Supported software that is not available under a free license. This software is supported by Ubuntu.

Universe: Community-maintained software; i.e., not officially supported software. (Note: Software from this repository is entirely unsupported by the Ubuntu team. Software in a Universe repository will not receive any review or updates from the Ubuntu Security Team.)

Multiverse: Software that is not free. (Note: Software from this repository is entirely unsupported by the Ubuntu team. Software in a Multiverse repository will not receive any review or updates from the Ubuntu Security Team.)

Architecture

Select the SA-supported Ubuntu architectures in your environment:

32 bit or 64 bit

Repository Policy Name Format

Choose whether to include date and time along with the Ubuntu Repository path name when creating the repository policy. Your format options are:

Use Ubuntu Path: Uses only the Ubuntu path when creating the repository policy.

Add Date to Ubuntu Path: Appends Year-Month-Day to the Ubuntu path when creating the repository policy.

Add Date and Time to Ubuntu Path: Appends Year-Month-Day-HOUR:MINUTE to the Ubuntu path when creating the repository policy name.

Ubuntu patch settings: Configure the policy settings

Use the Policy Settings section to configure the default settings for handling Ubuntu patch policies:

Ubuntu policy settings

Setting

Description

Automatically include dependent packages

Specify whether to make Ubuntu patch remediation jobs automatically include dependent packages:

Yes: Dependent packages will be included in Ubuntu patch remediation jobs by default.

No: Dependent packages must be manually added to Ubuntu patch remediation jobs.

Import based on Scan results

Specify whether to filter import contents and only import what your environment needs. Note: Best policy practice is to leave the default value of Yes:

Yes: (Default) A scan will be run, and import contents will be filtered based on the results.

No: All content will be imported without first running a scan.

Download Package Binaries

Controls the import of all Ubuntu packages from the repository:

Yes: Import Ubuntu packages at policy creation.

No: Delay download of Ubuntu packages until a scan is run to determine the packages needed in your environment.

Production Requirements

Enter the full path to the file on the SA Slice server or single core server that specifies the packages needed for your production environment. You must be logged in to this server when you perform Ubuntu patch or package updates.

When the package importer is run, it imports packages from this list if they match information in the Ubuntu metadata catalog.

Create Static Policies

Determine if static policies can be created based on the Debian packages defined in the repository:

Yes: Enables creation of static policies.

No: Prevents creation of static policies.

Package Policy Name Format

Choose whether to include date and time along with the Ubuntu Repository path name when creating the package policy:

Use Ubuntu Path: Uses only the Ubuntu path when creating the package policy name.

Add Date to Ubuntu Path: Appends Year-Month-Day to the Ubuntu path when creating the package policy name.

Add Date and Time to Ubuntu Path: Appends Year-Month-Day-HOUR:MINUTE to the Ubuntu path when creating the package policy name.

Ubuntu patch settings: Specify the scanner behavior

Use the Scanner Settings section to configure the behavior of the Ubuntu scanner.

Ubuntu scanner settings

Setting

Description

Enable Ubuntu Scanner

Determine whether to enable the Ubuntu Scanner:

Yes: Enables the Ubuntu scanner

No: Disables the Ubuntu scanner

Note: The Ubuntu Scanner is critical to the Ubuntu Patching functionality. If this option is disabled, the Ubuntu Patching feature is essentially disabled.

Use Implicit Scan Policy

Enables the implicit scan policy which picks up the latest imported Ubuntu repository policy by default; bypasses the need to manually attach modified policies to servers.

Yes: Enable implicit policies.

No: Disable implicit policies: Ubuntu repository policies must be manually attached to each server

Logging Options

Defines the Managed Server logging options during scan and remediation.

Errors only:Logs only errors.

Errors and warning messages:Logs errors and warning messages.

Errors and debug messages:Logs errors and debug messages.

Errors and informational only:Logs only errors and informational messages.

Repository Scope

Define the repository scope on the Managed Server.

Public: Keeps the repository public on the Managed Server.

Private: Keeps the repository private on the Managed Server: the repo control file will be deleted after SA has used it and re-created the next time.

Repository Filename

Enter the name of the repository file to create on the Managed Server.

Repository Directory

Enter the name of the repository directory to create on the Managed Server.

Scanner Handler Directory

Enter the name of the handler directory to create on the Managed Server.

List information for all packages

Determine ability to get installed information for all packages even if they do not exist in the current repository.

Yes:Gets information about all packages that are installed on the Managed Server.

No:Collects information only about installed packages from the current repository.

Debug Servers

List of debug servers.

Ubuntu patch settings: Specify the general logging options

The General section allows you to specify how you want to handle error logging.

Ubuntu general logging settings

Setting

Description

Logging Options

Choose the Ubuntu Importer logging options:

Errors only: Logs only errors.

Errors and warning messages: Logs errors and warning messages.

Errors and debug messages: Logs errors and debug messages.

Errors and informational only: Log errors and informational messages.