Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Server Automation10.51

Use > Server patching > Patch management for Red Hat Linux Enterprise > Scan managed servers for recommended patches

Scan managed servers for recommended patches

Before actually remediating the patches to a Red Hat managed server, SA needs to know what patches are applicable to a Red Hat server. Not all errata issued by Red Hat is applicable to a managed server. This depends on what packages are installed and at what level of patching is the server. The job of Red Hat patch scanning is to report RPM units that are recommended for a managed server. After the scanning runs and recommended RPM units are found, the remediation can occur. The scanner responsible for determining the recommended patches uses the RPM repositories generated after importing the patches. If there is a repo.restrict custom attribute (please read the previous section – Managing Red Hat patches) then the RPM repository metadata downloaded to the managed server will reflect the value of the custom attribute.

The Red Hat patch scanner is implemented using dynamic handlers, meaning that the actual software implementing the scan resides on the core and is passed to the managed server during scan. The scanner downloads the RPM repository from core locally on the managed server and then it uses the native tools to run a scan on the machine. The scan results are sent up to the core and then can be used for remediation. The native tool used for Red Hat is yum.

Note For the scanner to work, you will require Yum version 2.4.3 or later.

Running patch scanning on managed servers periodically

Red Hat patch scanning runs on a periodic basis on the managed server, that is each time software registration is performed. But in order to get some recommended patches you must first perform patch import.

Besides depending on the patch scanning that runs periodically with the software registration you can force the scanner to run either from HSA Client or directly from the managed server.

Running patch scanning manually from SA Client

From the HPE SA Client you can perform a patch scan on a managed server in two ways:

Run a Software Compliance Check
Run a Patch Compliance check

The first method is simpler, in the sense that you don’t have any prerequisite to run the scanning (apart from the patches that need to be imported in SA Library in order to get some recommended patches). The second methods implies that the Red Hat managed servers on which the patch compliance is run must have a Dynamic Patch Policy attached, otherwise the scanner will not be executed on the managed servers. More about Dynamic Patch Policies can be found in the next section: Remediate Red Hat Patches.

To run a Software Compliance check that starts the scanning process on a list of managed servers:

From the navigation pane, select Devices > Servers >All Managed Servers.
Select one or more Red Hat Servers.
From the context menu, right click and select Scan.
From the new menu list, select Software Compliance.

To run a Patch Compliance check, first make sure that each managed server that you want to scan has a Dynamic Patch Policy attached, followed by these steps:

From the navigation pane, select Devices > Servers >All Managed Servers.
Select one or more Red Hat Servers.
Right click. From the context menu select Scan.
From the new menu list, select Patch Compliance.

Run patch scanning manually on the managed server

The user can explicitly invoke a scan on the managed server by running the following command:

/opt/opsware/agent/pylibs/cog/bs_software [--full]

Viewing the recommended patches

The result of scanning produces a list of patches that are applicable to a managed server. In Red Hat Patching terminology we call these recommended patches.

You can view the recommended patches applicable to a managed server from the SA Client. There are two ways to do this. You can either:

From the navigation pane, select Devices > Servers >All Managed Servers.
Select a Red Hat managed server
From the View combo box, select Patches.

The second option involves opening the Server Browser:

From the navigation pane, select Devices > Servers >All Managed Servers.
Open a Red Hat managed server.
In the new window, select Inventory tab.
In the navigation pane, select Patches. A window much like the one depicted above should be rendered.

Send Help Center feedback