Use > Server patching > Patch management for Ubuntu

Patch management for Ubuntu

HPE Server Automation (SA) patch management for Ubuntu enables you to identify, install, and remove Ubuntu Debian package updates, and maintain a high level of security across managed servers in your organization. You can identify and install Ubuntu packages that protect against security vulnerabilities for the SA-supported Managed Server platforms.

In Ubuntu, “patches” are Debian “packages.” SA uses Ubuntu patch management to apply Ubuntu packages.

SA automates the key aspects of patch management while offering a fine degree of control over how and under what conditions Ubuntu packages are installed. By automating the patching process, patch management can reduce the amount of downtime required for patching. SA also allows you to schedule patch activity, so that patching occurs during off-peak hours.

Because Ubuntu package updates are often released to address serious security threats, an organization must be able to roll out packages quickly, before systems are compromised. However, the packages themselves can cause serious problems, from performance degradation to server failures. While patch management allows you to react quickly to newly discovered threats, it also provides support for strict testing and standardization of patch installation.

SA Ubuntu Unified Patching Process

 

Best Practice: With Ubuntu patching in SA, you can import the metadata before importing the binary packages. You can run the Ubuntu scanner with only the metadata downloaded to determine the server vulnerabilities. Then you can run the Ubuntu package importer to import only those packages that are required by managed servers. This practice saves you storage space as well as scan and remediation processing time.

This documentation contains information about how to import Ubuntu metadata and packages, scan for vulnerabilities, and install Ubuntu package updates using patch policies.