Get started > Key concepts > Features > Patch management for Ubuntu

Patch management for Ubuntu

HPE Server Automation patch management for Ubuntu enables you to identify, install, and remove Ubuntu Debian package updates, and maintain a high level of security across managed servers in your organization. You can identify and install Ubuntu packages that protect against security vulnerabilities for the SA-supported Managed Server platforms.

SA automates the key aspects of patch management while offering a fine degree of control over how and under what conditions Ubuntu packages are installed. By automating the patching process, patch management can reduce the amount of downtime required for patching. SA also allows you to schedule patch activity, so that patching occurs during off-peak hours.

With Ubuntu patching in SA, you can import the metadata before importing the binary packages. You can run the Ubuntu scanner with only the metadata downloaded to determine the server vulnerabilities. Then you can run the Ubuntu package importer to import only those packages that are required by managed servers. This practice saves you storage space as well as scan and remediation processing time.

The Ubuntu Patch Management documentation contains information about how to import Ubuntu metadata and packages, scan for vulnerabilities, and install Ubuntu package updates using patch policies.

SA automates Ubuntu patching by providing the following features and capabilities:

  • A central repository where packages are stored and organized in their native formats.
  • A database that stores information about every package that has been applied.
  • Dynamic Patch Policies that analyze platform vulnerabilities based on the latest metadata from the vendor.
  • Advanced search abilities that identify servers that require package updates.
  • Auditing abilities for tracking the deployment of important package updates.

See the SA 10.51 Use section for more information.