LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (https://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   How often do you patch in your company/organization? (https://www.linuxquestions.org/questions/linux-enterprise-47/how-often-do-you-patch-in-your-company-organization-4175686281/)

borgware 12-04-2020 02:35 PM
How often do you patch in your company/organization?
 
Greetings!

We have around 3500 Linux servers to maintain and upper management has decided to implement very aggressive patching schedule. So my question is how often do you patch per month/quarter/year in your company? Asking for a friend :rolleyes:

Thank you in advance.

Timothy Miller 12-04-2020 02:38 PM
Monthly. We patch the day after patch Tuesday, even our linux machines, then reboot the next morning (giving the Windows machines plenty of time to install patches).

boughtonp 12-04-2020 04:16 PM
Quote:
Originally Posted by borgware (Post 6191753)
upper management has decided to implement very aggressive patching schedule
Why does upper management think setting the patching schedule is part of their job description?

Whoever sets the schedule, if it's impacting other work, make it clear that those tasks are being inhibited - if the response is that the patching still needs to happen then you need ways to mitigate its impact - better automation, more people, whatever.

MadeInGermany 12-08-2020 12:16 PM
Update all servers at a monthly maintenance weekend.
On special wish (e.g. a weekend production run) certain servers are excluded, and will get higher priority at the next maintenance.

pan64 12-08-2020 12:43 PM
I guess we have [much] more than 3500 servers and I think I have no information about all of them. At least we have no unified solution. We have a lot of projects with different requirements.
We have monthly maintenance weekend too, but we have also servers with outdated software and sometimes we apply urgent patches.
(we did develop software on unsupported hardware running unsupported OS and using unsupported compiler - unsupported means: years after the end of any kind of support).

JockVSJock 02-10-2021 07:21 PM
For one company where we used RHEL, infosec and management wanted to patch daily...believe it or not. I had RH Satellite to patch mngt, and they would not allow for automation tools like Ansible, because "mgnt would lose control." So because of this, I told them I would only patch once per week, unless it was a critical patch like Heartbleed or Spector level stuff.

Another company I worked for was more reasonable. We would roll up the patches and updates from the previous month via Spacewalk (while it was still around) and then pick a date in the current month to apply them to RHEL, via Ansible.


All times are GMT -5. The time now is 04:07 AM.