How often do you patch in your company/organization?
Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How often do you patch in your company/organization?
Greetings!
We have around 3500 Linux servers to maintain and upper management has decided to implement very aggressive patching schedule. So my question is how often do you patch per month/quarter/year in your company? Asking for a friend
Monthly. We patch the day after patch Tuesday, even our linux machines, then reboot the next morning (giving the Windows machines plenty of time to install patches).
upper management has decided to implement very aggressive patching schedule
Why does upper management think setting the patching schedule is part of their job description?
Whoever sets the schedule, if it's impacting other work, make it clear that those tasks are being inhibited - if the response is that the patching still needs to happen then you need ways to mitigate its impact - better automation, more people, whatever.
Update all servers at a monthly maintenance weekend.
On special wish (e.g. a weekend production run) certain servers are excluded, and will get higher priority at the next maintenance.
I guess we have [much] more than 3500 servers and I think I have no information about all of them. At least we have no unified solution. We have a lot of projects with different requirements.
We have monthly maintenance weekend too, but we have also servers with outdated software and sometimes we apply urgent patches.
(we did develop software on unsupported hardware running unsupported OS and using unsupported compiler - unsupported means: years after the end of any kind of support).
For one company where we used RHEL, infosec and management wanted to patch daily...believe it or not. I had RH Satellite to patch mngt, and they would not allow for automation tools like Ansible, because "mgnt would lose control." So because of this, I told them I would only patch once per week, unless it was a critical patch like Heartbleed or Spector level stuff.
Another company I worked for was more reasonable. We would roll up the patches and updates from the previous month via Spacewalk (while it was still around) and then pick a date in the current month to apply them to RHEL, via Ansible.
Last edited by JockVSJock; 02-11-2021 at 06:27 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.