Free Trial
Products Products
MSP360 Backup Backup and Recovery
MSP360 Backup Backup and Recovery
Overview
back up DATA FROM
Windows VMware/Hyper-V MacOS Microsoft 365 Linux Google Workspace
BACK UP DATA TO
AWS Google Wasabi Azure B2 Local
MSP360 RMM IT Management MSP360 Connect included
MSP360 RMM IT Management
Overview
MONITOR AND MANAGE
Windows macOS Linux
Prevent cyber threats
Endpoint threat prevention and protection (powered by Deep Instinct)
MSP360 Connect Remote Access
MSP360 Connect Remote Access
Overview
Connect FROM
Windows Android MacOS iOS
Connect TO
Windows MacOS
Pricing
Pricing Pricing
MSPs Internal IT
Solutions Solutions
Business type
Industries
MSP IT Departments Small Busness
Healthcare Education
Business type
MSP IT Departments Small Busness
INDUSTRIES
Healthcare Education
use cases
ENDPOINT PROTECTION
Ransomware Protection Endpoint Threatbr
Prevention and Protection
powered by Deep Instinct
Remote Access
Web-Based Remote Access Remote Support Remote Access Remote Work Remote Collaboration
IT Management
Patch Management Monitoring and Alerting Remote Device Management SNMP Monitoring
Backup and Recovery
Server Backup Backup for Windows Backup to AWS Desktop Backup Backup for MacOS Backup to Wasabi File Backup Backup for Linux Backup to B2 Image-Based Backup Backup for VMware/Hyper-V Backup to Azure SQL Server Backup Backup for Google Workspace (GSuite) Backup to Google Cloud Synology NAS Backup Backup for Microsoft 365 (O365) Back Up Locally Recovery
Not sure if MSP360 is for you?
Request a Call
Resources Resources
MSP University Blog Whitepapers and Assets Videos Webinars Events Customer Stories Forum
Support Support
US-Based Support My Cases Open a Case Knowledge Base Online Help
Partners Partners
technology partners
AWS Wasabi Backblaze Google Cloud Microsoft Azure Deep Instinct
Partners
Resellers Distributors Become a Partner
ALLIANCE PARTNERS
Leet Cyber Security
Company Company
About Legal Information Events Careers Leadership Team Contact Us Trust Center
Other Guides

MSP Business

HIDE BAR SHOW BAR
LESSON 1
The Basics of Managing Your Linux System
LESSON 2
Linux Server Hardening: Best Practices
LESSON 3
Guide to Linux Patch Management
LESSON 4
Best Linux Distributions for SMBs and MSPs
ON-DEMAND CONTENT
Downloadable Assets

Guide to Linux Patch Management

This article overviews Linux patch management best practices, scheduling and prioritizing options, and how to handle the most common issues that arise while patching the Linux distros.

What Is Patching in Linux?

Patching serves as a way to update Linux systems, and keep them secure. As new vulnerabilities are recognized, software developers release fixes, available via update. It’s imperative that these patches are applied to your system regularly to keep your data secured, and to minimize the risk of malicious impact.

Patches are released for performance purposes as well. Over time, developers add features, streamline processes inside the OS and enhance compatibility between the OS and the software. Updated software is posted to repositories, available for patching. Installing these patches will help to keep your system performing at its best and running efficiently.

How to Patch via RPM

The most effective way to install patches is via RPM or RPM Package Manager. RPM is a free package management system available to all Linux distributions. The most important advantage of patching via RPM is that these packages are verified for integrity using GPG and MD5 checksums. RPMs are most often hosted by central databases on the internet, referred to as RPM repositories.

Red Hat Enterprise Linux and Fedora-based Distribution Patching

The default RPM package manager for Red Hat and Fedora-based systems is yum (Yellowdog Updater, Modified).

To update the entire operating system, the following command can be used:

  • yum update

To run an update on a specific package, use this command:

  • yum update <package-name>

This one is used to entirely remove a package in case it’s damaged, and the patch was not released yet:

  • yum remove <package-name>

Debian-Based Distribution Patching

Debian-based Linux distributions, such as Ubuntu, use APT as the default package manager. APT, or the Advanced Package Tool, uses the apt-get command to install, remove, and update packages.

To run an update on the entire system, use these commands:

  • apt-get update - Syncs packages with sources. Verifies the right files will be installed
  • apt-get upgrade - Downloads and installs updates across all software packages.

To update a current package to the latest version, or install one that is not released yet, the following command can be used:

  • apt-get install <package-name>

To remove an installed package, use the following command:

  • apt-get remove <package-name>

Again, undesirable packages should be removed with this command until they are confirmed.

Linux Patching Best Practices

Among best practices for Linux patching, there are patch scheduling, prioritization, regular updates, and obtaining patches from trustworthy sources.

The best method to apply these practices is to have a set Standard of Procedures for patching, the written down tested step-by-step instructions on how to apply patches to your Linux. Here’s an overview of each of the best patching practices.

Schedule Your Patches Appropriately

You should have a set schedule of how often patches are looked for and run. If there is no schedule at all - critical updates may be missed, and important updates may be forgotten entirely. Additionally, checking for and installing patches every day can be a waste of bandwidth, time, and resources.

A good idea is to set up a weekly review of patches. However, if urgent issues arise, install these patches immediately to protect your systems.

Separate Critical Patches from Performance-Based Updates

Security-related patches should be deployed immediately, however, other types should be reviewed prior to implementation. General software and system updates, as with any other piece of software, can have bugs and other issues. Waiting on the general public to stress-test this software a bit before you install it on your own system is a good idea.

A general rule would be to wait up to one month after non-essential software has been released before installing patches.

Update from RPM Repositories

To make sure that patches you install are obtained from trustworthy sources, apply those listed in RPM repositories. Software packages listed in reputable repositories can be trusted, and downloads are verified using MD5 checksums.

Set Up Notification Processes

Notifications can be scheduled so that when important security-related patches are released to the public, you know right away. The sooner you know that patches have been released, the sooner you can apply them to your system.

Red Hat offers an email subscription for security issue notification. Subscribe to their mailing list to get timely alerts.

The Debian-based Ubuntu distribution uses an RSS feed to send users security notices.

If you use third-party software, make sure that you’ve set up alerts as well.

Common Issues with Patches

Buggy Updates

Bugs are inevitable, despite the software being tested regularly before an official release. Here are things that can be done about a buggy update:

  • Review and test non-essential updates several times prior to releasing them
  • Plan regular backups to roll back in case the patch causes any undesirable effects.
  • If you are able to figure out which patch is causing your issues, you can try uninstalling the specific software package and installing a fresh copy.

Learn more about how to properly back up your Linux system: New call-to-action

Patches That Affect System Productivity

To ensure business continuity, consider running significant updates after business hours or during the weekends. It might be time-consuming, but these efforts will pay off.

Be sure to be available as the system is put back to work again following a patch application. If bugs or software changes are going to affect productivity, you should be prepared to respond immediately.

Major Software Changes

To be prepared for major changes, system administrators should read through the release notes before applying patches. If the release notes indicate major changes, administrators should wait to apply this patch at a time that will have the softest impact. Additionally, a little internet research may reveal more information on software changes and an explanation on how to use the newest software.

New call-to-action

Updated Software that Uses More Resources

When a software patch adds new features, an increased load is eventually put on server resources. Eventually, over time, you may see a system slow-down.

Here are some ways to combat running out or resources:

  • Upgrade resources that can trigger a slow-down.
  • Over time, all systems need to be upgraded. Have an upgrade plan in place ahead of time for when the day comes.
  • Consider virtualization. Computing resource management is a lot easier and more configurable when your servers are virtualized.

No matter how you combat it - it’s best to be prepared - no one should be caught by surprise by running out of resources.

Conclusion

Every Linux system administrator makes decisions about software patches weekly, if not more often. Administrators need to be knowledgeable about the best practices and common pitfalls of Linux patching. Having a Standard of Procedures for how to handle the patching process is essential for each Linux system.

These procedures should include scheduling patches appropriately and understanding their priority. Notifications should be in place for when urgent patches are released. On top of all this, system administrators need to know for sure that patches are coming from reputable sources.

Plans need to be in place for how to handle update issues, such as buggy patches and ones that cause confusion due to changes in the interface. Patches should be applied at times that don’t affect business production. Finally - plans should be in place for when patched software requires more resources than your system can provide.

System administrators who have a Standard of Procedures in place to take on these items will be prepared to control each scenario that comes their way!

FREE WHITEPAPER
Linux Management Best Practices
  • Best practices in system setup and management
  • Ways to properly secure your Linux system
  • Guide to optimal file structure organization
New call-to-action
WP icon