Linux Patching

nina Administrator Posts: 428 admin
edited June 20 in Patch Management

If you currently patch your Linux managed devices... then this poll is for YOU.

We would also love to know:

- Which distros do you patch? How often?

- Do you patch manually or automatically?

- Do you use built-in commands or any third party tools?

- Do you patch all updates/critical/software?

- How do you track the success/failure of the installation?

Linux Patching 5 votes

I patch on a set schedule
cyrusdyoderdaniel.gormleyrahn 3 votes
I do it sometimes
I don't do it... yet!
cwren 1 vote
This is something I need
gwallace 1 vote


  • dyoder
    dyoder Member Posts: 52 ✭✭✭
    I patch on a set schedule

    I almost exclusively patch Debian and Ubuntu. I run patches once a month, or unless there's an urgent CVE that surfaces outside my patch schedule.

    I currently patch manually because Atera cannot patch automatically - this is annoying because about 10% of my total endpoints are Linux servers.

    I use built-in commands packaged in a script. I used to use Webmin, but did away with that to minimize resource utilization, attack surface area, and unnecessary dependencies.

    I typically patch everything. I'm proficient enough in most Debian Linux distributions to fix problems with updating. But for some packages, like PHP or a database, I'll version lock those so they only receive security updates, but not major versions which can introduce unwanted changes and/or incompatibility.

    I track success individually on each endpoint and test service functionality post-update. I also rely on apt logs and querying systemctl to show me errors.

    I do have a problem with Atera's Linux agent, and it prevents me from installing it on any production Linux servers. Atera's Linux agent has several dependencies - namely the .NET framework. This is a large package that introduces unwanted packages on managed Linux servers and increases resource utilization. Since most of the servers I manage are low cost cloud instances, this means resource contention is high and anything that consumes resources is very much unwanted. I understand Atera's desire to keep a similar codebase, but Linux is not Windows, and there's no need to install Windows dependencies on Linux to manage things in the Linux space. If Atera's Linux agent gets a rewrite in a native language that can be deployed with no (or very limited) dependencies, I would be willing to try it again - but as it is now I'd rather not use it.

  • nina
    nina Administrator Posts: 428 admin

    Thank you everyone for your input!

  • nina
    nina Administrator Posts: 428 admin

    Hi Community! Quick update: Linux patching is now live!