Altiris™ Patch Management Solution for Linux 7.1 from Symantec

Altiris™ Patch Management Solution for Linux 7.1 from Symantec
Altiris™ Patch Management
Solution for Linux 7.1 from
Symantec™ User Guide
Altiris™ Patch Management Solution for Linux 7.1 from
Symantec™ User Guide
The software described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.
Legal Notice
Copyright © 2011 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, Altiris, and any Altiris or Symantec trademarks used in the
product are trademarks or registered trademarks of Symantec Corporation or its affiliates
in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical
Support’s primary role is to respond to specific queries about product features
and functionality. The Technical Support group also creates content for our online
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. For example, the Technical Support group works with Product Engineering
and Symantec Security Response to provide alerting services and virus definition
updates.
Symantec’s support offerings include the following:
■
A range of support options that give you the flexibility to select the right
amount of service for any size organization
■
Telephone and/or web-based support that provides rapid response and
up-to-the-minute information
■
Upgrade assurance that delivers software upgrades
■
Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
■
Premium service offerings that include Account Management Services
For information about Symantec’s support offerings, you can visit our web site
at the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support
information at the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
■
Product release level
■
Hardware information
■
Available memory, disk space, and NIC information
■
Operating system
■
Version and patch level
■
Network topology
■
Router, gateway, and IP address information
■
Problem description:
■
Error messages and log files
■
Troubleshooting that was performed before contacting Symantec
■
Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registration or a license key, access our technical
support web page at the following URL:
www.symantec.com/business/support/
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
■
Questions regarding product licensing or serialization
■
Product registration updates, such as address or name changes
■
General product information (features, language availability, local dealers)
■
Latest information about product updates and upgrades
■
Information about upgrade assurance and support contracts
■
Information about the Symantec Buying Programs
■
Advice about Symantec's technical support options
■
Nontechnical presales questions
■
Issues that are related to CD-ROMs or manuals
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
Asia-Pacific and Japan
[email protected]
Europe, Middle-East, and Africa
[email protected]tec.com
North America and Latin America
[email protected]
Additional enterprise services
Symantec offers a comprehensive set of services that allow you to maximize your
investment in Symantec products and to develop your knowledge, expertise, and
global insight, which enable you to manage your business risks proactively.
Enterprise services that are available include the following:
Managed Services
Managed Services remove the burden of managing and monitoring security
devices and events, ensuring rapid response to real threats.
Consulting Services
Symantec Consulting Services provide on-site technical expertise from
Symantec and its trusted partners. Symantec Consulting Services offer a variety
of prepackaged and customizable options that include assessment, design,
implementation, monitoring, and management capabilities. Each is focused on
establishing and maintaining the integrity and availability of your IT resources.
Education Services
Education Services provide a full array of technical training, security education,
security certification, and awareness communication programs.
To access more information about enterprise services, please visit our web site
at the following URL:
www.symantec.com/business/services/
Select your country or language from the site index.
Contents
Technical Support ............................................................................................... 3
Chapter 1
Introducing Patch Management Solution for
Linux ................................................................................
11
About Patch Management Solution for Linux .................................... 11
What's new in Patch Management Solution for Linux 7.1 ..................... 12
Where to get more information ....................................................... 12
Chapter 2
Implementing Patch Management Solution for
Linux ................................................................................
15
Implementing Patch Management Solution for Linux ......................... 15
Chapter 3
Chapter 4
Chapter 5
Installing Patch Management Solution for
Linux ................................................................................
17
Prerequisites for Patch Management Solution ...................................
Platforms supported by Patch Management Solution for Linux .............
Installing Patch Management Solution .............................................
Upgrading Patch Management Solution ...........................................
Uninstalling Patch Management Solution .........................................
Licensing Patch Management Solution .............................................
17
18
18
18
19
19
Installing the Software Update Plug-in .......................... 21
About the software update plug-in ..................................................
Installing the software update plug-in ..............................................
Upgrading the software update plug-in ............................................
Uninstalling the software update plug-in ..........................................
21
21
22
22
Configuring Patch Management Solution for
Linux ................................................................................
25
Configuring patch management Core Services settings .......................
Creating and assigning custom severity levels ...................................
Configuring vendor settings ...........................................................
Configuring software updates installation settings ............................
25
26
27
27
8
Contents
Configuring the inventory and vulnerabilities checking interval ..........
Core Services page .......................................................................
Vendor settings page ....................................................................
Default Software Update Plug-in Settings page ..................................
Chapter 6
Configuring Patch Management Solution server
tasks ................................................................................. 33
About Patch Management Solution server tasks .................................
Downloading the software updates catalog .......................................
Checking the integrity of software update packages ...........................
Import Patch Data for Novell and Import Patch Data for Red Hat
pages ...................................................................................
Chapter 7
36
37
38
38
39
41
41
41
43
Using Patch Management Solution reports ................... 45
About Patch Management Solution reports .......................................
About compliance reports ..............................................................
About diagnostic reports ...............................................................
About remediation status reports ....................................................
About software bulletin reports .....................................................
About the Patch Management Solution for Linux home page ................
Viewing Patch Management Solution reports ....................................
Chapter 9
33
34
35
Staging and distributing software updates ................... 37
About errata and patches ...............................................................
About staging and distributing software updates ...............................
Staging errata and patches ............................................................
Distributing software updates ........................................................
Viewing the software update delivery summary report .......................
About software update policies and maintenance windows ..................
Patch Remediation Center page ......................................................
Software Update Policy Wizard pages ..............................................
Chapter 8
27
28
29
32
45
46
47
47
47
47
48
Replicating Patch Management Solution for Linux
data in hierarchy ........................................................... 51
About replicating Patch Management Solution for Linux data .............. 51
Appendix A
Technical reference
............................................................ 53
About hierarchy and data replication direction .................................. 53
About Patch Management Solution security roles .............................. 55
Contents
Index
.................................................................................................................... 57
9
10
Contents
Chapter
1
Introducing Patch
Management Solution for
Linux
This chapter includes the following topics:
■
About Patch Management Solution for Linux
■
What's new in Patch Management Solution for Linux 7.1
■
Where to get more information
About Patch Management Solution for Linux
Patch Management Solution for Linux lets you scan Red Hat and Novell Linux
computers for security vulnerabilities. The solution then reports on the findings
and lets you automate the downloading and distribution of needed software
updates. Only SUSE updates are supported for Novell. This solution downloads
the required software updates and provides wizards to help you deploy them.
During configuration, you can set up an automatic update schedule to ensure that
managed computers are up-to-date and protected on an on-going basis.
See “Platforms supported by Patch Management Solution for Linux” on page 18.
See “Implementing Patch Management Solution for Linux” on page 15.
12
Introducing Patch Management Solution for Linux
What's new in Patch Management Solution for Linux 7.1
What's new in Patch Management Solution for Linux
7.1
In the 7.1 release of Patch Management Solution for Linux, the following new
features are introduced:
■
Removed entitlement check for the client computers.
Valid entitlement information is no longer required for the software update
plug-in installation and for rolling out the software updates. You can now
patch the Linux clients that do not have access to the Internet. Now you can
import all software update channels from the vendor, regardless of the
operating systems that have been found in your environment.
■
The solution supports standard hierarchy editable properties.
This feature lets you define which settings of replicated policies the child
Notification Server administrators can modify.
■
Hierarchy improvements.
Improved performance of hierarchy-related reports. Policies now use native
Notification Server replication rules.
Where to get more information
Use the following documentation resources to learn about and use this product.
Table 1-1
Documentation resources
Document
Description
Location
Release Notes
Information about new
features and important
issues.
The Product Support page, which is available at the following URL:
http://www.symantec.com/business/support/all_products.jsp
When you open your product's support page, look for the
Documentation link on the right side of the page.
User Guide
Information about how
to use this product,
including detailed
technical information
and instructions for
performing common
tasks.
The Documentation Library, which is available in the Symantec
Management Console on the Help menu.
■ The Product Support page, which is available at the following URL:
http://www.symantec.com/business/support/all_products.jsp
When you open your product’s support page, look for the
Documentation link on the right side of the page.
■
Introducing Patch Management Solution for Linux
Where to get more information
Table 1-1
Documentation resources (continued)
Document
Description
Location
Help
Information about how
to use this product,
including detailed
technical information
and instructions for
performing common
tasks.
The Documentation Library, which is available in the Symantec
Management Console on the Help menu.
Context-sensitive help is available for most screens in the Symantec
Management Console.
You can open context-sensitive help in the following ways:
■
The F1 key when the page is active.
Help is available at the ■ The Context command, which is available in the Symantec
Management Console on the Help menu.
solution level and at the
suite level.
This information is
available in HTML help
format.
In addition to the product documentation, you can use the following resources to
learn about Symantec products.
Table 1-2
Symantec product information resources
Resource
Description
Location
SymWISE
Support
Knowledgebase
Articles, incidents, and
issues about Symantec
products.
http://www.symantec.com/business/theme.jsp?themeid=support-knowledgebase
Symantec
Connect
An online resource that http://www.symantec.com/connect/endpoint-management
contains forums, articles,
blogs, downloads, events,
videos, groups, and ideas
for users of Symantec
products.
13
14
Introducing Patch Management Solution for Linux
Where to get more information
Chapter
2
Implementing Patch
Management Solution for
Linux
This chapter includes the following topics:
■
Implementing Patch Management Solution for Linux
Implementing Patch Management Solution for Linux
Patch Management Solution for Linux requires some components to be configured
or enabled before others to function correctly. The recommended workflow is as
follows:
To implement Patch Management Solution for Linux
1
Install or upgrade the solution.
See “Installing Patch Management Solution” on page 18.
See “Upgrading Patch Management Solution” on page 18.
2
Install or upgrade the Symantec Management Agent for UNIX, Linux, and
Mac on every computer to which you want to send patches.
For more information, see topics about installing or upgrading the Symantec
Management Agent for UNIX, Linux, and Mac in the Symantec Management
Platform User Guide.
See “Where to get more information” on page 12.
16
Implementing Patch Management Solution for Linux
Implementing Patch Management Solution for Linux
3
Install or upgrade the software update plug-in.
See “Installing the software update plug-in” on page 21.
See “Upgrading the software update plug-in” on page 22.
4
(Optional) Configure the Patch Management Solution core settings.
See “Configuring patch management Core Services settings” on page 25.
5
Type Novell Mirror Credentials and Red Hat Network account credentials.
See “Configuring vendor settings” on page 27.
6
Configure when do you want to install patches and errata.
See “Configuring software updates installation settings ” on page 27.
7
Configure how often do you want to check for vulnerabilities.
See “Configuring the inventory and vulnerabilities checking interval ”
on page 27.
8
Download the Novell patches and Red Hat errata catalog.
See “Downloading the software updates catalog” on page 34.
9
View which software updates you need to install, and then stage errata and
patches.
See “Staging errata and patches” on page 38.
10 Distribute errata and patches.
See “Distributing software updates” on page 39.
11 Evaluate the results by running the Software Update Delivery Summary
report and revisiting compliance reports.
See “Viewing the software update delivery summary report ” on page 41.
See “Viewing Patch Management Solution reports” on page 48.
Chapter
3
Installing Patch
Management Solution for
Linux
This chapter includes the following topics:
■
Prerequisites for Patch Management Solution
■
Platforms supported by Patch Management Solution for Linux
■
Installing Patch Management Solution
■
Upgrading Patch Management Solution
■
Uninstalling Patch Management Solution
■
Licensing Patch Management Solution
Prerequisites for Patch Management Solution
Patch Management Solution requires the following:
■
Symantec Management Platform 7.1.
For more information, see topics about system requirements for Symantec
Management Platform in the Symantec Management Platform Installation
Guide.
When you install or upgrade Patch Management Solution through the Symantec
Installation Manager, Symantec Management Platform is installed automatically.
See “Installing Patch Management Solution” on page 18.
18
Installing Patch Management Solution for Linux
Platforms supported by Patch Management Solution for Linux
Platforms supported by Patch Management Solution
for Linux
The Patch Management Solution for Linux component of Patch Management
Solution supports the following operating systems:
■
SUSE Linux Enterprise Server 10 and 11 x86, x86_64
■
SUSE Linux Enterprise Desktop 10 and 11 x86, x86_64
■
Red Hat Enterprise Linux AS/WS/ES 4 x86, x86_64
■
Red Hat Enterprise Linux Server 5 x86, x86_64
■
Red Hat Enterprise Linux Desktop 5 x86, x86_64
Installing Patch Management Solution
Starting from version 7.1, the Patch Management Solution installation includes
the following components:
■
Patch Management Solution for Windows
■
Patch Management Solution for Linux
■
Patch Management Solution for Mac
You install this product by using the Symantec Installation Manager. You can
download the installation files directly to your server or you can create offline
installation packages.
For details, see the ITMS 7.1 Implementation Guide at
http://www.symantec.com/docs/DOC3464.
Upgrading Patch Management Solution
You upgrade this product by using the Symantec Installation Manager. You can
download the installation files directly to your server or you can create offline
installation packages.
For details, see the ITMS 7.1 Implementation Guide at
http://www.symantec.com/docs/DOC3464.
After you upgrade the solution, you must upgrade the Symantec Management
Agent, and the software update plug-in that are installed on the managed
computers.
Installing Patch Management Solution for Linux
Uninstalling Patch Management Solution
For more information about upgrading the Symantec Management Agent, see
Symantec Management Platform User Guide.
See “Upgrading the software update plug-in” on page 22.
Uninstalling Patch Management Solution
Use the Symantec Installation Manager to uninstall this product.
Licensing Patch Management Solution
Each Symantec product comes with a seven-day trial license that is installed by
default. You can register and obtain a 30-day evaluation license through the
Symantec Web site at http://www.symantec.com/business/products/activating/
or purchase a full product license.
Use the Symantec Installation Manager to install licenses.
19
20
Installing Patch Management Solution for Linux
Licensing Patch Management Solution
Chapter
4
Installing the Software
Update Plug-in
This chapter includes the following topics:
■
About the software update plug-in
■
Installing the software update plug-in
■
Upgrading the software update plug-in
■
Uninstalling the software update plug-in
About the software update plug-in
The software update plug-in manages patch management functionality on a client
computer. When a client computer requires a certain software update, the update
is sent to the software update plug-in. The software update plug-in ensures that
the update is applicable and not already installed, and then installs it.
See “Installing the software update plug-in” on page 21.
Installing the software update plug-in
The software update plug-in manages all of the Patch Management Solution
functionality on a client computer.
See “About the software update plug-in” on page 21.
22
Installing the Software Update Plug-in
Upgrading the software update plug-in
Note: If you have a large number of computers on which to install the software
update plug-in, consider deploying it during off-peak hours to minimize network
traffic. Deploying the software update plug-in can take some time, depending on
the number of managed computers and the Symantec Management Agent settings.
To install the software update plug-in
1
In the Symantec Management Console, on the Settings menu, click
Agents/Plug-ins > All Agents/Plug-ins.
2
In the left pane, click Software > Patch Management > Software Update
Plug-in Install.
3
(Optional) In the right pane, make any wanted changes.
For help, press F1 or click Help > Context.
4
Turn on the policy.
5
Click Save changes.
Upgrading the software update plug-in
If you upgraded Patch Management Solution from a previous version, you must
also upgrade the software update plug-ins that are installed on the target
computers.
See “About the software update plug-in” on page 21.
To upgrade the software update plug-in
1
In the Symantec Management Console, on the Settings menu, click
Agents/Plug-ins > All Agents/Plug-ins.
2
In the left pane, click Software > Patch Management > Software Update
Plug-in Upgrade.
3
(Optional) In the right pane, make any wanted changes.
For help, press F1 or click Help > Context.
4
Turn on the policy.
5
Click Save changes.
Uninstalling the software update plug-in
You can uninstall the software update plug-in if there is an extended period of
time when you do not want to use the patch management features on a managed
computer and you want to eliminate any overhead that is caused by the plug-in.
Installing the Software Update Plug-in
Uninstalling the software update plug-in
See “About the software update plug-in” on page 21.
Note: Ensure that the Software Update Plug-in Install policy is turned off before
uninstalling the software update plug-in.
See “Installing the software update plug-in” on page 21.
To uninstall the software update plug-in
1
In the Symantec Management Console, on the Settings menu, click
Agents/Plug-ins > All Agents/Plug-ins.
2
In the left pane, click Software > Patch Management > Software Update
Plug-in Uninstall.
3
(Optional) In the right pane, make any wanted changes.
For help, press F1 or click Help > Context.
4
Turn on the policy.
5
Click Save changes.
23
24
Installing the Software Update Plug-in
Uninstalling the software update plug-in
Chapter
5
Configuring Patch
Management Solution for
Linux
This chapter includes the following topics:
■
Configuring patch management Core Services settings
■
Creating and assigning custom severity levels
■
Configuring vendor settings
■
Configuring software updates installation settings
■
Configuring the inventory and vulnerabilities checking interval
■
Core Services page
■
Vendor settings page
■
Default Software Update Plug-in Settings page
Configuring patch management Core Services settings
On the Core Services page you can configure to which location the software
updates should be downloaded. You can also create custom severity levels to apply
to software updates.
The settings that you configure on the Core Services page apply to Windows and
Linux components of Patch Management Solution.
26
Configuring Patch Management Solution for Linux
Creating and assigning custom severity levels
To configure patch management Core Services settings
1
In the Symantec Management Console, on the Settings menu, click All
Settings.
2
In the left pane, click Software > Patch Management > Core Services.
3
In the right pane, make any wanted changes.
See “Core Services page” on page 28.
4
Click Save Changes.
Creating and assigning custom severity levels
Errata or patches deemed critical may not necessarily be critical in your
environment. You can create your own custom severity levels and assign them to
errata and patches.
You first create custom severity levels, and then assign them to bulletins. You
cannot alter the vendor-specified severity levels, only custom severity levels.
See “About errata and patches” on page 37.
To create a custom severity level
1
In the Symantec Management Console, on the Settings menu, click All
Settings.
2
In the left pane, click Software > Patch Management > Core Services.
3
In the right pane, click the Custom Severity tab.
4
In the Severity Level box, type the name that you want to give the custom
severity level. For example, "Install right away!"
5
Click Add.
6
Click Move Up or Move Down to position custom severity levels in the list.
7
Click Save Changes.
To assign a custom severity level to a software bulletin
1
In the Symantec Management Console, on the Actions menu, click Software
> Patch Remediation Center.
2
On the Patch Remediation Center page, in the software bulletin list,
right-click on a software bulletin, and then click Custom Severity.
3
Click a severity level.
4
Click Refresh to view the new data in the Custom Severity column.
Configuring Patch Management Solution for Linux
Configuring vendor settings
Configuring vendor settings
You can set up how you want software updates distributed.
See “About errata and patches” on page 37.
To configure vendor settings
1
In the Symantec Management Console, on the Settings menu, click All
Settings.
2
In the left pane, click Software > Patch Management.
3
Do one of the following:
4
■
Click Novell Settings > Novell.
■
Click Red Hat Settings > Red Hat.
In the right pane, make any wanted changes.
See “Vendor settings page” on page 29.
5
Click Save changes.
Configuring software updates installation settings
You can configure when the software update plug-in installs the software updates
and when to restart the target computer.
See “About the software update plug-in” on page 21.
To configure the software updates installation settings
1
In the Symantec Management Console, on the Settings menu, click
Agents/Plug-ins > All Agents/Plug-ins.
2
In the left pane, click Software > Patch Management > Linux > Default
Software Update Plug-in Settings.
3
In the right pane, configure when and how do you want to install updates.
See “Default Software Update Plug-in Settings page” on page 32.
4
Click Save changes.
Configuring the inventory and vulnerabilities checking
interval
Vulnerability analysis let you periodically inventory operating systems,
applications, and installed patches on managed computers with the software
27
28
Configuring Patch Management Solution for Linux
Core Services page
update plug-in installed. Vulnerability information is then used to determine
which software updates the managed computer requires. Based on this information,
filters are automatically created to assist with the targeting of software update
policies.
You can configure how often you want to gather installed software updates
information and check for vulnerabilities.
To configure the vulnerabilities checking interval
1
In the Symantec Management Console, on the Settings menu, click All
Settings.
2
In the left pane, click Software > Patch Management > Linux Vulnerability
Analysis
3
In the right pane, in the Scan interval box, specify how often to report back
inventory on the vulnerability of managed computers.
4
Do not change the targeted filter from All Linux Computers with Software
Update Plug-in Installed Target unless you have a specific reason to do so.
5
Click Save changes.
Core Services page
The Core Services page lets you configure to which location the software updates
should be downloaded. You can also create custom severity levels to apply to
software updates.
(Patch Management Solution for Windows only) You can select any additional
languages that you want to download with the Patch Management Import task.
The settings that are defined on this page apply to Windows and Linux components
of Patch Management Solution.
See “About errata and patches” on page 37.
See “Configuring patch management Core Services settings” on page 25.
See “Creating and assigning custom severity levels” on page 26.
Table 5-1
Options on the Core Services page
Option
Description
Managed Languages
(Patch Management Solution for Windows only)
Specifies the languages that you want to download.
Configuring Patch Management Solution for Linux
Vendor settings page
Table 5-1
Options on the Core Services page (continued)
Option
Description
To Location
Specifies the location to which you want to download the
software update packages.
The default location is C:\Program Files\Altiris\Patch
Management\Packages\Updates.
If you change the location and you want to relocate existing
software update packages, use the Check Software Update
Package Integrity task.
See “Checking the integrity of software update packages ”
on page 35.
Download from staging (Patch Management Solution for Windows only)
location
Specifies the location to download packages from if you want
to download them from a cache in a different location.
For this functionality to work, the file structure in that location
must be exactly the same as the folder structure under
C:\Program Files\Altiris\Patch Management\Packages\Updates.
Vendor settings page
This page lets you set up how you want vendor software updates distributed.
See “Configuring vendor settings” on page 27.
Some of these settings are used as default values on the Software Update Policy
Wizard page. All new vendor software updates that are downloaded have these
settings by default.
If you change the settings, existing software update policies and packages are not
updated with these defaults. If you want to update existing packages, check Update
newpackagesettingsforalreadydownloadedpackages on the PolicyandPackage
Settings tab.
See “Distributing software updates” on page 39.
Table 5-2
Options on the Software Update Options tab of the vendor settings
page
Option
Description
Verify authenticity of downloaded
Software Updates
Checked by default, this option ensures that all
software updates are certified.
29
30
Configuring Patch Management Solution for Linux
Vendor settings page
Table 5-2
Options on the Software Update Options tab of the vendor settings
page (continued)
Option
Description
Patch Filter Update Interval
Specifies when to update the target filters for all
software updates.
By default, the filter update is performed every 30
minutes.
Software Update Distribution
Options
Table 5-3
The table shows the filter that the policy targets.
The default target is All Linux Computers with
Software Update Plug-in Installed Target.
Options on the Policy and Package Settings tab of the vendor
settings page
Option
Description
Delete packages after
Lets you specify after what time to delete the software
update packages that are no longer needed.
Default: 1 week.
Allow Package Server
distribution
This option is checked by default to ensure that package
servers process software update packages.
For more information on package servers, see the
Symantec Management Platform User Guide.
Assign package to
Lets you select the package distribution method.
For more information on assigning packages to package
servers, see the Symantec Management Platform User
Guide.
Use alternate download location Lets you specify a different location on a package server
on Package Server
to which to download packages.
If you are using Linux Package Servers in your
envirionment, the Windows path that you specify is
converted to UNIX paths automatically.
You must use the trailing slash for the conversion to
work correctly.
For example, C:\path\ is converted to /path/ on Linux
Package Servers.
Use alternate download location This option is disabled for Linux computers.
on client
Configuring Patch Management Solution for Linux
Vendor settings page
Table 5-3
Options on the Policy and Package Settings tab of the vendor
settings page (continued)
Option
Description
Update new package settings for By default, the changes that you make on this page are
already downloaded packages not applied to the packages that have already been
downloaded.
Check this option if you want to update the existing
package settings after you click Save Changes.
Only the packages from the current vendor will be
updated.
Table 5-4
Option
Options on the Programs tab of the vendor settings page
Description
Terminate after Lets you specify a time after which to terminate a running software
update program.
Table 5-5
Option
Options on the Novell Customer Center tab of the vendor settings
page
Description
Novell account credentials (Novell policy only)
Type the Novell mirror credentials.
Patch Management Solution for Linux uses these credentials
to download the software updates catalog from the Novell
Web site.
Table 5-6
Option
Options on the Red Hat Network tab of the vendor settings page
Description
RHN access credentials (Red Hat policy only)
Type the Red Hat Network credentials.
Patch Management Solution for Linux uses these credentials to
download the software updates catalog from the Red Hat Web
site.
All managed computers on the same Notification Server must
use the same Red Hat Network account.
31
32
Configuring Patch Management Solution for Linux
Default Software Update Plug-in Settings page
Default Software Update Plug-in Settings page
This page lets you specify settings for the software update plug-in to use when
you install software updates on managed computers.
By default, the settings that you specify on this page apply to all Linux computers
that have the software update plug-in installed.
See “About the software update plug-in” on page 21.
See “Configuring software updates installation settings ” on page 27.
Options on the Installation Schedules tab of the Default Software
Update Plug-in Settings page
Table 5-7
Option
Description
Schedule
Lets you configure a schedule when software updates
get installed on the managed computer.
Reinstallation attempts after
task failure
Lets you set the number of times Patch Management
Solution should attempt to reinstall a software update
if the initial install attempt fails.
Default: 3 times.
Allow user to run
Lets a user initiate software update installation on the
target Linux computer by running the
aex-patchinstall -i command.
Override maintenance windows Check if you want to use the install options that you
settings
specified in this policy. Uncheck to abide by the
maintenance windows that are specified in Notification
Server configuration policies.
Table 5-8
Options
Options on the Notification tab of the Default Software Update
Plug-in Settings page
Description
Notify user Check if you want to send a message to the users of the computer where a
Patch Management Solution task is about to run. Specify for how long the
message should be displayed before a task is run.
You can type a custom message: for example, “Software updates will install
on your computer in 10 minutes. Please ensure that all work is saved”.
Chapter
6
Configuring Patch
Management Solution
server tasks
This chapter includes the following topics:
■
About Patch Management Solution server tasks
■
Downloading the software updates catalog
■
Checking the integrity of software update packages
■
Import Patch Data for Novell and Import Patch Data for Red Hat pages
About Patch Management Solution server tasks
You must configure server tasks (previously known as background actions) to run
automatically at regular intervals.
Examples of server tasks include Import Patch Data for Novell and Import Patch
Data for Red Hat. Automated server tasks ensure that you have the latest, most
accurate data, and that your software update tasks are kept up to date. To configure
a task to run automatically, set a schedule for it.
The Import Patch Data for Novell and Import Patch Data for Red Hat tasks must
successfully run before you can stage or distribute any software updates for Linux
computers.
These tasks download software updates catalog files and import all software
management resources from these files into the CMDB.
See “Downloading the software updates catalog” on page 34.
34
Configuring Patch Management Solution server tasks
Downloading the software updates catalog
See “Implementing Patch Management Solution for Linux” on page 15.
Other server tasks ensure data integrity or assist in automating software update
distribution processes.
See “Checking the integrity of software update packages ” on page 35.
Downloading the software updates catalog
You must download the Novell and Red Hat software updates catalog (patch
management metadata, or patch management import files) before you can
distribute updates.
See “Implementing Patch Management Solution for Linux” on page 15.
Note: If the Altiris Log Viewer is open, close it before you perform this task. By
closing the viewer, you can improve the task’s performance by as much as 50
percent.
You may want to create a schedule for this task as well. This procedure ensures
that you have the latest, most accurate data, and your software update tasks are
kept up to date. Symantec recommends that you configure the task to run weekly.
To download the software updates catalog immediately
1
In the Symantec Management Console, on the Manage menu, click Jobs and
Tasks.
2
In the left pane, expand Jobs and Tasks > System Jobs and Tasks > Software
> Patch Management.
3
Click one of the following:
■
Import Patch Data for Novell
This task downloads the Novell patches metadata.
■
Import Patch Data for Red Hat
This task downloads the Red Hat errata metadata.
4
In the right pane, click Import channels.
5
When the software channels import is complete, check the channels for which
you want to download the patch management metadata.
6
(Optional) Make any wanted changes.
See “Import Patch Data for Novell and Import Patch Data for Red Hat pages”
on page 36.
7
Click Save changes.
Configuring Patch Management Solution server tasks
Checking the integrity of software update packages
8
Under Task Status, click New Schedule.
9
In the New Schedule dialog box, click Now, and then click Schedule.
To configure a schedule for downloading the software updates catalog
1
On the Import Patch Data for Novell or Import Patch Data for Red Hat page,
under Task Status, click New Schedule.
2
In the New Schedule dialog box, click Schedule, and then configure a schedule
on which to run this task.
Symantec recommends that you configure the task to run weekly.
3
Click Schedule.
Checking the integrity of software update packages
You can verify that software update packages in software update tasks have the
correct global server settings applied. If you changed settings in a vendor policy,
run the Check Software Update Package Integrity task to check that all software
update packages have the correct new settings and values.
See “Configuring vendor settings” on page 27.
The task also relocates the software update packages in case you changed the
default software update package location on the Core Services page.
See “Configuring patch management Core Services settings” on page 25.
To check the integrity of software update packages
1
In the Symantec Management Console, on the Manage menu, click Jobs and
Tasks.
2
In the left pane, expand Jobs and Tasks > System Jobs and Tasks > Software
> Patch Management, and then click Check Software Update Package
Integrity.
3
If you want to delete the downloaded updates that are not part of any software
update policy or belong to a superseded bulletin, check Delete updates from
file system that are no longer in use.
4
If you want to relocate downloaded updates if the Software Update Package
Location has changed, check Relocate existing packages if default Software
Update Package location on Core Service page has changed.
See “Configuring patch management Core Services settings” on page 25.
5
Under Task Status, click New Schedule and specify a schedule on which to
run the task.
35
36
Configuring Patch Management Solution server tasks
Import Patch Data for Novell and Import Patch Data for Red Hat pages
Import Patch Data for Novell and Import Patch Data
for Red Hat pages
This task downloads the software update catalog files and imports all software
management resources from these files into the CMDB. These resources are
necessary for populating the Patch Remediation Center and updating patches
to managed computers. When you download the software update catalog files,
you automatically import all software management resources.
See “Downloading the software updates catalog” on page 34.
Table 6-1
Options on the Import Patch Data page
Option
Description
Incremental Import
Check to import only the updates that have been
added since the last successful import.
Select software channels for import
Lets you choose the operating systems for which
you want to import the updates catalog.
You should check only the operating systems that
are installed on the computers that you want to
manage.
If this is the first time you run this task, you must
click Import channels to download the list of
available software channels.
Automatically revise software update Automatically updates software update policies
policiesa after Patch Management
with the latest data.
Import
Each download of the software update catalog
files may contain data and fixes for existing
software updates. By checking this option, you
can use the new data in existing software update
policies to resolve any known issues with software
updates.
Enable distribution of newly added
software updates
Enables the distribution of the software update
packages that were added to the erratum or patch.
Chapter
7
Staging and distributing
software updates
This chapter includes the following topics:
■
About errata and patches
■
About staging and distributing software updates
■
Staging errata and patches
■
Distributing software updates
■
Viewing the software update delivery summary report
■
About software update policies and maintenance windows
■
Patch Remediation Center page
■
Software Update Policy Wizard pages
About errata and patches
Software bulletins that contain security updates for Red Hat Linux servers are
called errata. Periodically, Red Hat issues the Red Hat Security Advisories (RHSA),
Red Hat Bug Advisories (RHBA), and Red Hat Enhancement Advisories (RHEA),
which are the equivalent of Microsoft software bulletins. The advisories are either
security fixes, bug fixes, or enhancements. Each advisory contains one or more
patches (rpm packages). All the RHSAs, RHBAs, and RHEAs are available at
https://rhn.redhat.com/errata.
Software bulletins that contain SUSE security updates for Novell Linux servers
are called patches. Novell patches for different products may be released several
times in a month.
38
Staging and distributing software updates
About staging and distributing software updates
See “About staging and distributing software updates” on page 38.
About staging and distributing software updates
You stage errata or patches from the Patch Remediation Center page, where all
available software updates are listed.
See “About errata and patches” on page 37.
When you stage an erratum or patch, all associated updates are downloaded to
the Notification Server computer.
When in the All Software Bulletins report, the value in the Staged column changes
to True, all updates for the erratum or patch have been downloaded.
See “Staging errata and patches” on page 38.
After the erratum or patch is staged, you can create software update policies to
distribute the software updates to managed computers.
You cannot create a software update policy unless all updates for a particular
erratum or patch have been downloaded.
To reduce workload on the Notification Server computer, Symantec recommends
that you create software update policies in monthly increments. Including a large
number of errata or patches into a software update policy affects performance
and makes managing updates difficult.
See “Distributing software updates” on page 39.
Warning: Patch Management Solution for Linux does not support the rollout of
kernel updates because the automatic restart functionality is not available. Do
not stage and distribute kernel updates.
Staging errata and patches
You can stage an erratum or patch to download associated updates.
See “About staging and distributing software updates” on page 38.
You can stage all errata or patches. However, Symantec recommends that you
stage only the erratum or patches that the target computers require. On the Patch
Remediation Center page, in the compliance reports, you can view how many
computers require an update.
After the updates are downloaded, you must create a software update policy to
distribute the updates to managed computers.
Staging and distributing software updates
Distributing software updates
See “Distributing software updates” on page 39.
When you stage an erratum or patch, a task is created that downloads the software
updates. You can view the status of this task to troubleshoot downloading of
software updates.
To stage an erratum or patch
1
In the Symantec Management Console, on the Actions menu, click Software
> Patch Remediation Center.
2
In the right pane, in the Show drop-down list, click Red Hat Compliance by
Errata or SUSE Compliance by Announcement, and then click the Refresh
symbol.
These reports let you see which updates the target computers require.
3
Click the errata or patches that you want to stage.
For example, click the errata or patches that have a lower number in the
Compliance column.
4
Right-click the selected errata or patches, and then click Stage.
If the Stage option is not available, the erratum or patch is being staged. If
there is a Software Update Policy Wizard option available in the menu, the
erratum or patch is staged and ready to be distributed.
See “Distributing software updates” on page 39.
To view the status of an erratum or patch download
1
In the Symantec Management Console, on the Manage menu, click Jobs and
Tasks.
2
In the left pane, expand Jobs and Tasks > System Jobs and Tasks > Software
> Patch Management, and then click Download Software Update Package.
3
In the right pane, view the status of download tasks.
Distributing software updates
After you stage errata or patches and download the associated software updates,
you must create software update policies that deploy software updates to the
appropriate computers.
See “Staging errata and patches” on page 38.
The Software Update Policy Wizard page lets you create software update policies.
To reduce workload on the Notification Server computer, Symantec recommends
that you create software update policies in monthly increments. Including a large
39
40
Staging and distributing software updates
Distributing software updates
number of errata or patches into a software update policy affects performance
and makes managing updates difficult.
The policies that you create are stored in the Manage > Policies > Software >
Patch Management > Software Update Policies folder. You can view the details
of the policy and change settings if necessary.
Warning: Patch Management Solution for Linux does not support the rollout of
kernel updates. Do not distribute kernel updates.
To distribute software updates
1
In the Symantec Management Console, on the Actions menu, click Software
> Patch Remediation Center.
2
In the right pane, in the Show drop-down box, click SUSE Compliance by
Announcement or Red Hat Compliance by Errata, and then click the Refresh
symbol.
These reports let you see which updates the target computers require.
3
Click the errata or patches that you want to distribute.
For example, click the errata or patches that have a lower number in the
Compliance column.
4
Right-click the selected errata or patches, and then click Software Update
Policy Wizard.
If the Software Update Policy Wizard option is not available, the erratum
or patch is not staged. You must first stage the erratum or patch.
See “Staging errata and patches” on page 38.
5
(Optional) Configure the settings as needed.
See “Software Update Policy Wizard pages” on page 43.
6
Click Next.
7
(Optional) On the second page of the wizard, check the updates that you want
to distribute.
8
If you want to activate the new software update policy, turn on the policy. To
turn on the policy, click on the colored circle and then click On.
You can also turn on the policy later.
9
Click Distribute software updates.
Staging and distributing software updates
Viewing the software update delivery summary report
Viewing the software update delivery summary report
The Linux Software Update Tasks Delivery Summary report summarizes the
results of all scheduled software update policies. It tells you which computers the
software update tasks target, and if the updates have been successfully installed.
The report also tells you if any software update tasks failed, or if they have not
yet completed.
Patch Management Solution for Linux also provides other reports that you can
view.
See “About Patch Management Solution reports” on page 45.
To view the software update delivery summary report
1
In the Symantec Management Console, on the Reports menu, click All
Reports.
2
In the left pane, expand Software > Patch Management > Remediation Status,
and then click Linux Software Update Tasks Delivery Summary.
3
In the right pane, leave the default settings, and then click Refresh.
About software update policies and maintenance
windows
Maintenance windows are time periods in which maintenance tasks, including
the installation of software updates, are performed. To ensure that software update
policies abide by maintenance windows, leave the Override Maintenance Window
Settings check box unchecked in the first page of the Software Update Policy
Wizard. If the box is checked, the software update plug-in ignores maintenance
windows and installs the updates as instructed otherwise by the software update
policy.
See “Software Update Policy Wizard pages” on page 43.
Installing a software update may take longer than a specified maintenance window.
In this case, the installation of the updates completes, but any required restarts
are deferred until the next maintenance window.
Patch Remediation Center page
This page lets you view, stage, and distribute all software updates that are provided
by software update catalog files.
See “About staging and distributing software updates” on page 38.
41
42
Staging and distributing software updates
Patch Remediation Center page
See “About errata and patches” on page 37.
Table 7-1
Items on the Patch Remediation Center page
Item
Description
Bulletin
The bulletin's number, as supplied by the vendor.
Severity
The bulletin's vendor-specified severity level.
Custom Severity The bulletin's user-defined severity level.
Staged
Indicates if the bulletin has been set to download included software
updates. If all updates have been downloaded, the result is True.
Otherwise it is False.
Policies
The number of software update policies that have been created from
the bulletin.
Updates
The number of software updates that are included in the bulletin.
Downloaded
The number of software updates currently downloaded.
Released
The date the bulletin was released.
Revised
The date the bulletin was revised.
Description
A description of the vulnerabilities that the software bulletin addresses.
Table 7-2
Right-click actions on the Patch Remediation Center page
Item
Description
View Targeted Computers
Displays the computers that the software update policy
containing this bulletin is targeting.
You must create a software update policy to view targeted
computers.
View Applicable Computers Displays the computers to which the selected bulletin
applies.
View Installed Computers
Displays the computers on which the selected bulletin is
installed.
View Vulnerable Computers Displays the computers that do not have the selected
bulletin installed.
Staging and distributing software updates
Software Update Policy Wizard pages
Software Update Policy Wizard pages
The software update policy wizard creates the software update policies that
distribute software updates to managed computers. A software update policy that
is created from an erratum or patch includes every software update that is
associated with the erratum or patch.
See “Distributing software updates” on page 39.
Table 7-3
Options on the first page of the Software Update Policy Wizard
Option
Description
Software Updates
The names of each software update that is included in
the bulletin.
Software Bulletins
The name of the bulletin or bulletins you have chosen
to make policies for. You cannot edit the software
bulletins through the software update policy wizard.
You can click a software bulletin to open the Resource
Manager to view detailed information on the software
bulletin.
You can only select a software bulletin that has been
previously staged.
Name
The name of the policies you have chosen from the
policies window. This field is populated automatically
if only one policy is listed in the Tasks field.
Description
The vendor description of the bulletin.
Use Multicast when the
(Patch Management Solution for Windows only)
Symantec Management Agent’s
Enables the multicast features.
multicast option is enabled
Run (other than agent default)
Runs the software updates installation at a different
time than the time that is specified in the software
update plug-in settings.
See “Configuring software updates installation settings
” on page 27.
As soon as possible
Runs the software updates installation as soon as the
software update policy arrives to the target computer.
Power on computer (Wake on
LAN)
(Patch Management Solution for Windows only)
Attempts to turn on the computer before installing
software updates.
43
44
Staging and distributing software updates
Software Update Policy Wizard pages
Table 7-3
Options on the first page of the Software Update Policy Wizard
(continued)
Option
Description
On schedule
Runs the software updates installation on a schedule.
Override Maintenance
Windows settings
Overrides the specified maintenance windows settings.
Apply to computers
Lets you specify the target collection or collections to
which the software update policy applies.
See “About software update policies and maintenance
windows” on page 41.
If you use the software update policy wizard, the correct
resource target for the selected software bulletin is
automatically applied.
Table 7-4
Options on second page of the Software Update Policy Wizard
Options
Description
On/Off
Lets you enable or disable the software update policy for the software
bulletin and included software updates.
Click On if you want the policy to become active after you complete
the wizard.
You can also turn on the policy later. The policies that you create are
located at Manage > Policies > Software > Patch Management >
Software Update Policies.
Software Bulletins The names of the software bulletin.
Update Names
The name of each software update executable. If Enable is selected,
all of the executables are enabled. Click the hyperlink to open the
Resource Manager page for the software update.
Dependencies
The name of dependent updates. Dependent updates are installed if
the target computer needs it.
Conflict
Displays the software update executable conflicts. By default, the
conflicts are ignored and software update plug-in attempts to install
the update.
Click the link and choose a different conflict resolution method.
Chapter
8
Using Patch Management
Solution reports
This chapter includes the following topics:
■
About Patch Management Solution reports
■
About compliance reports
■
About diagnostic reports
■
About remediation status reports
■
About software bulletin reports
■
About the Patch Management Solution for Linux home page
■
Viewing Patch Management Solution reports
About Patch Management Solution reports
You can view and manage your patch management data through reports. These
reports give you information specific to Patch Management Solution. For example,
you can use compliance reports to determine how many urgent software updates
your managed computers require.
See “About compliance reports” on page 46.
Reports let you view information in various ways. You can see your information
in tables or graphically in charts. You can also drill down on specific items in a
report to obtain additional information.
You can stage or distribute software updates directly from reports by right-clicking
on the update name in the report.
46
Using Patch Management Solution reports
About compliance reports
Patch Management Solution provides the following reports:
■
Compliance reports
See “About compliance reports” on page 46.
■
Diagnostic reports
See “About diagnostic reports” on page 47.
■
Remediation status reports
See “About remediation status reports” on page 47.
■
Software bulletin reports
See “About software bulletin reports ” on page 47.
See “Viewing Patch Management Solution reports” on page 48.
Patch Management Solution also has a patch management home page. This page
is a portal page that is comprised of a number of Web parts displaying results
from commonly used reports.
See “About the Patch Management Solution for Linux home page” on page 47.
About compliance reports
Compliance reports are the key to quickly determining what software updates
your managed computers require. Compliance reports are used to determine if
computers are up-to-date with the latest software updates. These reports are also
used to check if a particular software bulletin or update is installed on your
managed computers. This is useful if a specific security issue affects your network
environment and a certain update addresses the problem.
You can start distributing software updates directly from report results. For
example, if you want to quickly distribute all critical updates, sort the report
results by Severity. Then, right-click all critical updates and click Stage. Then
you can distribute the updates.
See “About staging and distributing software updates” on page 38.
You can find the compliance reports in the Symantec Management Console under
Reports > All Reports > Software > Patch Management > Compliance.
Compliance reports are also featured on the Patch Management Solution home
page for easy access.
See “About the Patch Management Solution for Linux home page” on page 47.
See “About Patch Management Solution reports” on page 45.
Using Patch Management Solution reports
About diagnostic reports
About diagnostic reports
The diagnostics reports display vulnerability summary and software update
plug-in installation information.
You can find the diagnostics reports in the Symantec Management Console under
Reports > All Reports > Software > Patch Management > Diagnostics.
See “About Patch Management Solution reports” on page 45.
About remediation status reports
The remediation status reports summarize and detail software update associations
and activities.
You can find the remediation status reports in the Symantec Management Console
under Reports > All Reports > Software > Patch Management > Remediation
Status.
See “About Patch Management Solution reports” on page 45.
About software bulletin reports
The software bulletins reports summarize and detail software bulletin activity
and status.
You can find the remediation status reports in the Symantec Management Console
under Reports > All Reports > Software > Patch Management > Software
Bulletins.
See “About Patch Management Solution reports” on page 45.
About the Patch Management Solution for Linux home
page
The home page is a portal page providing patch management summary information
at a glance. The page is comprised of a number of Web parts displaying results
from commonly used reports.
See “About Patch Management Solution reports” on page 45.
You cannot customize the portal page directly. If you want, you can add patch
management Web parts to other configurable portal pages. For example, the My
Portal page.
47
48
Using Patch Management Solution reports
Viewing Patch Management Solution reports
You can access the home page by clicking Home > Patch Management, and then,
under Novell or under Red Hat, click Updates.
Table 8-1
Web parts on the Software Update Compliance Portal page
Web part
Description
Patch for Linux License Status
Reports on the amount of Patch Management Solution
for Linux licenses in use, their status, and expiration
date.
Vulnerabilities
Reports on the number of vulnerabilities that need to
be addressed.
This Web part is also available in a graph form.
Software Update Tasks Delivery Reports on the number of patches that were executed
Summary
in the past 30 days and how many succeeded or did not
complete.
This Web part is also available in a graph form.
Software Bulletin Summary
Reports on the number of software bulletins available,
staged, tasks created, and new bulletins in the last 30
days.
This Web part is also available in a graph form.
Configuration Summary
An overall configuration summary, which includes
computers with the software update plug-in, computers
not reporting vulnerability analysis, software updates
catalog download data, and so on.
Viewing Patch Management Solution reports
Patch Management Solution for Windows provides reports that let you view
detailed information about the updates.
See “About Patch Management Solution reports” on page 45.
To view Patch Management reports
1
In the Symantec Management Console, on the Reports menu, click All
Reports.
2
In the left pane, expand Software > Patch Management.
3
Click the report that you want to view.
For example, click Compliance > SUSE Compliance by Update.
Using Patch Management Solution reports
Viewing Patch Management Solution reports
4
In the right pane, leave the default settings, and click Refresh.
5
If you want to view more information about an update, right-click on any
update, and click Resource Manager.
49
50
Using Patch Management Solution reports
Viewing Patch Management Solution reports
Chapter
9
Replicating Patch
Management Solution for
Linux data in hierarchy
This chapter includes the following topics:
■
About replicating Patch Management Solution for Linux data
About replicating Patch Management Solution for
Linux data
Downloading Red Hat and Novell patch management metadata files to multiple
Notification Servers can consume considerable network resources and time.
Notification Server hierarchy features remove the need to download patch
management metadata files individually. You can download the files once to a
single parent Notification Server. Then you can use Patch Management Solution
replication rules to send the relevant data to any number of child Notification
Servers. The replicated data on the child Notification Servers is identical to the
data on the parent.
Replication is possible as soon as you install the software update plug-in on the
child Notification Server's Linux client computers. The software update plug-in
collects operating system inventory data that is then sent to the parent Notification
Server by the Patch Linux OS Channel Resource Replication Rule. If the clients
that match the selected software channels exist on the child Notification Server,
patch management metadata files can be replicated to that server. By default, the
operating system inventory data is replicated once a day at 20:00.
To enable Red Hat and Novell patch management metadata files replication, you
must turn on the Patch Management Import Data Replication for Novell and
52
Replicating Patch Management Solution for Linux data in hierarchy
About replicating Patch Management Solution for Linux data
Patch Management Import Data Replication for Red Hat rules. When the rules
are turned on, replication is performed once a day at 23:00.
See “About Patch Management Solution for Linux” on page 11.
A
Appendix
Technical reference
This appendix includes the following topics:
■
About hierarchy and data replication direction
■
About Patch Management Solution security roles
About hierarchy and data replication direction
Patch Management Solution for Windows and Patch Management Solution for
Linux support the hierarchy and the replication features of the Symantec
Management Platform. These features let you create settings, schedules, and
other data at the top-level Notification Server computer and replicate them to
child-level Notification Server computers.
Patch Management Solution for Mac does not support replication.
See “About replicating Patch Management Solution for Linux data” on page 51.
Table A-1
Items that are replicated by the default Notification Server
replication schedule with no custom replication rules
Item
Replication direction
All the server tasks settings and schedules:
Down
■
Download QChain
■
Check Software Update Package Integrity
■
Import Patch Data for Microsoft/Adobe/Red Hat/Novell
Microsoft/Adobe/Linux Vulnerability Analysis policy settings Down
Microsoft/Adobe/Red Hat/Novell vendor settings
Down
Default Software Update Plug-in Policy settings
Down
54
Technical reference
About hierarchy and data replication direction
Table A-1
Items that are replicated by the default Notification Server
replication schedule with no custom replication rules (continued)
Item
Replication direction
Software update plug-in install, upgrade, and uninstall policy
settings
Down
Software update policies
Down
Table A-2
Items that are replicated with custom replication rules
Item
Replication
direction
Description
Language support
information
Up
This information is replicated when the
PatchManagementLanguageAlerting rule
is enabled.
Up
This information is replicated when the
Patch Linux OS Channel Resource
Replication rule is enabled.
(Patch for Windows only)
OS inventory data
(Patch for Linux only)
Patch management metadata Down
This information is replicated when the
Patch Management Import Data
Replication for Adobe/Microsoft/Red
Hat/Novell rules are enabled.
For Windows, only the updates and
bulletins that are associated with the child
computer's supported languages are
replicated.
For Linux, only the metadata for the
channels that are relevant to the child
Notification Server's client computers is
replicated.
Compliance summary
Up
This information is replicated when the
Patch compliance summary replication
rule is enabled.
The vulnerability analysis is replicated up
as a summary.
Technical reference
About Patch Management Solution security roles
About Patch Management Solution security roles
You can assign the following security roles to Symantec Management Console
users:
■
Patch Management Administrators
■
Patch Management Rollout
Users with Patch Management Administrators role have full access to Patch
Management Solution functionality, but no access to the rest of the Symantec
Management Console.
Users with Patch Management Rollout role have limited access to the following
Patch Management Solution functionality:
■
Software update policies
■
Reports
■
Patch Remediation Center page
Users with the Patch Management Rollout role can perform the following actions:
■
Enable, disable, and change settings in the software update policies .
■
View reports.
55
56
Technical reference
About Patch Management Solution security roles
Index
A
H
analyzing vulnerabilities 27
assigning severity levels 26
help
C
Check Software Update Package Integrity task
about 35
checking package integrity 35
compliance analysis
configuring 27
configuring
Novell settings 27
Patch Management Solution core settings 25
Red Hat settings 27
severity levels 26
updates installation settings 27
vendor settings 27
context-sensitive help 12
Core Services page
about 28
Core Services settings
configuring 25
D
Default Software Update Plug-in Settings
about 32
distributing software updates 39
about 38
viewing update summary reports 41
documentation 12
download location 25
downloading
patch management metadata 34
software updates catalog 34
downloading software updates. See staging
E
errata. See software updates
context-sensitive 12
hierarchy
replicating data 51
home page 47
I
implementing
Patch Management Solution for Linux 15
Import Patch Data for Novell task
about 33, 36
Import Patch Data for Red Hat task
about 33, 36
installing
Patch Management Solution 18
prerequisites 17
software update plug-in 21
inventory
collecting 27
L
licensing
about 19
M
maintenance windows
about 41
N
Novell Software Update Compliance Portal 47
Novell Updates Import Task. See Import Patch Data
for Novell task
Novell vendor settings page
about 29
P
page
Default Software Update Plug-in Settings 32
58
Index
page (continued)
Import Patch Data for Novell 36
Import Patch Data for Red Hat 36
Novell settings 29
Patch Remediation Center 41
Red Hat settings 29
Software Update Policy Wizard 43
patch management import data. See patch
management metadata
patch management metadata
downloading 34
Patch Management Solution
components 17
installing 18
licensing 19
prerequisites 17
uninstalling 19
upgrading 18
Patch Management Solution for Linux
about 11
implementing 15
supported platforms 18
Patch Management Solution server tasks
about 33
Patch Remediation Center page
about 41
patches. See software updates
portal page 47
prerequisites 17
R
Red Hat errata. See software updates
Red Hat Errata Import Task. See Import Patch Data
for Red Hat task
Red Hat Software Update Compliance Portal 47
Red Hat Updates Import Task. See Import Patch Data
for Red Hat task
Red Hat vendor settings page
about 29
Release Notes 12
relocating packages 35
replicating data in hierarchy 51
replication direction 53
reports 45
compliance 46
diagnostic 47
Patch Management Solution for Linux home
page 47
remediation status 47
reports (continued)
software bulletin 47
viewing 48
restarts
configuring 27
S
security roles 55
severity levels
assigning 26
configuring 26
software update plug-in
about 21
installing 21
uninstalling 22
upgrading 22
Software Update Policy Wizard
about 43
software updates
about 37
computer restart time 27
distributing 39
installation settings 27
installation time 27
staging 38
viewing update summary reports 41
software updates catalog
downloading 34
staging software updates 38
about 38
SUSE patches. See software updates
U
uninstalling
Patch Management Solution 19
software update plug-in 22
upgrading
Patch Management Solution 18
software update plug-in 22
V
vendor settings
configuring 27
vulnerability analysis
configuring 27
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement