In comparison to Microsoft Windows Operating Systems, patching Linux servers is a little more complicated. Microsoft has a relatively controlled release cycle for updates, in fact I would say a very controlled release cycle. Patch Tuesday is widely known within Windows administrator circles as the day Microsoft Release their updates, which includes critical updates, security updates, rollups, service packs etc.
In the Linux world, software development is less controlled and therefore the updates tend to be a little more “wild” in nature. Of course, you have various distribution offerings such as Satellite from Red Hat which helps you manage Linux Patching from a central repository. However, the rate in which updates are released are much more frequent in nature, therefore your Linux Patching Strategy will differ from your Windows Patching Strategy based on your risk appetite.
It is important when considering your Windows Patching Strategy and your Linux Patching Strategy how you will test the deployment of patches within your environment, whether a simple or complex environment, the success and integrity of patch deployment will depend on how well your test environment is setup and how rigorous your testing plan is. You and your company’s risk appetite will determine the level of testing and at what level.
In addition to deploying updates, it is also important to consider Linux Operating System End of Life Management. This is particularly important in corporate environments, or environments that are utilising corporate distributions such as Red Hat. Knowing when support is going to end for a major version of an operating system is a critical part of Linux Patch Management.
It is also critical to understand the how important the reporting of compliance is within patch management, whether it relates to Microsoft Windows Operating Systems and applications or Linux Operating Systems. However, it is generally more complicated to establish straight forward Linux patch reporting. This again is largely due to the wild nature of open source software and how a company decides to deploy software within its environment. There are good tools that assist with reporting on Linux Patching, particularly with corporate distributions such as Red Hat but when you want to view your entire compliancy in a single view, including various distributions, Windows Operating Systems and Hypervisors etc, PalisadeSECURE’s Patch Management reporting and compliancy app can provide such a view to assist technical staff as well as security and senior management get a single and real time view.
To summarise, Linux Patching can be more complex than Windows Patching purely because of the nature in which software is developed, released and delivered within an environment. Factors to consider when developing a Linux Patching Strategy are Distribution, Update and Patching Tools provided by the distribution, risk appetite, test environment, test deployment and level of user acceptance testing.
Find out more about PalisadeSECURE’s Linux Patching services here.