Skip to main content

Patch Management: Unix

Patches are applied to managed Unix servers on a regular schedule. 

This article applies to: Managed Servers


Summary

We patch our Enterprise Linux (Redhat Enterprise Linux and CentOS) systems regularly, as follows.

  • EL 6 and EL 7:

We patch on a 6-month schedule.
In the event of high-severity security exposures, we schedule two-week emergency patch cycles to minimize security exposures and maintain Policy 5.10 Information Security compliance.

  • EL 8:

We patch on a monthly basis, over a seven day schedule.

Our patching process updates the Operating System with vendor-provided patches. In addition, patching may include updates to certain packages that we provide with the operating system, such as monitoring or backup agents.

Patching Automation and Scheduling

Given the number of Unix servers we manage and the time-consuming nature of patching, the Managed Servers has employed an automated patching system. This automation allows us greater flexibility when scheduling patch application and provides us with a mechanism for patching systems more efficiently.

You can view the patching schedule for the servers assigned to you on the Patch Scheduling page. The Area Manager and OS Contacts assigned to a particular server can modify the patching schedule.

Handling Patching Problems

Customers are expected to check their applications within one business day after patching. After that time, our ability to back-out the patch become more limited. It is advisable to schedule the patching of test systems several days before production systems to provide yourself adequate time to assure that the vendor patches have not impacted your application. In the event that you discover problems related to patching, you should contact systems-support@cornell.edu immediately.

Change Management (CIT Only)

Change Advisory Board (CCAB) announcements about patches are the responsibility of the service owner. If you determine that OS patching maintenance should be included for the CCAB process, please submit a change request via the normal means. The usual lead time for CCAB submissions is one week before the maintenance is scheduled.

Was this page helpful?

Your feedback helps improve the site.

Comments?