I'm managing a bunch of Debian and Ubuntu virtual machines for various purposes like NFS, proxy services, load balancers, and XRDP. I'm looking for a patch management system that gives me a nice dashboard showing unpatched operating systems and software. Ideally, I'd like it to be able to patch individual VMs or specific software, as well as roll out updates across all machines. Additionally, it's important that it provides detailed auditing and possibly has an agent-based setup. How do you all handle patch management in your environments?
4 Answers
I would recommend checking out Landscape, especially since it's from Ubuntu. It integrates well with their system.
I haven't tried it myself, but NinjaOne seems to be a popular choice for Debian/Ubuntu setups, especially if you need enterprise-level support and reporting. In production, I've mostly seen people use Red Hat Satellite, but obviously that's not compatible with your needs. Many folks also go for custom solutions, utilizing tools like Prometheus, InfluxDB, and Grafana to create dashboards for monitoring, though that can take some serious time to set up effectively.
ManageEngine offers a solid option for Linux patching if you're looking for something robust.
We previously used Ansible with Tower to automate our patch management. We had playbooks that ran on a schedule to check for and report available updates.
Foreman+Katello can actually manage repositories and updates for Debian-based systems as well. While it might not have the same depth as Satellite, it does a decent job with the package update lifecycle.