Create a Linux Patch Policy

JumpCloud’s automated patch management for Linux lets you configure a delay when performing updates for major and minor Linux versions. Each of these options has its own setting where you can specify the number of deferral days. This setting controls how long before future updates are made available to the device. In addition, you can set a grace period for minor Linux updates. When a minor update becomes available, this setting controls how long users can defer updates. As that grace period approaches its expiration, automatic reminders appear more frequently and eventually users can't dismiss them.

You can save time by using JumpCloud’s default patch policies and policy groups that are preconfigured and ready to use. See Create Default Patch Policies and Policy Groups below.

JumpCloud also provides a universal browser patch policy that keeps Google Chrome up to date for macOS, Windows, and Linux. See Create a Universal Browser Patch Policy.

Contact your Account Manager if you’re interested in adding patch management to your package or to learn more about the solution. Pricing for patch management is located at https://jumpcloud.com/pricing.

Create Default Patch Policies and Policy Groups

If your organization hasn't yet configured any macOS, Windows, or Linux patch management policies or policy groups, you can save time by loading a set of default patch policies and policy groups, enforcing security patches on a large number of managed devices.

A policy group helps you quickly and efficiently roll out preconfigured policies using deployment rings. Deployment rings are configured with sane defaults. The deployment ring names match these policy group names, as well as control how and when an update is applied:

  • Vanguard - Deploy automated upgrades inside your IT Department. 
  • Early Adoption - Deploy automated upgrades to early adopters outside of IT.
  • General Adoption - Deploy automated upgrades to general users in your company.
  • Late Adoption - Deploy automated upgrades to remaining users in your company.
A diagram showing the deployments as sections within an angle, with the sections becoming broader as you move out from the center. The image starts with Vanguard adoption, then moves through Early, General, and Late Adoption.

To create default Linux patch policies and policy groups:

  1. Log in to the JumpCloud Admin Portal
  2. Go to DEVICE MANAGEMENT > Policy Management.
  3. Select Patch Management, then select the OS tab.
  4. If you haven’t yet configured a patch policy or patch policy group, click Load Default Policies & Policy Groups to create four out-of-the-box default policy groups. Each policy group contains three preconfigured deployment ring policies that are automatically bound to the group.
  5. Review the preconfigured settings for the Linux default policies. 

Adoption Ring

Deployment Ring Policy Update Deferrals
Linux (Ubuntu) 0 days
Linux (Ubuntu) Early Adoption 3 days
Linux (Ubuntu) General Adoption 7 days
Linux (Ubuntu) Late Adoption 14 days
  1. (Optional) Select the policy you just created and select the Device Groups tab.
  2. Select one or more device groups where you'll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
  3. (Optional) Select the Devices tab.
  4. Select one or more devices where you'll apply this policy.
  5. Click save.
  6. After the policy runs, you can view detailed results for a specific device:
    • Go to DEVICE MANAGEMENT > Devices.
    • Select the Devices tab, then select the applicable device.
    • Select the Policy Results tab, and click View to see more details. An Exit Status of 0 means the policy ran successfully.

Alert Behavior of OS Updates

The alerts for updates using the JumpCloud Patch Management policies are delivered to users via the default system notifications on Linux. 

Image showing the software update alert an end user sees when a patch is pushed to their machine. This alert says that updated software is available, with the options Remind Me Later, Install Now, or Settings....

Create an Automatic Linux Updates Policy

JumpCloud’s automated patch management for Linux lets you configure a delay when performing updates for major and minor Ubuntu versions. Each of these options has its own setting where you can specify the number of deferral days. This setting controls how long before future updates are made available to the device.

To create an Automatic Linux Updates Policy:

  1. Log in to the JumpCloud Admin Portal
  2. Go to DEVICE MANAGEMENT > Policy Management.
  3. Select Patch Management, then select the OS tab. Only OS patch policies appear in this tab. 
  4. Click Load Default Policies & Policy Groups if this is your first time accessing the OS tab.
  5. Click ( + ) to add a new policy, then choose Linux from the dropdown options. 

Tip:

You can also use default patch policies to quickly create a policy. See Create Default Patch Policies above.

  1. On the New Policy panel, enter a new name for the policy in the Policy Name field, or keep the default. Note: Policy names must be unique.
  2. Configure the following settings and click save. Note: The defaults vary for each policy.
    1. Subscribe to - Select which 'apt' software categories will be used to update the device. The following options are available:
      • All updates
      • Security and Recommended updates
      • Security updates only
    2. Automatically check for updates - Manage how often the device will automatically check for updates. The following options are available:
      • Daily
      • Every two days
      • Weekly
      • Every two weeks
      • Never
    3. When there are security updates - Configure what action the device will take when it finds that updates are available as a result of an automatic check for updates. The following options are available:
      • Display immediately
      • Download automatically
      • Download and install automatically
    4. When there are other updates - Manage how often to launch the update manager when there are normal (non-security) updates available. The following options are available:
      • Display immediately
      • Display weekly
      • Display every two weeks
  3. Select Restrict OS Release upgrades to Long Term Support (LTS) releases to only allow updates from one Ubuntu LTS release to another. For example, from Ubuntu 20.04 to Ubuntu 22.04, but not 20.10 or 21.04. 
  4. OS Release upgrade delay days - Specify number of days, counted from the release date, before Ubuntu OS release upgrades will be made available.  
  5. Select the policy you just created and select the Device Groups tab.
  6. Select one or more device groups where you'll apply this policy. For device groups with multiple OS member types, the policy is only applied to the supported OS.
  7. Select the Devices tab. Select one or more devices where you'll apply this policy.
  8. Click save. The configured policy appears in the OS tab.

Remove a Patch Policy

To remove an existing patch policy:

  1. Log in to the JumpCloud Admin Portal
  2. Go to DEVICE MANAGEMENT > Policy Management.
  3. Select Patch Management, then select the OS tab.
  4. Select the policies that you wish to remove.
  5. Click Delete.
  6. Click continue.
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case