a841e184de
This patch updates the documentation for the developer notes associated with the Cat 2 (Medium) controls applied by the security role. Partial-bug: 1583744 Change-Id: Ic342f33942521db009185585a21208a4688f6ed3
1.1 KiB
Opt-in required
Operating system patching policies vary from organization to organization and are typically established based on business requirements and risk tolerance.
Note
Automatically upgrading packages can provide significant security benefits, but they can reduce availability and reliability. Updating packages can cause daemons to restart on some systems and they can cause local customizations of configuration files to be lost.
Deployers are strongly urged to understand the nature of this change and the associated risks prior to enabling automatic upgrades.
Deployers can enable automatic updates by setting
security_unattended_upgrades to
True`:: .. code-block:: yaml security_unattended_upgrades: true In Ubuntu, theunattended-upgradespackage is installed and enabled. This will apply updates that are made available to the trusty-security (Ubuntu 14.04) or xenial-security (Ubuntu 16.04) repositories. In CentOS, theyum-cron``
package is installed and configured to automatically apply updates.