ansible-hardening/doc/source/developer-notes/V-38481.rst
Major Hayden a841e184de Docs: Update dev notes for Cat 2 controls
This patch updates the documentation for the developer notes associated
with the Cat 2 (Medium) controls applied by the security role.

Partial-bug: 1583744

Change-Id: Ic342f33942521db009185585a21208a4688f6ed3
2016-05-25 11:38:13 -05:00

29 lines
1.1 KiB
ReStructuredText

**Opt-in required**
Operating system patching policies vary from organization to organization and
are typically established based on business requirements and risk tolerance.
.. note::
Automatically upgrading packages can provide significant security benefits,
but they can reduce availability and reliability. Updating packages can
cause daemons to restart on some systems and they can cause local
customizations of configuration files to be lost.
Deployers are **strongly urged** to understand the nature of this change
and the associated risks prior to enabling automatic upgrades.
Deployers can enable automatic updates by setting
``security_unattended_upgrades`` to ``True`::
.. code-block:: yaml
security_unattended_upgrades: true
In Ubuntu, the ``unattended-upgrades`` package is installed and enabled. This
will apply updates that are made available to the trusty-security (Ubuntu
14.04) or xenial-security (Ubuntu 16.04) repositories.
In CentOS, the ``yum-cron`` package is installed and configured to
automatically apply updates.