How to patch AWS Linux

Key Points
Introduction: Explains why Linux instances hosted on AWS still need consistent patching to reduce risk and maintain stability.
Patch Individual Systems Using Native Linux Tools: Covers how to manually patch single AWS Linux systems using built-in Linux commands.
Patch AWS Linux Systems at Scale: Shows how to sync the patch database, scan AWS Linux systems, and deploy or automate Linux patching using Patch Manager Plus.

Introduction

AWS hosted Linux servers often run critical workloads and scale rapidly across multiple instances. When patching is handled inconsistently, some systems may miss important security and stability updates. A centralized patching approach helps ensure all Linux instances receive required updates in a timely and controlled manner.

Patch Individual Systems Using Native Linux Tools

AWS Linux can be patched manually using its built-in package manager when patching is required only for individual systems and a centralized patch management solution is not available.

Refresh the meta files with the repos enabled on the machine:

 sudo yum makecache

To list all available updates:

 sudo yum check-update

To list ony security available updates:

 sudo yum --security check-update

Install all available updates

Run the following command to install all available patches, including security and general updates:

 sudo yum update

Install only security updates

If you want to apply only security-related patches:

 sudo yum --security update

This installation commands downloads and installs updates from the repositories available & enabled on the machine.

Patch a specific package

To update a single package:

 sudo yum install <package-name>

To update a single package to a specific version:

 sudo yum install <package-name>-<version>

Note: The machine should have suitable repos enabled and access to the repositories.

Patch AWS Linux Systems at Scale

The following steps guide you through centrally patching multiple or thousands of AWS Linux systems and configuring automation to keep them continuously up to date using Patch Manager Plus.

Step 1: Ensure Linux patches are synchronized

1. Navigate to Admin → Patch Settings → Patch Database Settings
2. Verify that Linux patches are enabled so the Patch Manager Plus server downloads the latest Linux patch details.
3. Confirm the synchronization schedule is active to keep the patch database updated.

Step 2: Scan AWS Linux systems for missing patches

1. Navigate to Systems → Managed Systems → By Patches.
2. Initiate a patch scan for the managed Linux systems, including AWS hosted Linux instances.
3. Review the scan results to identify missing Linux patches.

Step 3:Deploy Linux patches to AWS Linux systems

1. Navigate to Deployment → Manual Deployment → Install/Uninstall Patch.
2. Select the required Linux patches identified for AWS Linux machines.
3. Choose the target AWS Linux computers or groups and proceed with deployment using the appropriate deployment options.
4. Monitor the deployment status to confirm successful installation.

Step 4: Configure Automated Patch Deployment for AWS Linux

1. Navigate to Deployment → Automate Patch Deployment.
2. Click Automate Task and select Linux as the operating system.
3. Provide a task name and configure the task in the following order:
   • Select Applications: Choose Linux applications and severities to be included for automation.
   • Choose Deployment Policy: Select an existing deployment policy that defines deployment timing and reboot behavior.
   • Define Target: Select the computer groups that contain AWS Linux systems.
   • Configure Notifications: Set notification preferences to track deployment status.
4. Save the task to enable continuous patching for the systems.

Additional Linux deployment behavior can be referenced here: Linux Patch Deployment.

Start your 30-day free trial and manage unlimited endpoints — patched and protected!