How to apply security updates on Rocky Linux

Key Points
Introduction: Explains why applying security updates on Rocky Linux is essential to reduce vulnerabilities and maintain system stability.
Patch Individual Systems Using Native Linux Tools: Covers how users can manually apply security updates on a single Rocky Linux system using built-in package management tools.
Patch Rocky Linux Systems at Scale: Explains how Patch Manager Plus helps automate, deploy, and monitor security updates across multiple Rocky Linux systems from a central console.

Introduction

Rocky Linux systems must be regularly updated with security patches to protect against vulnerabilities and ensure reliable operations. Managing these updates manually can result in delayed remediation and increased risk across servers.

Patch Individual Systems Using Native Linux Tools

Rocky Linux provides native package management tools that allow administrators to apply security updates on individual systems.

Refresh the meta files with the repos enabled on the machine:

 sudo yum makecache

To list security available updates:

 sudo yum --security check-update

Install security updates

If you want to apply only security-related patches:

 sudo yum --security update

This installation commands downloads and installs updates from the repositories available & enabled on the machine.

Patch a specific package

To update a single package:

 sudo yum install <package-name>

To update a single package to a specific version:

 sudo yum install <package-name>-<version>

Note: The machine should have suitable repos enabled and access to the repositories.

Patch Rocky Linux Systems at Scale

The following steps explain how to apply security updates across multiple Rocky Linux systems and maintain continuous protection using Patch Manager Plus.

Step 1: Ensure Linux security patches are synchronized

1. Navigate to Admin → Patch Settings → Patch Database Settings
2. Verify that Linux patches are enabled so the Patch Manager Plus server downloads the latest Linux security updates.
3. Confirm the synchronization schedule is enabled to keep security patch information current.

Step 2: Scan Rocky Linux systems for missing security updates

1. Navigate to Systems → Managed Systems → By Patches.
2. Initiate the patch scan so agents on Rocky Linux machines evaluate missing security updates using the updated patch database.
3. Review the scan results to identify applicable security updates for Rocky Linux systems.

Step 3: Deploy security updates to Rocky Linux systems

1. Navigate to Deployment → Manual Deployment → Install/Uninstall Patch.
2. Select the required Linux security updates identified for Rocky Linux machines.
3. Choose the target Rocky Linux computers or groups and proceed with deployment using the appropriate deployment options.
4. Monitor deployment progress and installation status.

Step 4: Configure Automated Patch Deployment for security updates

1. Navigate to Deployment → Automate Patch Deployment.
2. Click Automate Task and select Linux as the operating system.
3. Provide a task name and configure the task in the following order:
   • Select Applications: Choose Linux updates and select the required security severity levels.
   • Choose Deployment Policy: Select a deployment policy that defines deployment timing and reboot behavior.
   • Define Target: Select the computer groups that contain Rocky Linux systems.
   • Configure Notifications: Set notification preferences to track security update deployment status.
4. Save the task to enable continuous deployment of Linux security updates.

Additional Linux deployment behavior is detailed here: Linux Patch Deployment.

Step 5: Monitor security update status

1. Navigate to Deployment → Automate Patch Deployment to review task execution.
2. Monitor deployed, failed, or pending security updates to ensure Rocky Linux systems remain protected.

Start your 30-day free trial and manage unlimited endpoints — patched and protected!