How do I solve Missing OS Patch issues on MetaDefender Endpoint/MetaDefender IT Access managed Linux devices?

This article applies to the current MetaDefender IT Access Console and API, and all MetaDefender Endpoint releases deployed on Linux systems.

Users running MetaDefender Endpoint on one or more Linux devices may occasionally see MetaDefender IT Access device compliance warnings/flags related to Missing OS Patches.

These warnings/flags are triggered by device issues and will appear under MetaDefender IT Access Console>Inventory>Devices>Relevant Device>Detailed Device Information>Missing Patches.

Malware is frequently designed to exploit the vulnerabilities in outdated applications and operating systems in order to gain entry to and infect a system.

This is why keeping your operating system, OS security patches and all associated apps up-to-date is an essential element of risk reduction in cyber-security.

The following instructions are intended for .deb or .rpm based Linux systems, but steps may vary slightly depending on your distro and version.

To remediate Missing OS Patch related device compliance issues on your managed Linux devices, please follow the relevant instructions below.

Debian

  1. To synchronize your update package index with the latest available update index online, open a Terminal and type sudo apt-get update, then enter your admin password as prompted.
  1. Next, to install the latest versions of all packages currently installed on your system, type sudo apt-get upgrade then hit Enter.
  1. Alternatively, you can include the install of selected packages after the standard upgrades by typing sudo apt-get install package-name and then hitting Enter. For a list of available updates and package names, type apt list –upgradable

RPM

For .rpm based Linux, open a Terminal and type sudo yum update

To enable automatic updates functionality in Zypper on openSUSE, follow these steps:

auto_update_zypper_on_opensuse

1. Create a systemd service file:

Create a new service file named zypper-auto-update.service in the directory /etc/systemd/system/. You can use any text editor to create and edit this file. For example:

sudo nano /etc/systemd/system/zypper-auto-update.service

Add the following content to the file:

[Unit]
Description=Run zypper update
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/zypper --non-interactive --no-gpg-checks --quiet refresh && /usr/bin/zypper --non-interactive --no-gpg-checks --quiet update
[Install]
WantedBy=multi-user.target

Save the file and exit the text editor.

2. Create a systemd timer file:

Create a new timer file named zypper-auto-update.timer in the directory /etc/systemd/system/. This file will specify when and how often the zypper-auto-update.service should be executed. For example:

sudo nano /etc/systemd/system/zypper-auto-update.timer

Add the following content to the file to schedule daily updates at 4 AM:

[Unit]
Description=Run zypper update daily
[Timer]
OnCalendar=*-*-* 04:00:00
Persistent=true
[Install]
WantedBy=timers.target

Save the file and exit the text editor.

3. Reload systemd manager configuration:

After creating the service and timer files, you need to reload the systemd manager configuration to make systemd aware of the new files. Run the following command:

sudo systemctl daemon-reload

4.Enable and start the timer:

Now, enable the timer to start automatically at boot and start it immediately:

sudo systemctl enable --now zypper-auto-update.timer

To learn more about installing updates in Linux, Read This. To learn more about installing updates in Linux via the command line, Read This.

If you have followed the instructions above but Continue To Experience Missing OS Patch Issues On Your MetaDefender Endpoint / MetaDefender IT Access Managed Linux Devices, please open a Support Case with the OPSWAT team via phone, online chat or form, or feel free to ask the community on our OPSWAT Expert Forum.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
How do I use Windows Update Agent to solve Missing OS Patch issues on MetaDefender Endpoint/MetaDefender IT Access managed Windows devices?
On This Page
How do I solve Missing OS Patch issues on MetaDefender Endpoint/MetaDefender IT Access managed Linux devices?DebianRPM