skip to content
 

The Computer Officers install all security patches on the managed workstations. This gives us a chance to test them out before installing, as some patches have been known to break things. This document describes how to carry out the patching.

Ubuntu image

All the workstations' root accounts are configured with an ssh authorized_keys file that allows the patching machine to log in without a password. The workstations report their update status to Hobbit, and we have a script that reads this and applies patches to any machines that need them. The easiest way to start the patching is to go to http://apps.ch.cam.ac.uk/triggers/ and push the appropriate button.

Kernel patches

The machines will report to hobbit under 'kernel' when there are has been a kernel patch and they need a reboot.

Ubuntu machines should nag the user about this themselves. However if the hobbit dot is red that means 'needs a reboot and you can do it now' and yellow means 'needs a reboot but users are logged in'. So it should be safe to reboot any with red kernel dots.

Can't find what you're looking for?

Then you might find our A-Z site index useful. Or, you can search the site using the box at the top of the page, or by clicking here.