Patching and Updating Red Hat Enterprise Linux
Patching and updating our supported servers is an extremely important method of ensuring that our servers remain reliable and secure. It is also mandatory that all POST maintained servers adhere to the UW - Madison's Electronic Devices policy. To that end, POST Linux has developed procedures for patching machines.
Once a patch is released from Red Hat, it is examined by team members to determine if the patch is going to cause a disruption to services once applied. It is generally applied to several test machines first before being deployed to the rest of the servers. If the patch is not deemed critical by the Linux team, and is not disruptive in its application, it will be deployed within one week of its release.
If a patch is to resolve a critical security or reliability problem, and is not disruptive to the services on the server, it will be applied as soon as possible.
If a patch is to resolve a critical security or reliability problem, and the patch is disruptive to services on the server, efforts will be made to coordinate an outage with the customer. If the customer is not available or unwilling to permit the application of the patch in a timeframe appropriate to the severity of the patch, and there is no workaround available that meets the needs of the customers, the Linux team will work with DoIT Security and Campus Network Services to secure the machine using network hardware and black hole policies until the patch can be applied.