VisibleThread Help Center

    Customer managed patches to the VisibleThread Server

    Follow

    The VisibleThread VM is built on top of Ubuntu Linux, and from time to time critical patches are made available to the operating system and its components.

     

    The VisibleThread security team monitor the security patches and update advisory notices if required.

     

    Customers can choose to run their own patching program with some restrictions. Essentially we require that some critical parts of the VisibleThread architecture are 'pinned' to required supported versions. This is necessary to ensure the VisibleThread Application remains compatible with any patches or updates that may be applied to the server by your patching team.

     

    Note: You should always ensure you have backed up/snapshotted your VisibleThread VM before applying updates as there may be unintended consequences. It is also good policy to test the updates on a test environment first.

     

    Setting up for customer managed updates

     

    Note: These instructions apply only to customers who are running the Ubuntu 16.04 operating system. 

    You can check which version of the operating system you are running by typing 'lsb_release -a' at the command line.

    Before you begin updating or patching the VisbileThread VM, first create a file on VM called 'preferences' at '/etc/apt'.  This file should be owned by root.

    The file should have the following contents:

     

    Package: postgresql*
    Pin: version 10*
    Pin-Priority: 550
    
    Package: openssl* 
    Pin: version 1.0.2* 
    Pin-Priority: 550 
    
    Package: apache2 
    Pin: version 2.4.18* 
    Pin-Priority: 550
    
    Package: supervisor
    Pin: version 3.2*
    Pin-Priority: 550

     

    Once this file is in place you can apply any updates using the Ubuntu package manager without overwriting services the VisibleThread application relies upon.

     

    How to apply critical security updates on the Ubuntu OS

    You can apply any available critical security updates to the VM from the command line using the 'unattended-upgrades' package.

     

    First ensure the aptitude cache's are up to date:

    sudo apt-get update

     Now installed the unattended-upgrades package

    sudo apt-get install unattended-upgrades 

    Now apply any critical updates

    sudo unattended-upgrade -v

    It's good practice to run these updates on a Monthly basis. 

    Was this article helpful?
    0 out of 0 found this helpful

    Comments