Security Patches and Updates ---------------------------- .. index:: security;security update .. index:: cluster;cluster run During installation the system will automatically install the application named "security" which is a collection of all the latest security patches available for the various pieces of software in the platform at the time the system was built. Updates to this application are released to customers regularly. The security application provides these updates but does not automatically install them - allowing customers with concerns to verify them on lab machines first for example. Some security updates may also require scheduled downtime to complete and for this reason the final installation of updates is a manually triggered process. The health command will inform the user if any security updates are currently available but not installed. Users can install security updates at any time by running the command: **security update** Those who would prefer to automate this can create a scheduled command to do so on a regular basis. The security update will install all operating system updates to both the main system and the application jails, but it will not generally contain updates to the core applications themselves - these are shipped separately as new application install versions as they require additional QA to ensure compatibility. To manage security updates in a *cluster*, two options are available: 1. Run **security update** on *each* node in the cluster. 2. Carry out the update in two steps: a. From the primary unified node, run: **cluster run notme security update** Wait for security updates to complete on these nodes in the cluster. b. Then on the primary unified node, run: **security update** Example output: :: platform@development:~$ security update You are about to upgrade the system, which may cause services to restart. Do you wish to continue? y Application snmp processes stopped. Installing updates for the main operating system Starting system security update. This will take a few minutes Checking packages to start the update process Updating applications Application processes stopped. Application services:firewall processes stopped. Application services processes started. Updating /opt/platform/apps/mongodb/chroot ........................................... Updating /opt/platform/apps/voss-deviceapi/chroot ...................................... Updating /opt/platform/apps/selfservice/chroot ......................................... Updating /opt/platform/apps/nginx/chroot ...................................... The system is preparing for core security updates. This is a required step and will require a reboot Core security updates are now completed, system is configuring updates Application processes stopped. Application processes started. Your system is fully updated and may require a reboot. Run 'system reboot' or 'cluster run all system reboot' if updates were applied. platform@development:~$ system reboot You are about to reboot the system. Do you wish to continue? y