In this tutorial, you will learn how to perform a phased rollout of individual CVE fixes. The typical use case is deploying a CVE patch in a development environment, and if the patch does not disrupt the workloads, deploy it in an identical manner in the production environment.
To complete this tutorial, you will use Landscape’s dashboard and the latest version of Ubuntu Advantage client (UA Client), a command-line utility bundled with Ubuntu Advantage Tools.
Beyond CVE patching, UA Client also provides you with a simple mechanism to view, enable, and disable offerings from Canonical on your system. UA client produces machine readable outputs and integrates with other Canonical or third-party tooling. Beyond CVE patching, UA Client can enable Ubuntu Advantage services like Ubuntu Security Guide (USG), Extended Security Maintenance (ESM), FIPS, Livepatch, and more.
Landscape is Canonical’s systems management and monitoring solution. Landscape enables you to divide your Ubuntu estate into cross sections by tags, groups, annotations, and search queries, which can also filter hardware and software metadata. These cross-sections, regardless of size, can be reconfigured as easily as one machine.
We will compose interactions with UA Client into a Landscape-aware shell script, and apply patches for individual CVEs to any selection of machines in your fleet. UA Client’s CVE patch success and failure outputs are captured in Landscape’s Activity Monitor and Event Log.