Policy not patching systems

[Troms]

seem to have an issue, we are trying to patch our ubuntu 22.4 servers.
this was working prevousily we have a policy to patch them every sunday at 5 am.
they have listed patches available but have not patched in two weeks except when i manually pushed patches to soem of then on 8/14.
attached an image showing the currect patch dastes

[Cubert]

can you screen shot your applied policy for this agent? Next have a look at the server logs and see if you see agents counted during policy execution.

Screenshot 2024-08-26 164523.png (87.92 KiB) Viewed 3196 times

Next , based on time stamp above logs, have a look at the agent command and script logs during time frame to see if there were any error logs generated on agent.


**Note ** Agents must be online during update operations and is skipped if offline.

[Troms]

applied policy
attached screenshot not seeing anything in l.ogs other then 14 when i manually pushed updates.

save textfile:

/var/tmp/apm/scanner.sh!!!!!#!/bin/bash
#----------------------------------------------------------
#
#---------------------------------------------------------

if [ $EUID -ne 0 ]; then
echo "ERROR: Must be run as root"
exit 1
fi

if command -v yum &> /dev/null; then
PM="yum"
elif command -v apt-get &> /dev/null; then
PM="apt"
elif command -v zypper &> /dev/null; then
PM="zypper"
else
echo "zypper, yum or apt-get not found on the system"
exit 1
fi
updateCount=0
REBOOT=0
if [[ "$1" == *"ScanPackages"* ]]; then

if [[ "$PM" == *"apt"* ]]; then

installed_packages=$(dpkg --get-selections | awk '{print $1}')
a=''
for package in $installed_packages; do
current_version=$(dpkg -s "$package" 2>/dev/null | grep "Version" | awk '{print $2}' | head -n 1)
available_version=$(apt-cache policy "$package" 2>/dev/null| grep "Candidate" | awk '{print $2}' | head -n 1)
a+='(36959, "'$package'","'$current_version'","'$available_version'"),'
if [ "$current_version" != "$available_version" ]; then
((updateCount++))
fi
done

if [ -n "$a" ]; then
b=${a::-1}
else
b=""
fi
echo $b"|"$updateCount"|"

elif [[ "$PM" == *"yum"* ]]; then

installed_packages=$(rpm -qa)
a=''
for package in $installed_packages; do
root_name=$(rpm -q --qf '%{NAME}\n' $package 2>/dev/null)
current_version=$(rpm -qi "$root_name" 2>/dev/null | grep "Version" | awk '{print $3}' | head -n 1)
available_version=$(yum info "$root_name" 2>/dev/null | grep "Version" | awk '{print $3}'| sort -rV | head -n 1)
a+='(36959,"'$root_name'","'$current_version'","'$available_version'"),'
if [ "$current_version" != "$available_version" ]; then
((updateCount++))
fi
done

if [ -n "$a" ]; then
b=${a::-1}
else
b=""
fi
echo $b"|"$updateCount"|"

elif [[ "$PM" == *"zypper"* ]]; then
a=''
# Get list of installed packages
installed_packages=$(zypper se -i | tail -n +6 | awk '{print $3}')

# Directory containing repository configuration files
repos_dir="/etc/zypp/repos.d/"

# Get list of repository configuration files
repo_files=$(ls -1 $repos_dir/*.repo)

for package in $installed_packages; do
current_version=$(zypper info $package | awk '/Version/ {print $NF}' | head -n 1)

# Loop through each repository
for repo_file in $repo_files; do
# Extract repository name from file name
repo_name=$(basename "$repo_file" .repo)

# Refresh repository metadata
zypper --quiet --gpg-auto-import-keys --no-gpg-checks --non-interactive refresh -r "$repo_name" &> /dev/null

# Check if the package exists in the repository
if zypper --quiet --non-interactive search --details "$package" -r "$repo_name" &> /dev/null; then
# Get version of the package
available_version=$(zypper info "$package" -r "$repo_name" | awk '/^Version/ {print $NF}' |head -n 1)
# echo " Version: $available_version"
continue

fi

done

a+='(36959,"'$package'","'$current_version'","'$available_version'"),'
if [ "$current_version" != "$available_version" ]; then
((updateCount++))
fi
done

if [ -n "$a" ]; then
b=${a::-1}
else
b=""
fi

else
exit 1
fi


elif [[ "$1" == *"PMVersion"* ]]; then

if [[ "$PM" == *"apt"* ]]; then
PMV=$(apt -v |awk '{print $2}'| head -n 1)
elif [[ "$PM" == *"yum"* ]]; then
PMV=$(yum list installed | grep yum.noarch | awk '{print $2}' | head -n 1)
elif [[ "$PM" == *"yum"* ]]; then
PMV=$(zypper -V | awk 'NR==1 {print $2}' | head -n 1)
fi

echo $PM"|"$PMV"|"
fi

[Cubert]

Going over your logs and looking at your policiy list, I see an attempt to to run a Windows Update policy on the same cycle as what the Linux updates was previously scheduled but I do not see that policy in list currently. I assume that was added then deleted prior to this post?

The schedule may be missing its scheduling window due to the speed of the ISYNC process in Automate. Our function test is doing a (> 6), when it really should be (>= 6) which should make no since to you, but in the ISync dev world, is worth a whole minute before the next ISync cycle.

I will make this adjustment and we can see if that resolves your issues. Give me a chance to push out an update.

Screenshot 2024-09-03 111050.png (340.53 KiB) Viewed 3049 times

Please make sure that at least 1 Linux EDFs show that the Linux Update policy is applied to them.

[Troms]

verified

and looks like your change fixed it as seeing everyhting that has the policy applied patched on 9/1 which is the correect date

[Cubert]

My change hasn't been released yet... So that may be a valid issue still for you. If your Automate system is operating in the zone then this shouldn't be an issue.

Thats good, Our release will be out in the next few days and will happen automaticlly for you.

Problem solved.