People’s Democratic Republic of
Algeria
Ministry of Higher Education and
Scientific Research
Higher School of Computer Science
and Digital Technology (ESTIN)
Automated Update
and Patch
Management
Strategies for Windows Server and various
Linux distributions.
Group: 2CS5
Team Members:
Bennacer Safia
Boutemine Nour el Houda
Supervisor:
Kamel SOUADIH
�Contents
1 Introduction 2
1.1 Context . . . . . . . . . . . . . . . . . 2
1.2 Objectives . . . . . . . . . . . . . . . . 2
1.3 Methodology . . . . . . . . . . . . . . 2
2 The Importance of Patch Management 4
2.1 Why Automate Updates? . . . . . . . 4
2.2 Advantages . . . . . . . . . . . . . . . 4
2.3 Challenges . . . . . . . . . . . . . . . . 4
3 Patch Management Tools 5
3.1 Windows Server Update Services
(WSUS) . . . . . . . . . . . . . . . . . 5
3.2 Linux Tools . . . . . . . . . . . . . . . 7
3.2.1 Kali Linux Automated Updates 7
3.2.2 CentOS Stream Automated
Updates . . . . . . . . . . . . . 8
4 Security Considerations 11
4.1 Risks of Delayed Updates . . . . . . . 11
4.2 Best Practices . . . . . . . . . . . . . . 11
5 Conclusion 12
1
�1. Introduction
1.1 Context
Automated update and patch management refers to
the process of deploying software updates to operat-
ing systems and applications automatically, ensuring
system stability and minimizing manual interven-
tion. This process is crucial in today’s cybersecurity
landscape where vulnerabilities are constantly being
discovered and exploited.
1.2 Objectives
• Understand the importance of automated
patch management.
• Explore the advantages, challenges, and tools
for automated updates.
• Demonstrate installation and configuration on
various systems.
• Highlight security risks of delayed patching
and offer best practices.
1.3 Methodology
We approached the project through:
• Research on patch management theory and
tools.
• Practical installation of operating systems
(Windows, Linux).
2
�• Configuration and testing of update mecha-
nisms.
• Documentation of our findings with screen-
shots and code.
3
�2. The Importance of
Patch Management
2.1 Why Automate Updates?
Manual patching can be inconsistent and error-
prone. Automated patching ensures:
• Timely deployment of critical updates.
• Standardized configurations.
• Reduced human oversight and error.
2.2 Advantages
• Enhanced Security: Reduces attack sur-
faces.
• Operational Efficiency: Saves time and ef-
fort.
• Compliance: Meets legal and industry stan-
dards.
• Reduced Downtime: Prevents security
breaches.
2.3 Challenges
• Compatibility testing before patching.
• Network bandwidth during mass updates.
• Reboot scheduling and user impact.
• Selective patching for sensitive systems.
4
�3. Patch Management
Tools
3.1 Windows Server Update
Services (WSUS)
WSUS allows IT admins to manage the distribution
of updates released through Microsoft Update to
computers in a corporate environment.
Installation and Configuration
1. Step 1: Open PowerShell as Administra-
tor
• Right-click on the Start button
• Select ”Windows PowerShell (Admin)”
2. Step 2: Install WSUS Features
Install - WindowsFeature - Name
UpdateServices , UpdateServices -
WidDB , UpdateServices - Services -
IncludeManagementTools
This command installs:
• Core WSUS role
• Windows Internal Database (WID) for
storing updates
• WSUS management tools
3. Step 3: Check Installation Status
Get - WindowsFeature - Name
UpdateServices
5
� Verify ”Installed” appears next to UpdateSer-
vices
4. Step 4: Configure WSUS Server
Figure 3.1: Screenshots from WSUS Configuration
• Open Server Manager
• Click Notifications flag (top-right)
• Launch WSUS Configuration Wizard
5. Step 5: Choose Update Source
• Select ”Synchronize from Microsoft Up-
date” (default)
• Or choose ”Synchronize from another
WSUS server” if available
6. Step 6: Specify Content Location
• Default: C:
• Recommended: Separate partition with
sufficient space
7. Step 7: Choose Languages
• Select only required languages (English
recommended)
• More languages = larger update reposi-
tory
6
� 8. Step 8: Configure Proxy (Optional)
• Required if behind corporate proxy
• Enter proxy server details if needed
9. Step 9: Start Synchronization
• Initial sync may take several hours
• Progress shown in WSUS console
10. Step 10: Complete Configuration
• Review summary
• Click Finish
• Configure client policies via Group Policy
3.2 Linux Tools
3.2.1 Kali Linux Automated Updates
Kali Linux uses the APT package manager with
the unattended-upgrades package for automated
updates.
1. Step 1: Update Package Lists
sudo apt update
2. Step 2: Upgrade All Packages
sudo apt upgrade -y
3. Step 3: Install Unattended-Upgrades
sudo apt install unattended - upgrades
apt - listchanges -y
4. Step 4: Configure Automatic Updates
7
� sudo dpkg - reconfigure unattended -
upgrades
Select ”Yes” to enable automatic updates
5. Step 5: Edit Configuration (Optional)
sudo nano / etc / apt / apt . conf . d /50
unattended - upgrades
Recommended settings:
• Uncomment and set: Unattended-Upgrade::Automatic-Reboot
"true";
• Uncomment and set: Unattended-Upgrade::Automatic-Reboot-
"02:00";
• Adjust update origins as needed
6. Step 6: Check Status
systemctl status unattended - upgrades
3.2.2 CentOS Stream Automated
Updates
CentOS Stream uses dnf-automatic for automated
updates.
1. Step 1: Install Required Packages
sudo dnf install dnf - automatic -y
dnf-automatic replaces yum-cron for auto-
matic updates
2. Step 2: Configure Automatic Updates
Edit configuration file:
sudo nano / etc / dnf / automatic . conf
8
� Key settings:
[ commands ]
upgrade_type = security
download_updates = yes
apply_updates = yes
random_sleep = 360
[ emitters ]
emit_via = stdio
3. Step 3: Enable and Start Service
sudo systemctl enable -- now dnf -
automatic . timer
sudo systemctl start dnf - automatic -
install
4. Step 4: Verify Timer
systemctl list - timers dnf - automatic .
timer
5. Step 5: Test Updates (Dry Run)
sudo dnf upgrade -- assumeno
6. Step 6: Check Logs
sudo journalctl -u dnf - automatic -
install -n 50 --no - pager
7. Step 7: Verify Updates Check installed
updates:
sudo dnf history
Check pending updates:
sudo dnf check - update
8. Key Files
9
� • /etc/dnf/automatic.conf - Main con-
figuration
• /etc/dnf/dnf.conf - General DNF set-
tings
• /var/log/dnf.log - Update logs
9. Troubleshooting
• Check service status:
sudo systemctl status dnf -
automatic - install
• Manual trigger:
sudo systemctl start dnf -
automatic - install
10
�4. Security
Considerations
4.1 Risks of Delayed Updates
• Exposure to zero-day vulnerabilities
• Malware exploiting known flaws
• Data breaches and ransomware attacks
• Compliance violations
4.2 Best Practices
• Test updates in staging environments before
production
• Schedule regular patch scans and system back-
ups
• Monitor update logs and failure notifications
• Document all patch deployments with change
management
• Implement maintenance windows for reboots
• Prioritize security updates over feature up-
dates
11
�5. Conclusion
Automated update and patch management plays a
vital role in maintaining the security, performance,
and stability of computer systems. It helps reduce
human error, improve response times to vulnera-
bilities, and ensures consistency across large-scale
environments.
The detailed configurations provided for Windows
Server (WSUS), Kali Linux (unattended-upgrades),
and CentOS Stream (dnf-automatic) demonstrate
the practical implementation of automated patching
across different operating systems. Each method re-
quires proper initial setup but significantly reduces
ongoing maintenance overhead.
Despite some challenges-such as update conflicts,
reboots, and bandwidth usage-automated patch-
ing remains an industry best practice. The security
benefits far outweigh the operational considerations
when properly implemented.
As cyber threats continue to evolve, maintaining an
effective and automated patch management strategy
is no longer optional-it is a critical component of
any organization’s security posture. The methodolo-
gies documented in this report provide a foundation
for implementing robust automated update systems
in diverse IT environments.
12
