All Products
Search

This Product

    CloudOps Orchestration Service:Patch baseline

    Document Center

    CloudOps Orchestration Service:Patch baseline

    Last Updated:Nov 06, 2025

    The patch management feature predefines a default patch baseline for each operating system. If you want to configure custom rules to scan and install patches for an operating system, you can create a patch baseline to specify the operating system type, patch categories, patch severities, and conditions for automatic approval. After you create the patch baseline, you can specify the patch baseline as the default patch baseline for the operating system to apply the custom rules.

    Create a patch baseline

    1. Log on to the CloudOps Orchestration Service console. In the navigation pane on the left, choose Server Management > Patch Management.

    2. On the page that appears, click Configure Patch Baseline. On the Patch Baseline page, click Create.

    3. On the Create Patch Baseline page, enter a name and a description for the patch baseline.image

    4. Select an operating system from drop-down list.image

    5. Define rules for the patch baseline, including patch type, severity, and conditions for automatic approval.image

    6. (Optional) If some patches cannot be processed by the rules for specific reasons, you can set patch exceptions to explicitly approve or reject these patches.

      Set patch exception rules

      • Alibaba Cloud Linux and CentOS

        • Package manager: Yellowdog Updater, Modified (YUM). Dandified YUM (DNF) is used for Amazon Linux 2022, 2023, Red Hat Enterprise Linux (RHEL) 8, and CentOS 8.

        • Approved patches:

          • CVE ID: such as CVE-2025-0395.

          • Security notice ID: such as RHSA-2025:14177 and ALINUX3-SA-2025:0138.

          • Package name: For example, glibc-utils-2.32-1.21.al8.x86_64 can be written as:

            • glibc-utils-2.32-1.21

            • glibc-utils-2.32-1.21.al8

            • glibc-utils-2.32-1.21.al8.x86_64

          • Wildcard characters are supported, such as glibc-utils* and glibc-utils-2.32-1.21.al8*.

        • Rejected patches:

          • The format is the same as for approved patches.

      • Ubuntu and Debian

        • Package manager: APT.

        • Patch format: Specify only the package name, such as XXXPkg123.

      • Windows

        • Patch format: Use the Microsoft Knowledge Base ID or security notice ID, such as KB2032276, KB2124261, or MS10-048.

    7. Click Create.

    More operations

    • Specify the default patch baseline: In the patch baseline list, find the desired patch baseline and click Set as Default Baseline in the Actions column. In the message that appears, click OK.

      Important

      The default patch baseline is used as a reference for patch checks. Therefore, set the default patch baseline with caution.

    • View the details of a patch baseline: In the patch baseline list, find the desired patch baseline and click Details in the Actions column.

    • Update a patch baseline: In the patch baseline list, find the desired patch baseline and click Update in the Actions column.

    • Delete a patch baseline: In the patch baseline list, find the desired patch baseline, click the image icon in the Actions column, and then select Delete. In the message that appears, click OK.

      Important

      Before you delete a patch baseline, make sure that the patch baseline is not used by instances. This prevents patch checks from being affected.