A remediation might require a full system reboot in order for the patch or update to take effect. Occasionally, a remediation might even require a second reboot.
As an administrator, to determine if an advisory or minion requires a reboot as part of a remediation, first run an assessment.
|On the Advisories tab of the policy dashboard, check the Install Behavior column for the advisory's status:
|On the Minions tab of the policy dashboard, check the Needs Reboot column for the minion's status:
If you detemine your system or minion needs a reboot follow these steps:
- On the Minions tab of the policy dashboard, click the checkbox next to a minion that shows true in the Needs Reboot column.
- Click Run Command.
- In the Function menu, select the system.reboot command.
- In the Arguments field, add the necessary arguments.
- For Windows nodes, the system.reboot command needs two arguments: timeout and in_seconds. Set the first argument to 0 and the second argument to true. See the win_system.reboot module documentation for more information about these arguments.
- For Linux nodes, the system.reboot command takes one argument: at_time. See the system.reboot module documentation for more information about these arguments.
- (Optional) If you want to schedule a reboot for a specific time, create a job that reboots the minion and then set that job to run at a scheduled time. See Automation Config jobs workflow for more information.
- Click Run Command to run this command on the select minion.
After initiating a reboot, the minion might take several minutes to reboot and come back online.
To check whether the minion is back online after a reboot, refresh the Minions tab in the Vulnerability workspace and check the minion’s presence. See Minion presence for more information.
What to do next
After rebooting a minion as part of a remediation, you must run another assessment to verify the remediation was successful.