Frequently Asked Questions
General
What is PatchCTL?
PatchCTL is a dashboard-first Linux patch management platform. It helps you manage updates across your Linux servers without needing CLI expertise.
What operating systems are supported?
- Ubuntu 20.04+
- Debian 11+
- RHEL 8+
- Rocky Linux 8+
- CentOS Stream 8+
- Fedora 38+
- SUSE Enterprise 15+
- openSUSE Leap 15.4+
Is there a free plan?
Yes! The free plan includes 5 servers with full features, perfect for homelabs and small deployments.
Agent
How often does the agent check in?
Every 5 minutes (heartbeat interval).
How often are packages scanned?
Every 6 hours for a full package scan. You can trigger immediate scans from the dashboard.
Does the agent require internet access?
Yes, outbound HTTPS (port 443) to api.patchctl.com is required.
Can I run PatchCTL on ARM servers?
Not currently. Only x86_64 (amd64) architecture is supported.
Does the agent work in containers?
No, PatchCTL manages host operating systems, not containers.
What data does the agent send?
- System info (hostname, IP, OS)
- Hardware specs (CPU, RAM, disk)
- Package list and versions
- Update availability
The agent does NOT send file contents, user data, or command output.
Security
Does the agent accept inbound connections?
No. The agent only makes outbound HTTPS connections. No inbound ports required.
Can the agent run arbitrary commands?
No. The agent only executes whitelisted operations (check updates, install updates, etc.).
Is my data encrypted?
Yes. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Is PatchCTL SOC 2 compliant?
We follow SOC 2 security practices. Contact us for compliance documentation.
Features
Can I schedule patches for specific times?
Yes! Create schedules with specific times, timezones, and recurrence patterns.
Can I patch only security updates?
Yes. Both schedules and manual operations support "security only" mode.
How does CVE tracking work?
PatchCTL correlates your installed packages with known vulnerabilities from NVD and distribution advisories, updated daily.
Can I integrate with Slack/Teams?
Yes, via webhooks. Configure webhook URLs in schedule settings to receive notifications.
Is there an API?
API access is coming soon. Contact us if you need programmatic access.
Billing
How are nodes counted?
Each server with an active agent counts as one node, regardless of online/offline status.
What happens if I exceed my node limit?
You can't add new servers until you delete existing ones or upgrade your plan.
Can I downgrade my plan?
Yes, but ensure your node count fits the new plan's limit before downgrading.
Do you offer annual billing?
Contact sales@patchctl.com for annual pricing.
Troubleshooting
My server isn't appearing in the dashboard
- Check agent is running:
sudo systemctl status patchctl - Verify license key matches
- Test network:
curl -I https://api.patchctl.com/health - Wait up to 5 minutes for first heartbeat
Patches are failing
- Check for package manager locks
- Verify disk space
- Test repository connectivity
- Check agent logs:
sudo journalctl -u patchctl
CVE data isn't showing
CVE correlation requires:
- Agent registered
- Package scan completed (up to 6 hours)
- CVE data sync (daily)
New servers may take 24 hours for complete CVE data.
Support
How do I get help?
- Check this documentation
- Email support@patchctl.com
- Include error messages and logs
Is there a status page?
Yes: https://status.patchctl.com
Do you offer enterprise support?
Yes, enterprise plans include priority support. Contact sales@patchctl.com.