Since there are some Linux systems in my environment which need regular updates I built a little routine for that. If you like to take over any parts of it, feel free.
I assume that you know how to setup KACE scripting, Custom Inventory Rules and labels, so I just provide the snippets.

It consists of a regulary running script which does a Detect of patches, a Deployment of patches, cleaning out old downloaded patches and logs it, so I can review errors.
In addition it updates the search database so the newly installed versions can be found and be used in internal scripts.

Prerequisites:

1. all Linux systems have the agent installed
2. a local mirror is setup (optional, if not done, the updates are taken from the official mirrors)
3. all Linux systems have an interactive root-account


Setting up the script:

#!/bin/bash
apt update;
update=$?;
apt upgrade -y;
upgrade=$?;
apt dist-upgrade -y;
dist-upgrade=$?;
apt autoremove -y;
remove=$?;
apt autoclean -y;
clean=$?;
updatedb;
search=$?;
rm /root/upgrade.result
echo "last run: " >>/root/upgrade.result
date >>/root/upgrade.result
echo "Results:"  >>/root/upgrade.result
echo "updating the patch list: "  >>/root/upgrade.result
echo $update >>/root/upgrade.result
echo "run the patches: "  >>/root/upgrade.result
echo $upgrade >>/root/upgrade.result
echo "distribution patches: "  >>/root/upgrade.result
echo $dist-upgrade >>/root/upgrade.result
echo "Housekeeping: "  >>/root/upgrade.result
echo "remove old updates: "  >>/root/upgrade.result
echo $remove >>/root/upgrade.result
echo "clean the logs and results: "  >>/root/upgrade.result
echo $clean>>/root/upgrade.result
echo "updating the database: " >>/root/upgrade.result
echo $search >>/root/upgrade.result
cat /var/run/reboot-required >>/root/upgrade.result

If needed the script can be split in multiple scripts, so a detect ( apt update ), deploy (apt upgrade and apt dist-upgrade) and the housekeeping steps (apt autoremove and apt autoclean) are split in single scripts.


Result handling and automatic reboot

To have the results directly in the SMA there was simply a small CIR needed:

ShellCommandTextReturn( cat /root/upgrade.result )

The second CIR is needed for getting the info which services need a reboot:

ShellCommandTextReturn( cat /var/run/reboot-required.pkgs )

The third CIR is needed for getting all systems which need to be rebooted:

FileExists (/var/run/reboot-required )

This one is linked to a smart label, which regulary reboots the systems out of hours.
Note: /var/run/reboot-required  and /var/run/reboot-required.pkgs are automaticly deleted after a reboot, so rebooted systems fall out of the labels.
Note: the log contains only the last run and brings down the error codes from apt directly. If you need more speaking error messages, just add the translation to the script.