How to Set Up Automatic Kernel Updates on Linux - DesignLinux

Sep 07 2020
designlinux 0 Comments
How to Setup Automatic Kernel Updates on Linux

It’s simple process to apply security updates to the Linux kernel using apt, yum, or kexec tools. But when managing multiple servers with different Linux distribution then it can be time-consuming and tedious. This article show you how to set up automatic kernel updates without reboot using the live patching.

If you do manual update the kernel requires to reboot the system and this is problematic due to downtime. It is better and secure way to do live patching for the organizations whih are running more servers.

Canonical Livepatch

The Canonical Livepatch is a service that patches the running kernel without rebooting your Ubuntu system. It is free service to use up to three Ubuntu systems. You should subscribe to the Ubuntu Advantage program to use this service on more than three computers.

Get a livepatch token from the Livepatch token from the Livepatch service site, before installing the service. Next, once you have the token install and enable the service using below commands:

sudo snap install canonical-livepatch
sudo canonical-livepatch enable

You can check the status of the service by typing:

sudo canonical-livepatch status --verbose

To deregister the system, use below command:

sudo canonical-livepatch disable

KernelCare

KernelCare can be use on Ubuntu, CentOS, Debian, and other Linux distribution. It is a best option for hosting providers and businesses. It automatically checks for patch releases at every 4 hours and install them if any available. KernelCare is free of cost for the non-profit organizations.

Run the following script to install the KernelCare using wget:

wget -qq -O - https://kernelcare.com/installer | bash

If you are using a key-based license, run the following command to register the service:

/usr/bin/kcarectl --register YOUR_KEY

Make sure you should replace the YOUR_KEY with your registration keycode string provided when you sign up for the trial or purchase the product. It can be get from this page.

Useful KernelCare commands:

To check that if the running kernel is supported by KernelCare:

curl -s -L https://kernelcare.com/checker | python

For deregistering a server:

sudo kcarectl --unregister

Check the status of the service:

sudo kcarectl --info

If you would like to update manually, type:

/usr/bin/kcarectl --update

Conclusion

In this article you learned how to set up automatic kernel updates without reboot using the live patching.

If you have any questions or feedback, please leave a comment below.

Tags: ,