It’s simple process to apply security updates to the Linux kernel using apt, yum, or kexec tools. But when managing multiple servers with different Linux distribution then it can be time-consuming and tedious. This article show you how to set up automatic kernel updates without reboot using the live patching.
If you do manual update the kernel requires to reboot the system and this is problematic due to downtime. It is better and secure way to do live patching for the organizations whih are running more servers.
Canonical Livepatch
The Canonical Livepatch is a service that patches the running kernel without rebooting your Ubuntu system. It is free service to use up to three Ubuntu systems. You should subscribe to the Ubuntu Advantage program to use this service on more than three computers.
Get a livepatch token from the Livepatch token from the Livepatch service site, before installing the service. Next, once you have the token install and enable the service using below commands:
sudo snap install canonical-livepatch
sudo canonical-livepatch enable
You can check the status of the service by typing:
sudo canonical-livepatch status --verbose
To deregister the system, use below command:
sudo canonical-livepatch disable
KernelCare
KernelCare can be use on Ubuntu, CentOS, Debian, and other Linux distribution. It is a best option for hosting providers and businesses. It automatically checks for patch releases at every 4 hours and install them if any available. KernelCare is free of cost for the non-profit organizations.
Run the following script to install the KernelCare using wget:
wget -qq -O - https://kernelcare.com/installer | bash
If you are using a key-based license, run the following command to register the service:
/usr/bin/kcarectl --register YOUR_KEY
Make sure you should replace the YOUR_KEY with your registration keycode string provided when you sign up for the trial or purchase the product. It can be get from this page.
Useful KernelCare commands:
To check that if the running kernel is supported by KernelCare:
curl -s -L https://kernelcare.com/checker | python
For deregistering a server:
sudo kcarectl --unregister
Check the status of the service:
sudo kcarectl --info
If you would like to update manually, type:
/usr/bin/kcarectl --update
Conclusion
In this article you learned how to set up automatic kernel updates without reboot using the live patching.
If you have any questions or feedback, please leave a comment below.