Applying the Linux kernel patch on the high-availability system, which should be efficient all the time is troublesome. In any case, applying the fix may likewise expect you to reboot the system which makes the system go disconnected for a specific measure of time. The following techniques will help apply the automatic patches without rebooting the system.
Methods for Live Linux Kernel patching
There are a few techniques permits you to apply kernel security patches without rebooting. Rebootless Linux bit refreshes are additionally called as Linux kernel live fixing or live update. Rebootless Kernel refreshes are not a trade for full portion updates but rather it permits you to fix basic security vulnerabilities and bug fixes. With these strategies, you can keep your servers sheltered and running without downtime for a considerable length of time.
KernelCare, created by CloudLinux, was propelled in 2014. KernelCare covers a large portion of the mainstream appropriations, including CentOS, RHEL, Oracle Linux, Debian, Ubuntu, and others. KernelCare additionally underpins the more established 2.6.32 bits from RHEL 6. KernelCare is an “introduce and overlook” arrangement with simple establishment. After the establishment, it downloads and applies the bit fixes naturally without rebooting.
KernelCare’s capacity to deal with progressively complex patches for vulnerabilities, for example, Meltdown, Spectre, and Mutagen Astronomy improves it than its rivals. It likewise offers custom and fixed-date fixing to meed the particular needs. CloudLinux likewise offers support for KernelCare with its accomplished help group.
- Simple installation
- Wide OS coverage
- Custom and fixed-date patching
- Good support
- not free 30 days trial
Ksplice is the most established live kernel patch solution. Currently, it is acquired by Oracle. It now supports only Oracle Linux and RedHat Enterprise Linux distributions. However, for the deployment, an Oracle license needed.
- Automatic and live updates
- Only for Oracle distributions
- Requires a support license
- Lacks crucial feature such as rescheduling of update
Red Hat Kpatch
Red Hat Kpatch which was announced in 2014 is the red hat community’s own live kernel patching tool. It can be ported to work on Fedora and CentOS and Debian-based systems. Unlike other patching tools in the list, this requires manual check and update of the patch…
- No reboot required
- Not automated.
- Limited distributions
Canonical’s Livepatch team handles the task of providing a solution for live patching Ubuntu distribution kernels. Ubuntu Community members can avail the tool for up to 3 machines. This tool is different from other tools in the list, It helps in the self-creation of patches but the process can be hectic and might consume time. Currently, Livepatch is accessible for Ubuntu 16.04 and later, and RHEL 7.x.
- Automatic kernel updates.
- No reboot required.
- Non-trivial custom kernel patches.
- The number of updatable hosts is limited (additional hosts for a fee)
SUSE’s own Linux Enterprise Server is only supported by SUSE’s Kgraft live patching solution. The tool comes preinstalled with the distribution. Hence it does not need extra installation. The tool’s feature-set is similar to Kpatch.
- No installation required.
- No reboot needed.
- Single platform support.
- Commercial (but there is a 60-day free trial).
Interested in Linux News’ daily update? Subscribe our newsletter for daily updates.