Tips for no reboot Linux Kernel patch

Must Read
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. In her free time, she is a modest family woman who loves traveling.

Applying the Linux kernel patch on the high-availability system, which should be efficient all the time is troublesome. In any case, applying the fix may likewise expect you to reboot the system which makes the system go disconnected for a specific measure of time. The following techniques will help apply the automatic patches without rebooting the system.

Methods for Live Linux Kernel patching

There are a few techniques permits you to apply kernel security patches without rebooting. Rebootless Linux bit refreshes are additionally called as Linux kernel live fixing or live update. Rebootless Kernel refreshes are not a trade for full portion updates but rather it permits you to fix basic security vulnerabilities and bug fixes. With these strategies, you can keep your servers sheltered and running without downtime for a considerable length of time.

CloudLinux KernelCare

KernelCare, created by CloudLinux, was propelled in 2014. KernelCare covers a large portion of the mainstream appropriations, including CentOS, RHEL, Oracle Linux, Debian, Ubuntu, and others. KernelCare additionally underpins the more established 2.6.32 bits from RHEL 6. KernelCare is an “introduce and overlook” arrangement with simple establishment. After the establishment, it downloads and applies the bit fixes naturally without rebooting.

KernelCare’s capacity to deal with progressively complex patches for vulnerabilities, for example, MeltdownSpectre, and Mutagen Astronomy improves it than its rivals. It likewise offers custom and fixed-date fixing to meed the particular needs. CloudLinux likewise offers support for KernelCare with its accomplished help group.

Advantages:

  • Simple installation
  • Wide OS coverage
  • Custom and fixed-date patching
  • Good support

Disadvantages:

  • not free 30 days trial

Oracle Ksplice

Ksplice is the most established live kernel patch solution. Currently, it is acquired by Oracle. It now supports only Oracle Linux and RedHat Enterprise Linux distributions. However, for the deployment, an Oracle license needed.

Advantages:

  • Automatic and live updates

Disadvantages:

  • Only for Oracle distributions
  • Requires a support license
  • Lacks crucial feature such as rescheduling of update

Red Hat Kpatch

Red Hat Kpatch which was announced in 2014 is the red hat community’s own live kernel patching tool. It can be ported to work on Fedora and CentOS and Debian-based systems. Unlike other patching tools in the list, this requires manual check and update of the patch…

Advantages: 

  • No reboot required

Disadvantages:

  • Not automated.
  • Limited distributions

Canonical Livepatch

Canonical’s Livepatch team handles the task of providing a solution for live patching Ubuntu distribution kernels. Ubuntu Community members can avail the tool for up to 3 machines. This tool is different from other tools in the list, It helps in the self-creation of patches but the process can be hectic and might consume time. Currently, Livepatch is accessible for Ubuntu 16.04 and later, and RHEL 7.x.

Advantages: 

  • Automatic kernel updates.
  • No reboot required.

Disadvantages:

  • Non-trivial custom kernel patches.
  • The number of updatable hosts is limited (additional hosts for a fee)

SUSE Kgraft

SUSE’s own Linux Enterprise Server is only supported by SUSE’s Kgraft live patching solution. The tool comes preinstalled with the distribution. Hence it does not need extra installation. The tool’s feature-set is similar to Kpatch.

Advantages: 

  • No installation required.
  • No reboot needed.

Disadvantages:

  • Single platform support.
  • Commercial (but there is a 60-day free trial).

Interested in Linux News’ daily update? Subscribe our newsletter for daily updates.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

DoppelPaymer ransomware operation getting rebranded, now named as Grief (alias Pay or Grief)

Doppel Paymer ransomware operation made a rebranding move. Following a period of little or no activity, now they are back...

More Articles Like This