Scribd
Upload
68 views

How To Setup Automatic Kernel Updates On Linux: Canonical Livepatch

This document discusses how to set up automatic kernel updates on Linux without requiring reboots. It describes two live patching solutions: Canonical Livepatch, which is free for up to three Ubuntu systems and requires installing via Snap, and KernelCare, which supports multiple Linux distributions and checks for updates every 4 hours once installed via script. Both solutions allow patching the running kernel without downtime.

Uploaded by

foopirata
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
68 views

How To Setup Automatic Kernel Updates On Linux: Canonical Livepatch

This document discusses how to set up automatic kernel updates on Linux without requiring reboots. It describes two live patching solutions: Canonical Livepatch, which is free for up to three Ubuntu systems and requires installing via Snap, and KernelCare, which supports multiple Linux distributions and checks for updates every 4 hours once installed via script. Both solutions allow patching the running kernel without downtime.

Uploaded by

foopirata
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

How to Setup Automatic Kernel Updates on

Linux
Applying security updates to the Linux kernel is a straightforward process that can be done using
tools such as apt , yum, or kexec. However, when managing hundreds or thousands of servers
running different Linux distribution to patch, this method can be challenging and time-
consuming.
Manually updating the kernel requires rebooting the system. This results in downtime, which can
be problematic, so reboots are usually scheduled to occur at specific time intervals. Because
manual patching is done during these cycles, it provides hackers with a “time window” in which
they can attack the server infrastructure.
For organizations that run more than a few servers, live patching is a better option. It’s an
automated way to patch a Linux kernel while the server is running, which enables it to be both
more efficient and more secure than manual methods.
This article explains how to set up automatic rebootless kernel updates using the live patching
solutions from Canonical and CloudLinux.
Canonical Livepatch
Canonical Livepatch is a service that patches the running kernel without having to reboot your
Ubuntu system. Livepatch service is free to use, up to three Ubuntu systems. To use this service
on more than three computers, you’ll have to subscribe to the Ubuntu Advantage program.
Before installing the service, you need to get a livepatch token from the Livepatch Service site .
Once you have the token install and enable the service by running the following two commands:
sudo snap install canonical-livepatchsudo canonical-livepatch enable <your-
key>
To check the status of the service, run:
sudo canonical-livepatch status --verbose
Later if you want to deregister a machine, use this command:
sudo canonical-livepatch disable <your-key>
The same instructions apply for Ubuntu 20.04 and Ubuntu 18.04.
KernelCare
KernelCare is a great option for hosting providers and businesses.
KernelCare runs on Ubuntu, CentOS, Debian, and other popular flavors of Linux. It checks for
patch releases every 4 hours and installs them automatically. Patches can be rolled back.
KernelCare is free for non-profit organizations.
To install KernelCare run the installation script:
wget -qq -O - https://kernelcare.com/installer | bash
If you are using an IP-based license, nothing else is required to be done. Otherwise, if you are
using a key-based license, run the following command to register the service:
/usr/bin/kcarectl --register <your-key>
Where <your-key> is the registration keycode string provided when you sign up for the trial or
purchase the product. You can get it on this page .
Below are some useful KernelCare commands:
 To check if the running kerne is supported by KernelCare:
curl -s -L https://kernelcare.com/checker | python
To deregister a server:
sudo kcarectl --unregister
To check the status of the service:
sudo kcarectl --info
The software will automatically check for new patches every 4 hours. To update manually, run:
/usr/bin/kcarectl --update
Conclusion
The Live Patching technology allows you to apply patches to the Linux Kernel without rebooting.

You might also like