Linux

How to Set Up Automatic Kernel Updates on Linux

How to Set Up Automatic Kernel Updates on Linux

Applying security updates to the Linux kernel is a straightforward process that can be done using tools like apt, yum, or kexec. However, when managing hundreds or thousands of servers running different Linux distributions to patch, this method can be challenging and time consuming.

Updating the kernel manually requires rebooting the system. This results in downtime, which can be problematic, so reboots are usually scheduled to occur at specific time intervals. Because manual patching is performed during this cycle, it provides hackers with a “time window” in which they can attack the server infrastructure.

For organizations running more than a few servers, live patching is a better choice. This is an automatic way to patch the Linux kernel while the server is running, which allows it to be more efficient and safer than the manual method.

This article describes how to set up a kernel update without automatic booting using a live patch solution from Canonical and CloudLinux.

Canonical Direct Capture

Canonical Livepatch is a service that patches the running kernel without having to reboot your Ubuntu system. Livepatch service is free to use, up to three Ubuntu systems. To use this service on more than three computers, you must subscribe to the Ubuntu Advantage program.

Before installing the service, you need to get a livepatch token from the Livepatch Service site.

After you install the token and activate the service by running the following two commands:

sudo snap install canonical-livepatch
sudo canonical-livepatch enable 

To check the service status, run:

sudo canonical-livepatch status --verbose
Later if you want to unregister the machine, use this command:

sudo canonical-livepatch disable 

The same instructions apply for Ubuntu 20.04 and Ubuntu 18.04.

KernelCare

KernelCare is a great choice for hosting providers and businesses.

KernelCare runs on Ubuntu, CentOS, Debian, and other popular Linux. It checks for patch releases every 4 hours and installs them automatically. Patches can be rolled back. KernelCare is free for non-profit organizations.

To install KernelCare, run the installation script:

wget -qq -O - https://kernelcare.com/installer | bash
If you are using an IP based license, there is nothing more to do. Otherwise, if you are using a key-based license, run the following command to register the service:

/usr/bin/kcarectl --register 

Where is the registration key string that is provided when you register for a trial or purchase a product. You can find it on this page.

Below are some useful KernelCare commands:

  • To check if a running kernel is supported by KernelCare:
    curl -s -L https://kernelcare.com/checker | python
  • To unregister a server:
    sudo kcarectl --unregister
  • To check service status:
    sudo kcarectl --info
  • The software will automatically check for new patches every 4 hours. To update manually, run:
    /usr/bin/kcarectl --update

Conclusion

Live Patching technology allows you to apply patches to the Linux Kernel without needing to reboot.

If you have any questions or feedback, please leave a comment.

Related posts

How to Install and Use a Linux Firewall

Linux

How to Install Yarn on Ubuntu 20.04

Linux

How to Customize the Linux Terminal on a Chromebook

Linux

How to Install R on Ubuntu 20.04

Linux

How to Install Tomcat 9 on Ubuntu 20.04

Linux

How to Check Memory Usage on Linux

Linux

How to Install GCC (build-essential) on Ubuntu 20.04

Linux

How to Count Files in Directories on Linux

Linux

How to Upgrade From Windows 7 to Linux

Howto