Linux distributions like Ubuntu, Debian and CentOS make stable and robust web servers. One critical advantage of using Linux over Windows is that you can upgrade software without having to reboot. The main exception to this is kernel upgrades which require reboots. KernelCare overcomes this limitation so you can maintain 100% uptime while running the latest secure kernel patches.
Dirty COW is a serious exploit recently revealed. It allows regular users with shell access to escalate their privileges so they can run commands as root (exploit details) which is pretty serious. You can view a video explanation of the Dirty COW vulnerability here.
Enable Automatic Kernel Patches without Rebooting with KernelCare
- Checking uptime and kernel version
- Installation of KernelCare
- Using KernelCare
Checking Uptime and Kernel Version
Check your current uptime
Output is 83 days, I would like to avoid resetting my uptime just because of a kernel update.
21:20:57 up 83 days, 21:24, 1 users, load average: 0.00, 0.01, 0.05
Check CPU Type since KernelCare only works on 64-bit systems
If it says
x86_64 you’re all good
If you get
arm then you are out of luck
Check kernel version
You will see output similar to this
3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2016-02-29)
If it is not recent, you can have KernelCare update your kernel live without having to reboot.
Installing KernelCare on Ubuntu/Debian or CentOS is very easy.
Ubuntu and Debian
Ener the temporary folder and download the latest KernelCare deb package
cd /tmp wget http://patches.kernelcare.com/kernelcare-latest.deb
Install KernelCare deb package
sudo dpkg -i kernelcare-latest.deb
Installation is done.
Download and install Kernelcare on CentOS with the rpm command
rpm -i http://patches.kernelcare.com/kernelcare-latest.x86_64.rpm
That’s it for CentOS.
Perform the initial update with KernelCare
KernelCare will get the latest required patches and tell you your kernel is safe.
Kernel is safe
You can get the current status of KernelCare
My old kernel version was
3.16.0 and KernelCare compiled and live patched my kernel to
kpatch-state: patch is applied kpatch-for: Linux version
3.16.0-4-amd64 ([email protected]) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) kpatch-build-time: Fri Oct 21 01:29:02 2016 kpatch-description: 2;3.16.36-1+deb8u2
You may think that checking your kernel now using the
uname -rv command would show the update but it will not unless you reboot after doing a
If you registered an account with KernelCare you can add your current system to your account to easily manage licenses.
Your key is shown after registering an account
You can get your registration key by logging in to your account. The Key column has the registration key.
Then use the key to register under your account like this while replacing
kR6qT8iumGqY101E with your actual key (below key is fake).
kcarectl --register kR6qT8iumGqY101E
KernelCare will check for kernel upgrades every 4 hours and live patch automatically keeping you secure and up to date without having to reboot your server.