Some Under-the-Hood Improvements in KernelCare Package Setup Logic
One day, we received a report from our client that he faced 403 Forbidden error during KernelCare package setup. We started to investigate the issue and found that we need to improve KernelCare package setup logic.
According to the old logic, trial registration and the first packages delivering performed during KernelCare installation. We have changed this logic to make the setup procedure more transparent for our clients and eliminate the 403 Forbidden error in case when trial has already been used.
Now, if you’d like to pull kernel updates right after the KernelCare package setup, you should run kcarectl –update command otherwise you will get kernel updates within the next four hours after the package set up.
An exception to the above is when you have disabled KernelCare auto updates. In this case, the kcarectl –update command is the only way to pull kernel updates and should be launched inevitably.
Sending many thanks to our KernelCare clients who help us to improve the product for mutual benefit. We love to read your feedback and believe that together we can make KernelCare even better.
KernelCare is a live patching system that patches Linux kernel vulnerabilities automatically, with no reboots. It’s used on over 300,000 servers, and has been used to patch servers running for 6+ years. It works with all major Linux distributions, such as RHEL, CentOS, Amazon Linux, and Ubuntu. It also interoperates with common vulnerability scanners such as Nessus, Tenable, Rapid7, and Qualys. To talk with a consultant about how KernelCare might meet your enterprise’s specific needs, contact us directly at [email protected].