KernelCare: The Distribution-Agnostic Approach to Live Kernel Patching - TuxCare
TuxCare Blog News

KernelCare: The Distribution-Agnostic Approach to Live Kernel Patching

July 30, 2019

DistribAg No CTA

Once you’ve made the wise decision to switch from regularly rebooting your servers to live patching your Linux kernel, you have some decisions to make. There are a few different providers of live patching. Which is best for your server fleet?

One strong option is KSplice. KSplice offered the first commercially-available implementation of rebootless kernel updating. The brainchild of a group of MIT students, the company was acquired by Oracle in 2011. KSplice has a lot in common with KernelCare. At its core, it is an extension of the Linux kernel that allows patches to be applied “hot” to a running kernel, without the need to reboot any servers – reducing downtime, and increasing security compliance.

The 2011 Oracle acquisition is at the root of the big difference between KernelCare and KSplice. When Oracle acquired KSplice, they decided that it would only be available on Oracle Linux and RedHat Enterprise Linux distributions, and that the deployment would need a license from Oracle.

Oracle offers a brilliant suite of products and platforms, and many users don’t require anything beyond Oracle Linux and RedHat Enterprise Linux distributions. If this is you, then KSplice is a strong option. KSplice is easy to deploy, with a single install script for the lifetime of a server, and it works very well.

If you have a more varied distribution approach, though, then KernelCare might the better option. KernelCare is distribution-agnostic. It supports Oracle Linux kernels, as well as Red Hat Enterprise Linux (RHEL), CentOS, Debian, Ubuntu, and others. And it doesn’t require an Oracle support license. KernelCare security-patches kernels on all platforms, without being bound to any distribution.

And we do this with a novel approach to writing patches. Stack patching – where each new patch is layered on top of the last one – has been known to slowly degrade performance and stability over time. At KernelCare, we avoid this trap by creating a new atomic patch binary every single time.

What’s more, KernelCare offers a more flexible pricing structure. We don’t lock customers into long contracts, and we’re happy to let people trial KernelCare before they make a call.

 

Live kernel patching independent of the distribution

If you’re faithful to Oracle, then KSplice is probably all you need. But if you need live kernel patching independent of the distribution, you might consider a switch. We’ve made it very easy to complete the move.

First, get a trial license key from https://kernelcare.com/free-trial

Next you simply download and run this script:

$ wget https://downloads.kernelcare.com/ksplice2kcare 

Then you run this command:

$ bash ksplice2kcare _YOUR_KERNELCARE_KEY_

If you are using IP based licenses, you run:

$ bash ksplice2kcare IP

(The script will check for two letters “IP”, and assume IP-based license in this case.)

And you’re all done! Distribution-agnostic live kernel patching is yours. (The completed log file can be found at /var/log/ksplice2kcare.com.)

Get a FREE 7-Day Supported Trial of KernelCare 

TuxCare can help you reduce your risk window to data exfiltration and other cyber security threats.

TALK TO A CYBERSECURITY EXPERT

Expert knowledge of Linux security tips,
live patching education, and Cybersecurity news.

Stay updated with the latest news and announcements from TuxCare.com

Related Articles

The Bugs Behind the Vulnerabilities...

We continue to look at the code issues that cause...

November 14, 2022

Cybersecurity insurance and fine print:...

Catastrophic risks such as natural disasters and indeed cyberattacks require...

June 29, 2022

IT Automation With Live...

In a symphony orchestra, instruments harmonize to create one pleasing...

June 20, 2022

KernelCare ePortal updated – version...

We are pleased to announce that a new updated ePortal version...

June 16, 2022

KernelCare agent update – version...

We are pleased to announce that a new updated KernelCare agent...

June 2, 2022

KernelCare ePortal updated – version...

We are pleased to announce that a new updated ePortal version...

May 26, 2022

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching