Developer Blog Archives - TuxCare

Live Patching In the DevOps Workflow

DevOps is a combination of software development and IT operations that aims to improve and evolve products at a faster than normal pace in order to help organizations compete more effectively and better serve their customers.

Continue reading “Live Patching In the DevOps Workflow”

Developer Tutorial: Live Patching Oracle Enterprise Linux 7 with Kpatch

Developer Tutorial-min

Live patching allows you to update Linux kernel without rebooting your system. This approach is definitely a perfect solution for huge enterprises with interruption-sensitive services when pauses can cause toxic effects to the whole business. But kernel update is a must in today’s world full of vulnerabilities, security issues and gaps. Only a forehanded kernel update can guarantee trouble-free smooth operation of your business.

You might have already read our live kernel patching tutorials: Live patching Debian 10 Linux kernel with Kpatch and Live patching Ubuntu 20.04 LTS Focal Fossa Linux kernel with Kpatch. And if not, consider them as useful materials to share with your colleagues and friends.

In this tutorial, I’ll show you how to patch Oracle Enterprise Linux 7 – UEK4 Linux kernel using Kpatch without rebooting it.

Continue reading “Developer Tutorial: Live Patching Oracle Enterprise Linux 7 with Kpatch”

Stack unwinding in AArch64 processors: what is it and how it works

Stack unwinding in AArch64 processors_

For the past nine months, KernelCare’s Linux kernel live patching software has supported ARMv8 (AArch64) in addition to x86_64 (Intel IA32/AMD AMD64). To get KernelCare running on Arm, we needed a stack frame unwinder.

This article explains what they are, what they’re used for, and why we had to write our own.

Continue reading “Stack unwinding in AArch64 processors: what is it and how it works”

Developer Tutorial: Live patching Ubuntu 20.04 LTS Focal Fossa Linux kernel with Kpatch

Linux Kernel Live Patching on Ubuntu 20.04 LTS Focal Fossa copy

Live patching is a way of updating a Linux kernel without interruption. Because kernel updates don’t take effect until the system is rebooted, Linux kernel live patching is most commonly used to patch severe Linux kernel vulnerabilities without rebooting servers.

Aside from improved service continuity and uptime, organizations with large server fleets also use live patching to avoid the administrative overhead associated with the coordination and planning needed to reboot multiple systems.

This tutorial will show how to use Kpatch to change the behavior of a running Ubuntu 20.04 LTS Focal Fossa kernel without stopping it, changing the contents of /proc/uptime (and the uptime command) so that the system’s reported uptime is 10 years greater.

Continue reading “Developer Tutorial: Live patching Ubuntu 20.04 LTS Focal Fossa Linux kernel with Kpatch”

Developer Tutorial: Live patching Debian 10 Linux kernel with Kpatch

Debian10.2

Live patching is a way of updating a Linux kernel without interruption.

Because kernel updates don’t take effect until the system is rebooted, Linux kernel live patching is most commonly used to patch severe Linux kernel vulnerabilities without rebooting servers.

Aside from improved service continuity and uptime, organizations with large server fleets also use live patching to avoid the administrative overhead associated with the coordination and planning needed to reboot multiple systems.

This tutorial will show how to use Kpatch to change the behavior of a running Debian 10 kernel without stopping it, changing the contents of /proc/uptime (and the uptime command) so that the system’s reported uptime is 10 years greater.

Continue reading “Developer Tutorial: Live patching Debian 10 Linux kernel with Kpatch”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching