If you're running a Linux operating system (like Ubuntu), it's a good idea to check and update the kernel regularly. We can use apt, yum or kexec to update the Linux kernel but when managing a lot of servers, it takes a lot of time.
We must reboot the system if the update manually. This makes you must wait so long. And it also has low security that hackers can attack the system at any time during the break. When you manage a lot of servers, automatic updating the kernel is a better option.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Linux kernel queries.
In this context, we shall look into how to update kernel automatically on Linux.
Canonical Livepatch is a running kernel patching service without rebooting the Ubuntu system. Livepatch is a free service and can use up to 3 Ubuntu systems.
Before installing the service, you must get a livepatch token from the https://auth.livepatch.canonical.com
Click to the Ubuntu user then click to the Get your Livepatch token.
Then go back to the link https://auth.livepatch.canonical.com and Get your Livepatch token.
Now, Run the below commands:
$ sudo snap install canonical-livepatch
$ sudo canonical-livepatch enable <your-key>
To check service information, execute the command:
$ sudo canonical-livepatch status --verbose
To unregister a machine, run the command:
$ sudo canonical-livepatch disable <your-key>
KernelCare is based on Ubuntu, CentOS, Debian, and other Linux distributions. If you are a hosting provider or business, you should use it.
Run the wget command to install KernelCare:
$ wget -qq -O - https://kernelcare.com/installer | bash
If you're using a key-based license, run the command:
$ /usr/bin/kcarectl --register <your-key>
You can get <your-key> from https://tuxcare.com/live-patching-services/kernelcare-enterprise/
To check if the running kernel is supported by KernelCare:
$ curl -s -L https://kernelcare.com/checker | python
To Unregister a server:
$ sudo kcarectl --unregister
To check service information:
$ sudo kcarectl --info
To update manually, run:
$ /usr/bin/kcarectl --update
This article covers the procedure on how to set up automatic kernel updates on Linux. In fact, Applying security updates to the Linux kernel is a simple process that can be done with tools like apt, yum, or kexec.
For organizations with more than a few servers, live patching is the best option. It is an automatic way to fix the Linux kernel while the server is running, making it more efficient and safer than manual methods.