Applying Linux Kernel updates can be a problem, especially if you are working with an always-on or high-availability system, which should be operative all the time. But we also know that security experts are discovering new vulnerabilities and bugs in Kernel frequently and most of them are almost immediately patched shortly after.
But applying the patch may also require you to reboot the system which causes the system to go offline for a certain amount of time. Since patches are extremely critical for the system’s safety, the best solution is to apply the automatic patches without rebooting the system with these methods:
5 solutions to patch Linux Kernel without a reboot
There are several methods allows you to apply kernel security patches without rebooting. Rebootless Linux kernel updates are also called as Linux kernel live patching or live update. Rebootless Kernel updates are not a replacement for full kernel upgrades but it allows you to patch critical security vulnerabilities and bug fixes. With these methods, you can keep your servers safe and running without outage for years.
Several Linux vendors offer rebootless kernel updates. Your solution mostly depends on the distribution you are running. Here are the 5 solutions to update Linux kernel without reboot:
KernelCare, developed by CloudLinux, was launched in 2014. KernelCare covers most of the popular distributions, including CentOS, RHEL, Oracle Linux, Debian, Ubuntu, and others. KernelCare also supports the older 2.6.32 kernels from RHEL 6. KernelCare is an “install and forget” solution with easy installation. After the installation, it downloads and applies the kernel patches automatically without rebooting.
KernelCare’s ability to handle more complex patches for vulnerabilities such as Zombiload, Meltdown and Spectre, and Mutagen Astronomy makes it better than its competitors. It also offers custom and fixed-date patching to meed the specific needs. CloudLinux also offers support for KernelCare with its experienced support team.
🙂 Pros: Easy install. No reboot required. Wide OS coverage (including one of the most popular Linux flavors, Ubuntu). Supports custom and fixed-date patching. Good support and industry know-how from CloudLinux.
😐 Cons: Commercial (but there is a free, 30-day trial). There is also a free KernelCare license for non-profit organizations.
- Click here to try KernelCare free for 30 days.
- Click here to get a free license for your non-profit organization.
How to install KernelCare ?
To install KernelCare use the following commands on the command line:
Step 1: Download and install KernelCare using wget or curl
wget -qq -O - https://kernelcare.com/installer | bash
curl -s -L https://kernelcare.com/installer | bash
Step 2: Register the key:
sudo /usr/bin/kcarectl -register <your key>
kcarectl –register <your key>
Step 3: To check if the running kernel is supported by KernelCare:
wget -qq -O – https://kernelcare.com/checker | python
curl -s -L https://kernelcare.com/checker | python