KernelCare - The importance

kernelcare Aug 27, 2017

More and more with all the features and services launched all over the world, customers need 100% guarantees of availability of their services, with a secured rebootless server. This is important!

For some customers, having their systems down because a new bug was detected o their systems is a pain in the head! They can't have their websites down for 1 second..what about a reboot that can take 10 minutes at max? They will avoid at all cost.

In most scenarios, when this customers have their servers compromised by these exploits and know that the only option is to migrate to a new server and that will take their websites down for more than 1 hour, they will understand the importance of have a secure rebootless server and will calculate the cost of having their websites unavailble.

How can we achieve that?

It's simple, you can use KernelCare.

There is any cost?

Yes! However, what is the cost to you and your customers to reboot the server everytime a exploit is detected and not have the bad luck that nothing wrong happens during the reboot?

kernelcare_vertical

What is KernelCare?

KernelCare is a package that can be installed on your system that allow "live" updates to Kernel without need of reboot (rebootless patch). As soon as the KernelCare is installed on your system, this will update your kernel and ensure that security patch's are applied without reboot, in a few seconds.

This work on my server?

Your system is present on the following list?

Distributions

  • CentOS 6.x, CentOS 7.x, CentOS 7 Plus, RHEL 6.x, RHEL 7.x
  • CloudLinux OS 6.x, CloudLinux OS 7.x
  • Debian 6.x, Debian 7.x, Debian 8.x
  • Xen4CentOS 6, Xen4CentOS 7
  • Proxmox 2.6, Proxmox 3.10, Proxmox 4.4
  • Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
  • Virtuozzo/OpenVZ 2.6.32

Virtualization

  • Xen, KVM, PSBM - host, vm
  • vmware, virtualbox – vm
  • Microsoft Hyper-V
  • OpenVZ, VZ, PCS, LXC - host only (single kernel, no need for patches inside containers

Yes? So it will work!

How can I have KernelCare on my server?

The best way to achieve that is to contact a official partner, for example, WebHS.

I've bought the license, what about now?

Hell yeah!! Let's install it!

curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash
/usr/bin/kcarectl --info

The system will check for updates every 4 hours, however, you can force with the following command:

/usr/bin/kcarectl --update

I've cPanel installed and the system shows that need to reboot

No worries. You need to ensure that you have the latest version of Kernel installed:

rpm -q kernel --last
kcarectl --uname

If the latest version of Kernel is present on both commands, the KernelCare is correctly applied and it's a cache file.

cat /var/run/system_needs_reboot.cache

If this file show a old kernel with "needs_reboot":1, let's remove it.

rm /var/run/system_needs_reboot.cache

Hope you enjoy!