Rebooting your servers hurts your customers and hurts you. It is often done deep in the night to minimize the impact on peak-time services. It forces downtime on you and your business. A server reboot can take 15 minutes or more to complete. It can take even longer for performance to stabilize and for you to confirm all services are running. Rebooting is not something you want to do often. But a reboot is the only way to apply patches for kernel security vulnerabilities.
Now there is KernelCare. It is a nifty solution for automatically updating Linux kernels without rebooting servers.
We’re prepared at a moment’s notice - as soon as a vulnerability affecting supported kernels is announced, we deliver a patch immediately. A patch is a code that patches insecure kernel code with a secure, but functionally equivalent replacement. Patch application is done with a special KernelCare kernel module, which loads the update, sets relocations, and safely switches the execution path from original to updated code blocks - and we do it quickly, too. With an instantaneous update process of applying patches, there is no downtime or service interruption for you. Everything operates just as it did before, but with all traces of vulnerabilities gone.
KernelCare is a live patching system that patches Linux kernel vulnerabilities automatically, with no reboots. It's used on over 300,000 servers, and has been used to patch servers running for 6+ years. It works with all major Linux distributions, such as RHEL, CentOS, Amazon Linux, and Ubuntu. It also interoperates with common vulnerability scanners such as Nessus, Tenable, Rapid7, and Qualys. To talk with a consultant about how KernelCare might meet your enterprise’s specific needs, contact us directly at firstname.lastname@example.org.