KernelCare, the first and exclusive live patching service for Amazon Linux 1 & 2, is now available for purchase on Amazon Web Services (AWS) Marketplace.
Download, deploy and configure KernelCare on-site and in the off-cloud image as well as in the enterprise platform for AWS EC2 cloud instances.
To help secure your environment, KernelCare automatically installs Linux kernel updates to live (or staging) servers without performance impact or downtime and from now on, you can purchase KernelCare from AWS Marketplace.
Although virtual instances are not made of iron, they still have Linux kernels that are in need of constant patching against vulnerabilities. A recent vulnerability that affected Amazon Linux kernels is CVE–2019–8912. This is a use-after-free vulnerability affecting kernels running on Amazon Linux 2, among others. MITRE created an entry for the vulnerability on February 18, 2019. NVD published it on February 20. By Friday, February 22, KernelCare patches were out, protecting all of our customers’ Amazon Linux 2 installs from this vulnerability. (The details are in this blog post)
Installing kernel updates mean rebooting your EC2 instance. It’s OK if you have got a handful of them; you just install the update and reboot to apply it. For a few dozen or more servers, doing this is a nightmare. Security patches are, by definition, urgent.
KernelCare is ‘install and forget’ software. The agent (a small kernel module that runs on every system) handles the installation of the patch quickly, and no processes are killed. KernelCare takes minutes to install, nanoseconds to update, does it without reboots, and provides patch roll-back capability.