The beta version of KernelCare+ is now available for download for Red Hat Enterprise Linux 7, CloudLinux OS 7, and CentOS 7. More distributions will be added in June 2020.
KernelCare extends live patching beyond the Linux kernel with KernelCare+. This new version of KernelCare adds detection and live patching for glibc and OpenSSL vulnerabilities.
KernelCare+ was created to ensure that critical glibc APIs and OpenSSL libraries stay patched, as well as the Linux kernel, and it’s now available for evaluation in beta.
Meeting Customer Needs
Recently our customers began telling us that they need help in patching libraries outside the Linux kernel. They told us that they liked the way their kernels were protected by KernelCare, and that they wanted similar services to update glibc and OpenSSL. That’s because patching these libraries was, for them, a complicated and expensive process.
Updating glibc and OpenSSL, they told us, usually required server reboots and service restarts. These server/service interruptions involved downtime for hosting customers, as well as late nights for the support staffers applying the updates during off-peak hours.
Also, they found it difficult to determine which services needed to be restarted. Many of the applications run on their servers employed shared glibc and OpenSSL libraries, which were loaded into memory. Even if the libraries were updated on disk, the old files persisted in memory where their unpatched vulnerabilities could be exploited by attackers.
To make the process of patching glibc and OpenSSL simple and efficient, our customers turned to us. In response, we created KernelCare+, which includes glibc and OpenSSL live patching. Just as KernelCare automates Linux kernel patching, KernelCare+ automates the process of detecting vulnerabilities and patching these libraries, ensuring continual, automatic security updates.
Providing Enhanced Support
Not only does KernelCare+ automate the patching of the kernel, glibc, and OpenSSL, it also includes enhanced support:
- KernelCare+ subscribers receive integration and deployment assistance with the configuration management tools Puppet, Ansible, and Chef.
- They also get integration, reporting, and setup assistance with the vulnerability scanners Nessus, Qualys, and Rapid 7.
In addition, KernelCare+ subscribers who require a dedicated patch server inside a secure firewalled environment receive help in setting up our ePortal to administer it.
Simple, Inexpensive Pricing
KernelCare+ has a simple, inexpensive two-tier licensing arrangement. Customers with 1-500 servers pay $5.95 per server per month, while pricing for 500+ servers is $3.95 per server/month.
The standard KernelCare subscription remains unchanged. Upgrading to KernelCare+ is optional for current KernelCare subscribers.
Sign up for the Beta
The beta version of KernelCare+ is now available for download, first - for Red Hat Enterprise Linux 7, CloudLinux OS 7, and CentOS 7, with the rest of the popular distributions added in June 2020. If you’d like to evaluate it just Register for KernelCare Plus Beta and we’ll provide you with instructions on how to download it.
Once you’re using KernelCare+, we’d like to hear from you. Please give us feedback on this beta release, or share your ideas and feature requests, by contacting us at firstname.lastname@example.org.
Previously, the project was announced as an open-source LibCare on Github.