No downtime or non-compliant? That is the question for companies that do not use automated patch services. There is no middle ground when it comes to the security of your clients and the well-being of your business. Especially now, when live patching is available not only for Linux kernels but also for Glibc and OpenSSL. KernelCare+ patches shared Glibc and OpenSSL libraries without service restarts or server reboots — and it has already been tested!
How did the Beta go?
The Beta-testing took four months, during which the KernelCare+ team worked closely with testers to address their issues and make the product even more versatile. The live patching has been successfully automated for numerous customers, including those who required ePortal servers or patching of libraries loaded into memory. During the beta testing, KernelCare+ has been repeatedly updated to fit users’ demands. For example, it quickly detects brand new libraries that do not require patching yet and adds them to regular check-mode.
The installation process of KernelCare+ is easy, plus you can set it up on multiple servers at a time. If you are using an IP-based license, run the trial key and then a code to check if applied patches operate correctly. For key-based license users, a registration key code string will be provided. After that, the software will automatically check for new patches every four hours, saving you the time and trouble of checking manually.
Initially, newer OpenSSL versions like OpenSSL-1.0.2k-16.el7_6.1 were not detected, but we added fixes to identify and report the more recent libraries. Other libraries that were not initially identified include rare versions of 2014 of Glibc and OpenSSL libraries, which we added during Beta.
We also identified another Glibc CVE that allowed users to benefit from instant updates that do not require reboots.
The KernelCare+ Beta period has successfully been completed, so now you can purchase the production version to start live-patching Linux kernels, Glibc, and OpenSSL right away.
Watch this video to learn more about how it works:
What's included in the KernelCare+ Package?
The KernelCare+ Package includes:
- Linux kernel patching.
- Glibc patching.
- OpenSSL patching.
- Puppet, Ansible, Chef integrations, and deployment assistance.
- Nessus, Qualys, and Rapid7 integrations and reporting setup assistance.
- ePortal for enterprises that require a private patch server inside their secured environment.
How to purchase a license for KernelCare+
The CLN (CloudLinux Network) is where CloudLinux Inc. product licenses are managed. To purchase a license for KernelCare+ through CLN:
- Visit CloudLinux Network Page
- Create a new account if you do not have one yet or sign in to your existing account.
- Confirm your email if you just created the account.
- Go to the KernelCare tab and click the Buy Now Button.
- Choose how many server licenses you need.
- Select if you'd prefer to pay monthly or yearly.
- Proceed to the payment method.
You can also contact us for setup here.
The KernelCare+ system is here to help you eliminate vulnerabilities in your SSL libraries without having to reboot. Since rebooting your system can leave it vulnerable to attacks, this is another layer of protection for you. You can sign up for KernelCare+ today!