KernelCare agent updated - version 2.30-1 is available

Jun 1, 2020 3:35:45 PM / by Inessa Atmachian posted in KernelCare, KernelCare agent, Developer Blog

0 Comments

 

Read More

KernelCare agent updated - version 2.27-1 is available

Apr 30, 2020 1:47:46 PM / by Inessa Atmachian posted in KernelCare, KernelCare agent, Developer Blog

0 Comments

Read More

KernelCare agent updated - version 2.24-1 is available

Mar 10, 2020 5:08:05 PM / by Inessa Atmachian posted in KernelCare, KernelCare agent, Developer Blog

0 Comments

Read More

Developer Tutorial: Live patching Debian 10 Linux kernel with Kpatch

Feb 18, 2020 2:28:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Live patching is a way of updating a Linux kernel without interruption.

Because kernel updates don’t take effect until the system is rebooted, Linux kernel live patching is most commonly used to patch severe Linux kernel vulnerabilities without rebooting servers.

Aside from improved service continuity and uptime, organizations with large server fleets also use live patching to avoid the administrative overhead associated with the coordination and planning needed to reboot multiple systems.

This tutorial will show how to use Kpatch to change the behavior of a running Debian 10 kernel without stopping it, changing the contents of /proc/uptime (and the uptime command) so that the system’s reported uptime is 10 years greater.

Read More

Linux Kernel CVE Data Analysis - Part 3 - Vulnerabilities by Version

Jan 30, 2020 5:49:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Introduction

In Part 2, I ran Mango queries on a CouchDB database full of CVEs, and had a good picture of how the number and severity of Linux kernel vulnerabilities varies from year to year. (Part 1 showed how to set up CouchDB and import CVE data into it on Ubuntu 18.04.)

In this part, Part 3, I develop that core Mango query to look at how the number of Linux kernel vulnerabilities varies by kernel version.

Read More

Linux Kernel CVE Data Analysis - Part 2 - Vulnerabilities by Year

Jan 30, 2020 5:48:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Introduction

In Part 1, I installed CouchDB, loaded CVE data into it, and ran a simple Mango query that listed the Linux kernel vulnerabilities for a chosen date range for all severities and all kernel versions.

Here, in Part 2, I will extend and refine that query to see results by severity and kernel version. But rather than run queries repeatedly, I will use the power of the command line to semi-automate the process, and Gnuplot will chart the results.

Read More

Linux Kernel CVE Data Analysis - Part 1 - Importing into CouchDB

Jan 30, 2020 5:47:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Which is the best Linux kernel?

Linux kernel developers tell us that the ‘best’ Linux kernel to use is the one that comes with whatever distribution we’re using. Or the latest stable version. Or the most recent long-term support (LTS) version. Or whatever one we want, so long as it’s maintained.

Choice is great, but I’d rather have a single answer; I just want the best. The trouble is, for some people, best means fastest. For others, the best is the one with the latest features, or a specific feature. For me, the best Linux kernel is the safest one.

Read More

    cover for blog

    Download Whitepaper

    Subscribe to Email Updates

    Recent Posts