CloudLinux is a great Linux security solution provider with awesome products and services. For enterprise level, CloudLinux is a highly dependable and reputed firm. KernelCare, their genius Linux kernel patching service allows installing kernel patches without rebooting the system. This system allows installing the Meltdown and Spectre patches without the system reboot.
The Meltdown and Spectre are the biggest security flaws till date. The core of the operating systems and flawed working method of modern CPUs allowed these bugs to be present for decades. They remained hidden until the end of 2017 when security researchers discovered them. The news shook the security platform, of course.
The very important thing is, Linux was the most vulnerable one of all. As Linux runs on the top level computers like servers, supercomputers etc. it’s important to keep them running for more productivity. However, when installing kernel patches, every device generally need to reboot to complete the action. With the help of KernelCare, it can complete without any reboot.
The kernel patch
Kernel patches can easily mitigate the vulnerability of a system to Meltdown and Spectre. The Meltdown can be disabled via the kernel, but Spectre is a difficult one. Yet, kernel patches will make them harder to exploit for hackers, a temporary solution. When installing them, the device must reboot to complete the process. Sure, it’s not big of an issue for general users like us. But when it’s a server or supercomputer we’re talking about huge business – any slight disturbance might cause unexpected situations.
That’s where KernelCare comes in handy. According to CloudLinux, KernelCare is now capable of applying the Meltdown and Spectre patches for RHEL 7, CentOS 7 & 7+, Promox Virtual Environment 3.10 and CloudLinxu 7 series OS.
For using the service of KernelCare, the subscription charge is $2.25 per server per month. If you have any doubt about the product, you can also take a trial for 30 days. Moreover, CloudLinux also promises to bring support for more GNU/Linux distributions very soon. The list includes Ubuntu, Debian, CloudLinux 6, RHEL 6, Virtuozzo 6 series and CentOS 6. However, a fact CloudLinux covered is Xen PV – they won’t support it. Xen PV is widely used by enterprises and cloud providers.
Ubuntu LTS series seeming comes up with a similar service like KernelCare, but that patching service (Canonical Livepatch Service) isn’t able of live patching the Meltdown and Spectre vulnerabilities. So, until the Canonical Livepatch Service comes up with the Meltdown and Spectre patches, you can go with KernelCare for your business. Take a look at KernelCare.
If you’re not interested in KernelCare, you can also use tools that will identify any attempt of exploiting Meltdown. The tool will cover Spectre in the future. The tool is available for Linux. Check out the Linux tool.