With Livepatch enabled on your Ubuntu server, you can keep your system secure while minimizing unplanned downtime.
-Register Ubuntu Livepatch account 22%
-Get and use Livepatch tokens 47%
If you are a system administrator maintaining critical systems in an enterprise environment, you must be familiar with the following two things:
\1) It is difficult to find a downtime to install security patches on the system to fix kernel or system vulnerabilities. If the company or enterprise you work for does not have a security policy in place, operations management may end up prioritizing keeping systems running rather than addressing system vulnerabilities. Additionally, internal bureaucracy can also delay approval downtime. That's how I was.
\2) Sometimes you really can't afford the losses caused by downtime, and you have to be prepared to use other methods to reduce the risks caused by malicious attacks.
The good news is that Canonical recently released the Livepatch service for Ubuntu 16.04 (64-bit version / 4.4.x kernel), which allows you to apply critical security patches to the kernel without restarting. Yes, you read that right: using Livepatch you can make security patches for Ubuntu 16.04 server systems take effect without rebooting.
Register Ubuntu Livepatch account
To run the Canonical Livepatch service, you must first register an account here https://auth.livepatch.canonical.com/, and indicate whether you are an ordinary user or an enterprise user (paid). By using a token, all Ubuntu users can connect up to 3 different computers to the Livepatch service:
Canonical Livepatch Service
Next you will be prompted to enter your Ubuntu One credentials, or you can register a new account. If you choose the latter, you will need to confirm your email address to complete registration:
Ubuntu One Confirmation Email
Once you confirm your email address by clicking the link above, you will be taken back to https://auth.livepatch.canonical.com/ and obtain your Livepatch token.
Obtain and use Livepatch tokens
First copy the unique token assigned to your account:
Canonical Livepatch Token
Then open the terminal and enter:
$ sudo snap install canonical-livepatch
The above command will install the livepatch program, and the following command will enable it for your system.
$ sudo canonical-livepatch enable [YOUR TOKEN HERE]
If the latter command prompt cannot find canonical-livepatch, check whether /snap/bin has been added to your path, or switch your working directory to /snap/bin for execution.
$ sudo ./canonical-livepatch enable [YOUR TOKEN HERE]
Install Livepatch in Ubuntu
Afterwards, you may want to check the description and status of the patch applied to the kernel. Fortunately, it's easy.
$ sudo ./canonical-livepatch status --verbose
As shown below:
Check patch installation
With Livepatch enabled on your Ubuntu server, you can keep your system secure while minimizing unplanned downtime. I hope that this move by Canonical will bring you convenience in management, and even further improve it.
If you have any questions about this article, please leave a message below and we will reply as soon as possible.
The above is the detailed content of Livepatch - Apply critical security patches to the Ubuntu Linux kernel without rebooting. For more information, please follow other related articles on the PHP Chinese website!