Update linux kernel9/24/2023 ![]() Many leading Linux vendors offer a tool to achieve rebootless kernel updates. By using live patching methods, it is possible to keep a server safe from threats for years without ever rebooting the server. When you consider the really urgent stuff, then updates for security vulnerabilities and bug fixes are really all you need. However, rebootless updates are like a magic bullet for fixing vulnerabilities. Rebootless updates, also known as live kernel patching, are not a replacement for full kernel upgrades because they only apply patches for security vulnerabilities or critical bug fixes. If you’re running an ‘always-on’ or ‘high-availability’ system, you’ll be familiar with this dilemma.Ī rebootless kernel update means that you can ‘have your cake and eat it (too)’. At the same time, the processes that need to stop when you reboot are equally critical. There are times when security patching is super critical and you just must get it done. There is a way to update the Linux kernel without rebooting. More finger work (and higher potential for error unless you script it well). Using this command can cause data loss or corruption. WARNING: Using the above command is like power-cycling your server without giving the reboot command time to properly kill your processes, synchronize your file caches and unmount your file systems. You can use the next command if you have no patience whatsoever (but see the warning below before you do so): sudo kexec -e Now boot into your chosen kernel version: sudo kexec -l /boot/vmlinuz-3.10.0-862.3.2.el7.x86_64 -initrd=/boot/initramfs-3.10.0-862.3.2.el7.x86_64.img -reuse-cmdline sudo sync sudo umount -a sudo kexec -e The output should be something like this. List the kernels and then choose the kernel you want to use: sudo yum update kernel You’ll see a configuration window that looks a bit like this: To use it, you first need to install kexec-tools. This Linux kernel system call lets you boot straight into a new kernel, skipping the boot loader and hardware initialization phases, and significantly shortening your reboot time. You can make the rebooting step quicker by using kexec. This is one reason why many system administrators defer patch installation, avoiding downtime but compromising system security. How long do your servers take to bounce back? Will customers and other stakeholders notice? Even if there’s a low risk that they would notice, you still need to notify them before installing that kernel patch. You then need to wait for your Linux server to boot up again and recover its previous state. Like anyone in the middle of a purchase on your website, for example. You must kick off your users, save your files, and close down processes – at the risk of making a lot of people very unhappy. But there’s a catch: the kernel patch won’t take effect until you reboot. For any RPM-based distribution, including CentOS and Red Hat Enterprise Linux (RHEL), use this:. ![]() Sudo apt-get upgrade linux-image-generic sudo reboot
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |