You may be aware that after kernel upgrade and kernel security patching you need to reboot Linux box. Now, there is a new patch called - Ksplice. It provides rebootless Linux kernel security update. It is available under GPL 2 and has been tested on Linux kernel versions from 2.6.8 to the recently released 2.6.25 and on several Linux distributions including Debian, Ubuntu, Red Hat Enterprise Linux and Gentoo Linux.
Ksplice allows system administrators to apply security patches to the Linux kernel without having to reboot. Ksplice takes as input a source code change in unified diff format and the kernel source code to be patched, and it applies the patch to the corresponding running kernel. The running kernel does not need to have been prepared in advance in any way.
To be fully automatic, Ksplice's design is limited to patches that do not introduce semantic changes to data structures, but most Linux kernel security patches don't make these kinds of changes. An evaluation against Linux kernel security patches from May 2005 to December 2007 finds that Ksplice can automatically apply 84% of the 50 significant kernel vulnerabilities from this interval.
Ksplice has been implemented for Linux on the x86-32 and x86-64 architectures.
=> Ksplice: Rebootless Linux kernel security updates (via zdnet)
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- My 10 UNIX Command Line Mistakes
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
Facebook it - Tweet it - Print it -
We're here to help you make the most of sysadmin work. So, subscribe!
