How to avoid restarting the server with Ubuntu Livepatch

If you administer your own server (s), sooner or later you will encounter this problem. You must restart the operating system, but the machine that is providing an important service cannot be interrupted.

How to avoid restarting the server with Ubuntu Livepatch

If you administer your own server (s), sooner or later you will encounter this problem. You must restart the operating system, but the machine that is providing an important service cannot be interrupted.

But why restart the server? Everything seems to work well after the apt-get upgrade command. However, the truth is not always the same. Although the system continues to run after each upgrade and is not required to restart like Windows, you may still need to do this.

For example, when a vulnerability in the kernel of the kernel is detected, it will be patched and pushed to your server as a new package. After you install the patched kernel, some files are written to the drive, but it is still the old kernel, because it is the file that is loaded into memory (RAM).

This means that your server is still vulnerable to previously discovered security vulnerabilities. Other processes, daemons, and services can be reloaded without restarting the operating system. However, the kernel is at the center of the system and can only be reloaded at the next boot.

Ubuntu Livepatch solves this by allowing you to close kernel security holes without rebooting. This way, you can avoid or delay rebooting for weeks or months without compromising security.

The core idea behind the Live Patching feature is simple: When a function is vulnerable to 'write', rewrite it, remove the vulnerability and load the new function somewhere into memory. When the function is called, instead of running the code in the kernel, redirect it to use the rewritten code.

How to avoid restarting the server with Ubuntu Livepatch Picture 1

But, as with most things, implementation and technical details are not so simple.

How to set up Livepatch on Ubuntu

Go to this page and create an Ubuntu One account (or just log in if you already have an account). Check your email and click the account confirmation link later. Next, visit the Canonical Livepatch Service page. Select the option that indicates you are 'Ubuntu user' and click the button to create a token. The next page will show you the exact commands you must enter on your server. After the first command, enter:

 sudo snap install canonical-livepatch

Wait a few seconds until the snap package is fully installed. When you're done, you'll get a result similar to what is shown in the following image.

How to avoid restarting the server with Ubuntu Livepatch Picture 2

Finally, with the following command from the Canonical page sudo canonical-livepatch enable #PASTE_YOUR_TOKEN_HERE , the service will work and automatically apply security patches to the kernel, whenever necessary, with no input required from the side. user.

Install the daemon snap if necessary

In rare cases, the first command in the previous section may not succeed, with the following error message: -bash: /usr/bin/snap: No such file or directory . In this case, that means your server provider has an Ubuntu operating system image that does not include the daemon service snap by default. Install it with the command:

 sudo apt update && sudo apt install snapd

Now run the two commands from the previous section again.

Keep your server up to date

Livepatch will apply all necessary security updates to your kernel. However, you should still upgrade the rest of the system regularly with a command like:

 sudo apt update && sudo apt upgrade

You should do this weekly, or even more often, if you can. Important system packages may prompt you that they need to be rebooted to apply the latest security fixes.

How to avoid restarting the server with Ubuntu Livepatch Picture 3

These restart operations do not break any service in the process. For example, in this case, the SSH daemon was restarted without interrupting the active SSH session.

In other situations, you can restart the service yourself to make sure that the new, patched code is reloaded and the security fixes are applied. For example, if you notice the nginx package has been upgraded, you can run: systemctl restart nginx.service to reload the nginx daemon into memory.

On the other hand, although a package is upgraded, it can still run with old, problem-prone code, which puts your server at risk. Some package upgrades do this for you, but some other upgrades do not. That's why paying attention to what 'apt upgrade' does and restarting some services, if necessary, is a good habit. You can also look at the log to see if this has been done automatically.

As you can see, Canonical makes it easy to avoid rebooting on the server. Regarding the kernel part, there is a part without maintenance. The only thing you can do is run the command: canonical-livepatch status to check everything.

Hope you are succesful.

What is the difference between Ubuntu Desktop and Ubuntu Server?
ubuntu is divided into ubuntu cloud, ubuntu core, ubuntu kylin, ubuntu desktop and ubuntu server. in this article, we will explore all the similarities and differences between ubuntu server and ubuntu desktop.
Ubuntu Server Upgrade Steps
ubuntu also constantly updates itself with newer versions. if you're using the desktop, you'll be prompted when an update is available and receive instructions on the process. however, on the server, you may not have this privilege. so updating ubuntu server will involve running a few command lines.
How to install FTP Server on Ubuntu
whether you want to run an ubuntu server or simply want to remotely copy files, setting up an ubuntu ftp server is simple.
How to Install Ubuntu Server
this wikihow teaches you how to install ubuntu server on a windows computer. ubuntu server is a free, linux-based server operating system that you can use to host your web services. open the ubuntu server download page. go to...
How to configure DNS Server on Ubuntu Server 11.04
dns server is a server with domain name resolution function. in this article, we will detail the steps to install and configure dns server on linux with ubuntu server version 11.04.
How to Set Up an FTP Server on Ubuntu Linux
today's tipsmake will guide you how to set up and connect to an ftp server on a computer running the ubuntu linux operating system. ftp servers are useful for storing data from your computer and allowing others to browse those files. to establish a connection from a computer, you need an ftp server. you also need to update to the latest version of ubuntu.
How to install desktop/GUI environment in Ubuntu Server
if you are just installing ubuntu server for the first time, you may want a familiar user interface, similar to ubuntu desktop, for example.
How to set DNS nameserver in Ubuntu Server 18.04
for years, whenever you need to configure a dns nameserver in linux, users will find /etc/resolv.conf. some simple settings will help your computer reach out to the outside world:
Instructions for installing Ubuntu Web Server on remote host
in the following article, we will show you how to install and configure ubuntu web server system on remote host. to do this, you need to prepare several factors as follows ...
What's New in Ubuntu 21.10?
version 21.10 is the latest release of ubuntu and although canonical is turning more attention to the cloud and developers, ubuntu 'impish indri' still comes with some notable changes for those users use the ubuntu desktop every day.
How to Set up an FTP Server in Ubuntu Linux
this wikihow article will show you how to set up and connect to an ftp server from your ubuntu linux computer. ftp servers are useful for storing files from your computer and allowing others to browse them. in order to set up an ftp server...
Is CentOS or Ubuntu the best web hosting server operating system?
with so many available linux distributions, choosing a suitable distro for your home computer is not easy. choosing a linux distribution for the server is even more difficult.