Although Linux is less vulnerable than Windows, it also needs some tools for perfect security. CloudLinux, the creator of CloudLinux OS and sponsor of the open-source AlmaLinux OS, launched UChecker to improve Linux’s operational security as a part of its Tuxcare security services. The company is best-known for CloudLinux OS and AlmaLinux, a free 1:1 binary compatible fork of Red Hat Enterprise Linux 8.
Support for all modern Linux distros
Last month the company announced TuxCare, a unified offering of the company’s family of enterprise support services. TuxCare comes with KernelCare, extended lifecycle support, and current version Linux support together. Additionally, UChecker is part of the company’s TuxCare security services.
Jim Jackson, president and chief revenue officer of CloudLinux, said,
“Patch management is a challenging area of security and IT operations because so many different systems require patching, plus they have to be tested before being deployed. Also, some patches require reconfigurations and reboots of servers that are difficult to take offline for very long. Time is critical because hackers look to exploit vulnerabilities, so it’s always a race for IT teams to apply security patches.”
UChecker detects false negatives and reports shared libraries that are not up to date on disk and memory. This feature differentiates UChecker from its competitors. In addition, the new open-source tool can be integrated with Nagios or other monitoring and management tools to alert systems running outdated libraries. Finally, it works with all modern Linux server distributions under the GNU General Public License.
Updating libraries in two different ways
There are two options for updating libraries after running UChecker. The first way is related to the traditional approach of rebooting the server. The traditional method involves rebooting the server or restarting all the processes if there is no way to identify which processes are still using the outdated libraries. This can cause some disruption of service and downtime.
As a second way, the live patching capability of the TuxCare LibraryCare service can apply security patches to OpenSSL and Glibc libraries without having to reboot the server. That reduces service disruptions, and vulnerability windows since the patches to libraries do not take effect until the server is rebooted, and with live patching, that effect is negated.
TuxCare’s Live Patching Services can live patching for critical components in the Linux stack, from the kernel to widely used shared libraries like Glibc and OpenSSL.
How UChecker works?
How to use Uchecker?
To scan your systems, run the following command:
$ curl -s -L https://kernelcare.com/uchecker | sudo pythonYou will receive the following output:
[*] Process httpd[15516] linked to the `libc-2.17.so` that is not up to date.
You may want to update libraries above and restart corresponding processes.
KernelCare+ allows to resolve such issues with no process downtime. To find
out more, please, visit https://lp.kernelcare.com/kernelcare-early-access?