If you are a system administrator in charge of maintaining critical systems in enterprise environments, we are sure you know two important things:
1)Finding a downtime window to install security patches in order to handle kernel or operating system vulnerabilities can be difficult. If the company or business you work for does not have security policies in place, operations management may end up favoring uptime over the need to solve vulnerabilities. Additionally, internal bureaucracy can cause delays in granting approvals for a downtime. Been there myself.
2)Sometimes you can’t really afford a downtime, and should be prepared to mitigate any potential exposures to malicious attacks some other way.
The good news is thatCanonicalhas recently released (actually, a couple of days ago) itsLivepatchservice to apply critical kernel patches toUbuntu 16.04(64-bit edition /4.4.xkernel) without the need for a later reboot. Yes, you read that right: with Livepatch, you don’t need to restart yourUbuntu 16.04server in order for the security patches to take effect.
### Signing up for Ubuntu Livepatch
In order to useCanonical Livepatch Service, you need to sign up at[https://auth.livepatch.canonical.com/][1]and indicate if you are a regular Ubuntu user or an Advantage subscriber (paid option). All Ubuntu users can link up to 3 different machines to Livepatch through the use of a token:
In the next step you will be prompted to enter yourUbuntu Onecredentials or sign up for a new account. If you choose the latter, you will need to confirm your email address in order to finish your registration:
[
][3]
Ubuntu One Confirmation Mail
Once you click on the link above to confirm your email address, you’ll be ready to go back to[https://auth.livepatch.canonical.com/][4]and get your Livepatch token.
### Getting and Using your Livepatch Token
To begin, copy the unique token assigned to your Ubuntu One account:
will enable it for your system. If this last command indicates it can’t find canonical-livepatch, make sure`/snap/bin`has been added to your path. A workaround consists of changing your working directory to`/snap/bin`and do.
][6]
Install Livepatch in Ubuntu
Overtime, you’ll want to check the description and the status of patches applied to your kernel. Fortunately, this is as easy as doing.
```
$ sudo ./canonical-livepatch status --verbose
```
as you can see in the following image:
[
][7]
Check Livepatch Status in Ubuntu
Having enabledLivepatchon your Ubuntu server, you will be able to reduce planned and unplanned downtimes at a minimum while keeping your system secure. Hopefully Canonical’s initiative will award you a pat on the back by management – or better yet, a raise.
Feel free to let us know if you have any questions about this article. Just drop us a note using the comment form below and we will get back to you as soon as possible.
