AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Debian live9/20/2023 To see the version of gcc installed: gcc –version.This can be overridden with the option –skip-gcc-check, although use of it is discouraged.) Version of gcc installed matches that used to build the original kernel (The kpatch-build command will fail if the versions don’t match.Use this command and expect to see two values set to y for CONFIG_HAVE_LIVEPATCH and CONFIG_LIVEPATCH : Your kernel has live patching built in.Your kernel has not been customized you are using the standard kernel supplied by Debian.20 Gb of free disk space (the Linux kernel source code takes up around 909 mb on disk, growing to 17 gb when compiled).A test (non-production) system running Debian Bullseye (11.6 was used for this demo) on an x86_64/amd64 architecture.Here are the system prerequisites for following this tutorial: I have chosen kpatch for this tutorial because its source code is freely available and regularly updated. At TuxCare, we offer KernelCare Enterprise – which is able to live patch RHEL as well as every other popular enterprise Linux distribution. Red Hat offers this commercial live patching service for RHEL customers. Kpatch was created by Red Hat and works on Red Hat Enterprise Linux (RHEL) and its derivatives. We will demonstrate how to use kpatch to change the behavior of a running Debian 10 kernel without stopping it, changing the contents of /proc/uptime (and the uptime command) so that the system’s reported uptime is 10 years greater. This tutorial is a practical demonstration of kpatch. There are a few live patching tools out there and users of the Debian operating system sometimes turn to kpatch to implement live patching – or to tweak the kernel. Live patching is often used to patch severe Linux kernel vulnerabilities without delay, because live patching doesn’t cause disruption and doesn’t require a maintenance window. Live patching is a method of updating a Linux kernel without restarting the kernel – and therefore without the need to reboot the machine.
0 Comments
Read More
Leave a Reply. |