What Is KernelCare?

Dan Pock | Category: Featured Articles, Other, Tutorials
Tagged with: kernel • KernelCare • linux • security • server

Tux the Penguin with Hotpatching (KernelCare) The concept of ‘Kernel hotpatching’, sometimes called live patching, was introduced to the Linux community around 2008. Soon after groups began developing differing implementations of the concept. KernelCare, one of the more popular implementations, was originally released in March 2014 by Cloud Linux, Inc.

So, what does hot patching do? (Or: Why do I want KernelCare?)

The basic concept of Linux kernel hot patching is pretty much the same not matter what it’s called. The goal is to only update the changes rather than the whole Kernel – which normally requires a reboot. It’s much harder than it sounds though since kernel updates come as complete packages and the system is running.

Imagine trying to do an oil change on your car while driving at highway speeds; that’s kernel hot patching in a nutshell.

With a KernelCare enabled kernel updates can be processed and then applied selectively to a running server. This can mean not needing to reboot for much longer than you would normally require to stay secure.

How do I check if I have KernelCare and is it working? (Or: Checking KernelCare version)

The best way to check if your server is running with KernelCare is to look for its main CLI tool. You can do this with the following linux command:

which kcarectl

If the CLI tool is found on the server you will see output like the following, or something very similar.

# which kcarectl
/usr/bin/kcarectl

If the CLI tool is not installed you will see the following:

# which kcarectl
#

When using the Linux `which` command you will get no results if the executable is not found. In this case that means KernelCare is likely not active or installed on the server.

Assuming the test above was successful, you’ll now want to check the status of KernelCare. This will help you determine if KernelCare is active and what the effective version is. You can do this with the following command:

/usr/bin/kcarectl --info

The results will look similar to the following:

[root@host ~]# /usr/bin/kcarectl –info
kpatch-state: patch is applied
kpatch-for: Linux version 3.10.0-327.36.3.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Mon Oct 24 16:09:20 UTC 2016
kpatch-build-time: Mon Nov 7 08:20:19 2016
kpatch-description: 2;3.10.0-327.36.3.el7.x86_64

As you can see the output provides various details about the KernelCare status. Looking at the kpatch-state we can see that hot patching is working and enabled.

Monitoring your server in WHM

Dan Pock | Category: Technical Support, Tutorials, WHM + cPanel
Tagged with: apache • cpanel • monitoring • server • services • whm

In this article we will briefly cover the basics of monitoring your server via WHM. By following this process you will learn how to find: service status, resource usage, and Apache stats.

With WHM open in your web browser, (a) type “status” into the search box. This should sort the list to only a few items.
Click “Service Status” from the list. This will open the service status page, here you can view the status of various services and server info.

If there is a problem the green checkmark icon will turn into a red ‘x’ icon.
Now, with the same search, click “Apache Status” from the list. This will show you the current state of Apache on the server.

By following this tutorial you should now know how to monitor your Server’s overall status and the status of various services. As always for our Liquid Web customers the dedicated Sonar Monitoring™ team is monitoring your server 24/7.

How To: Upgrade Apache and PHP using cPanel’s Easyapache

phawkins | Category: Technical Support
Tagged with: apache • command line • cpanel • screen • server • system • tools • tutorial • whm

If you run a cPanel server, and need to upgrade your Apache or PHP version, cPanel provides the Easyapache tool to make these updates a breeze. While it can be run from WHM, it is generally preferred to run it from the command line.

Continue reading “How To: Upgrade Apache and PHP using cPanel’s Easyapache” →

Restoring a Storm Server from an Image

phawkins | Category: Billing + Manage
Tagged with: account management • backups • manage • management • server • storm

Now that you have an image of a storm server, you can create new servers from that image. Here’s how to do just that:

Continue reading “Restoring a Storm Server from an Image” →

Creating Storm Server Images

phawkins | Category: Billing + Manage
Tagged with: account management • backups • server • storm • tutorial

We have written previously about regularly backing up Storm Servers, but that only covers automated image backups. With the Storm platform, it is possible to take image snapshots of your server whenever you wish.

Continue reading “Creating Storm Server Images” →

How to Create a Backup of a Liquid Web Storm Server

phawkins | Category: Billing + Manage, Technical Support
Tagged with: backup • backups • server • storm

While it is always important create a backup of your server’s data, some backup solutions can be costly and unwieldy. Creating a backup of a Storm server is neither of those things. Instead, it’s cost efficient and easy!
Continue reading “How to Create a Backup of a Liquid Web Storm Server” →

How To: Check PHP Modules With phpinfo

phawkins | Category: Technical Support
Tagged with: apache • command line • php • server • tools • tutorial

Say your PHP application is unable to load a needed PHP module. The first thing to check is to see if the PHP module is available to the application. The best way to do that is with what is called a “phpinfo” file.

Continue reading “How To: Check PHP Modules With phpinfo” →

How To: Automate Server Scripts With Cron

phawkins | Category: Technical Support
Tagged with: command line • cron • management • server

Servers can automatically perform tasks that you would otherwise have to perform yourself, such as running scripts. On Linux servers, the cron utility is the preferred way to automate the running of scripts.
Continue reading “How To: Automate Server Scripts With Cron” →

How To: Watch Server Logs in Real Time

phawkins | Category: Technical Support
Tagged with: apache • command line • exim • log files • logs • server

Servers do a fantastic job of writing down in log files what is happening right that moment. While going back and reading logs later to determine what happened in the past is helpful, it is also useful to watch logs in real time. Linux provides a command line tool that lets us do just that: tail.
Continue reading “How To: Watch Server Logs in Real Time” →

When Mod Security Attacks

phawkins | Category: Technical Support
Tagged with: apache • command line • modsec • security • server

One component of Liquid Web’s Server Secure service is an Apache module called Mod Security (often shortened to just “modsec”). Modsec monitors all incoming HTTP requests for malicious behavior, and does not complete requests that meet certain criteria. These criteria are spelled out in what are called “rules” or “rulesets”.

In an ideal world, only malicious requests would be caught in modsec’s trap. Unfortunately, there are some instances where legitimate requests are stopped as well. How do we determine that this is what happening, and what can we do about it?
Continue reading “When Mod Security Attacks” →

So, what does hot patching do? (Or: Why do I want KernelCare?)

How do I check if I have KernelCare and is it working? (Or: Checking KernelCare version)

Need Additional Help? We're Here.

Our Heroic Support team is available 24 hours per day.