CloudLinux Tuxcare Services Help Improve Security Patching
CloudLinux announced as part of its TuxCare security services that it is making available free open source software, UChecker, that scans Linux servers for vulnerable libraries that are outdated and being used by other applications. This provides detailed actionable information regarding which application is using which vulnerable library and needs to be updated, which helps improve the security awareness patching process.
Recommended ITech News: 1 In 3 Employees Has Picked Up Bad Cybersecurity Habits Since Working Remotely, Reveals News Data
“Also, some patches require reconfigurations and reboots of servers that are difficult to take offline for very long. Time is critical because hackers look to exploit vulnerabilities so it’s always a race for IT teams to apply security patches.”
“Patch management is a challenging area of security and IT operations because so many different systems require patching plus they have to be tested before being deployed,” said Jim Jackson, president and chief revenue officer, CloudLinux. “Also, some patches require reconfigurations and reboots of servers that are difficult to take offline for very long. Time is critical because hackers look to exploit vulnerabilities so it’s always a race for IT teams to apply security patches.”
UChecker detects and reports those shared libraries that are not-up-to-date both on disk and in memory – unlike other scanners that fail to spot in-memory outdated versions. Also, UChecker (short for “username checker”) can be integrated with tools like Nagios or other monitoring and management tools to alert of systems running outdated libraries.
Recommended ITech News: Dataiku Announces Fully Managed, Online Analytics Offering
After running UChecker there are two options to updating libraries.
The traditional approach to updating libraries can be used, which involves rebooting the server or restarting all the processes if there is no way to identify which processes are still using the outdated libraries, so there will be some disruption of service along with downtime.
However, with the live patching capability of the TuxCare LibraryCare service it is possible to apply security patches to OpenSSL and glibc libraries without having to reboot the server. That reduces service disruptions, along with vulnerability windows since the patches to libraries do not take effect until the server is rebooted and with live patching that effect is negated.
TuxCare services are the umbrella offering of the CloudLinux family of enterprise support services which include live patching for critical components in the Linux stack, from the kernel all the way to widely-used shared libraries. This eliminates the need for lengthy and costly service disruptions while servers or services are restarted to install the latest security patches, and no longer requires a disruptive maintenance window.
Also, with TuxCare Linux Support Services, regular patches and updates are delivered for all components of enterprise Linux systems, as well as 24/7 incident support – even when systems are past their End-of-Life (EOL).
Recommended ITech News: HQS And CQC Will Combine To Form World’s Largest, Most Advanced Quantum Business
