Join the community today
Become a Member

KernalCare install

Discussion in 'Add Ons' started by Matt Williams, May 2, 2022.

  1. Matt Williams

    Matt Williams WordPress Fanatic Premium Member

    527
    102
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +155
    Local Time:
    6:07 AM
    latest
    10
    Anyone installed KernalCare on their CMM servers/vps? I'm curious to see if it is compatible and can be installed successfully without any issues.

     
  2. eva2000

    eva2000 Administrator Staff Member

    48,440
    11,102
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,281
    Local Time:
    8:07 PM
    Nginx 1.21.x
    MariaDB 10.x
    Alot of my paid clients have Kernel are with Centmin Mod and its fine but they're mainly using dedicated servers and not VPS servers.
     
  3. buik

    buik “The best traveler is one without a camera.”

    1,617
    457
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,410
    Local Time:
    12:07 PM
    I'm not a fan of KernalCare-like services.
    Why inject absolute 0-day code into the carefully tested Enterprise kernel for Red Hat?

    If it is a large number of servers you can also distrubute official kernels as Red Hat updates or other updates with Puppet or other similar solution.

    No need for tools like this to update 0day code every 4 hours.
    Without stress tests.
     
  4. cloud9

    cloud9 Premium Member Premium Member

    297
    84
    28
    Oct 6, 2015
    England
    Ratings:
    +143
    Local Time:
    11:07 AM
    1.21.5
    10.3.32
    Yes I have three CMM VPS's and all run Kernalcare - Used Kernalcare when I had a dedicated server under cPanel as well - never ever had any problems.
     
  5. buik

    buik “The best traveler is one without a camera.”

    1,617
    457
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,410
    Local Time:
    12:07 PM
    Oja if you want to use KernelCare anyway.
    You should upgrade the default 4 hour update time.
    That was the KernelCare update time when I had it tested.

    4 hours is very sharp.
    If a bug sneaks into the patches, you won't suffer from a kernel crash.
    The script kiddies don't get along very well for the first few hours.
    You often only see them after a few days.
     
  6. buik

    buik “The best traveler is one without a camera.”

    1,617
    457
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,410
    Local Time:
    12:07 PM
    Someone using LibraryCare, DataBaseCare from the same supplier as KernelCare?

    I have a suspicion that everyone who wants to is on KernelCare only. Because a new kernel without KernelCare is only effective after booting. This is not in full force and effect for Glibc, OpenSSL and MariaDB. Those are just live patches without a reboot.
     
  7. Matt Williams

    Matt Williams WordPress Fanatic Premium Member

    527
    102
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +155
    Local Time:
    6:07 AM
    latest
    10
  8. buik

    buik “The best traveler is one without a camera.”

    1,617
    457
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,410
    Local Time:
    12:07 PM
    As CMM uses its own compiled OpenSSL for components like Nginx.
    KernalCare+ patches the 'other' OpenSSL supplied by the distro.

    In other words. You still need to recompile CMM components with each new OpenSSL version. In addition, ePortal Patch Server is only interesting if you have many servers.

    But then again why KernelCare? With a dedicated server you will have to test hardware regularly and/or install firmwares because of security and/or related - bugs.

    Basic diagnostics you can test live but for the rest the server needs to reboot anyway.

    Finally, Enterprise Linux already provides a standard and free option to In-memory kernel upgrade your OS with kexec.

    And you are good to go!
     
  9. eva2000

    eva2000 Administrator Staff Member

    48,440
    11,102
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,281
    Local Time:
    8:07 PM
    Nginx 1.21.x
    MariaDB 10.x
    For most it's about uptime above all else to minimum the times you need to reboot. Granted Kernels updates aren't the only package updates which may require a server reboot but is the most common.
    https://ma.ttias.be/kernel-patching-kexec-updating-centos-7-kernel-without-full-reboot/ :cool:
     
  10. Matt Williams

    Matt Williams WordPress Fanatic Premium Member

    527
    102
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +155
    Local Time:
    6:07 AM
    latest
    10
  11. eva2000

    eva2000 Administrator Staff Member

    48,440
    11,102
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,281
    Local Time:
    8:07 PM
    Nginx 1.21.x
    MariaDB 10.x
    Sometimes I say, not always :D
     
  12. buik

    buik “The best traveler is one without a camera.”

    1,617
    457
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,410
    Local Time:
    12:07 PM