- It provides detailed actionable information regarding which application is using which vulnerable library and needs to be updated, which helps improve the security awareness patching process
- UChecker detects and reports those shared libraries that are not-up-to-date both on disk and in memory
CloudLinux annpunced as part of its TuxCare security services that it is making available free open source software, UChecker, that scans Linux servers for vulnerable libraries that are outdated and being used by other applications. it said that it provides detailed actionable information regarding which application is using which vulnerable library and needs to be updated, which helps improve the security awareness patching process.
Jim Jackson, president and chief revenue officer, CloudLinux said, “Patch management is a challenging area of security and IT operations because so many different systems require patching plus they have to be tested before being deployed. Also, some patches require reconfigurations and reboots of servers that are difficult to take offline for very long. Time is critical because hackers look to exploit vulnerabilities so it’s always a race for IT teams to apply security patches.”
UChecker detects and reports those shared libraries that are not-up-to-date both on disk and in memory. It said that UChecker (short for “username checker”) can be integrated with tools like Nagios or other monitoring and management tools to alert of systems running outdated libraries. UChecker works with all modern Linux distributions under the GNU General Public License.
After running UChecker there are two options to updating libraries. The traditional approach to updating libraries can be used, which involves rebooting the server or restarting all the processes if there is no way to identify which processes are still using the outdated libraries, so there will be some disruption of service along with downtime.
Live patching for critical components in the Linux stack
With the live patching capability of the TuxCare LibraryCare service it is possible to apply security patches to OpenSSL and glibc libraries without having to reboot the server. That reduces service disruptions, along with vulnerability windows since the patches to libraries do not take effect until the server is rebooted and with live patching that effect is negated.
TuxCare services are the umbrella offering of the CloudLinux family of enterprise support services which include live patching for critical components in the Linux stack, from the kernel all the way to widely-used shared libraries. This eliminates the need for lengthy and costly service disruptions while servers or services are restarted to install the latest security patches, and no longer requires a disruptive maintenance window.
It said, “with TuxCare Linux Support Services, regular patches and updates are delivered for all components of enterprise Linux systems, as well as 24/7 incident support – even when systems are past their End-of-Life (EOL).