Monday Nov 02, 2015

New Userspace Patching with Oracle Ksplice!

Last week, Larry Ellison introduced userspace patching with Oracle Ksplice. This is a groundbreaking addition to the already extensive capabilities of Ksplice, giving administrators the tools they need to cope with security threats and other issues without impacting running systems.

If you're unfamiliar with Ksplice, it provides zero-downtime patching (also known as “live patching") for Linux. With Ksplice, updates and errata (CVEs, etc.) can be applied to running systems without restarting applications or rebooting. This is a boon for organizations since scheduling downtime across a server farm is a significant event, and many companies using a variety of operating systems only perform patches periodically in a regular cycle. But being able to apply critical updates immediately–or remove them, if necessary–without impacting servers even under heavy load allows administrators to reduce the window of vulnerability for security issues to the bare minimum, making systems more secure. A fantastic primer on Ksplice can be found in Wim Coekaerts' blog post The Magic of Ksplice.

While Ksplice has been a great tool for applying patches without downtime, it has been focused exclusively on kernel patches. That is, until last week with the announcement of userspace patching for Ksplice.

Why is userspace patching important? Well, patching the kernel as Ksplice has done for years solves a number of issues. It lets you patch security vulnerabilities at the kernel level, it allows you to apply patches to do diagnostics, and so on. But applications rely on services available above the kernel (in “userspace”) to do many of their tasks. For example, glibc, the GNU C Library, is the standard C and C++ library used by applications on Linux. And OpenSSL provides secure networking services for applications so applications don’t have to implement these features from scratch. But patching the kernel doesn’t help with changes that need to be made in these system wide libraries.

These standard libraries are very useful because they allow the community to optimize and standardize on how common tasks are accomplished. But since they are used by so many applications, a flaw in one of these libraries creates widespread exposure. Just such an exposure happened with the Heartbleed Bug, where an issue with OpenSSL left thousands of servers at risk.

With userspace patching in Ksplice, Oracle can now provide you with the tools to patch these userspace libraries without downtime. At Oracle OpenWorld last week, we were showing attendees in the Oracle Linux, Oracle VM, and OpenStack Showcase how we can apply userspace patches for the Ghost and Heartbleed vulnerabilities, check that the systems were indeed secured, and then roll those patches back to their unsecured state, all in a couple of minutes and without stopping running applications. This is the power of the new userspace feature of Ksplice. In this first release of userspace patching, the focus is on glibc and OpenSSL since this will cover many of the security related issues customers will run into. 

With the addition of userspace patching, a great tool just got even better. Ksplice can now patch the running Linux kernel and also patch userspace glibc and OpenSSL without downtime. Userspace patching is a huge development in zero-downtime patching, and another tool in the toolbox for administrators needing to cope with critical updates. This brings the magic of Ksplice from the kernel up to userspace, making your systems safer.

Userspace patching for Ksplice is available now in the enhanced Ksplice client for customers with Oracle Linux Premier Support. You can read about it in the latest Ksplice documentation and when you’re ready to try it out, you can enable it on the Unbreakable Linux Network and install it on your systems.

Friday Oct 24, 2014

Friday Spotlight: Boost Your IT Security for the Holiday Season - BeyondTrust and Oracle Webinar

Oracle and BeyondTrust presents Live Webinar:

Boost Your IT Security for the Holiday Season

When: Nov 6, 9am PT, 12pm EST


The holidays are generally a time for family, friends and cheer, but with all of this cheer comes something lurking in the dark; security breaches. As we prepare for the upcoming holiday season, it is imperative for organizations to understand the importance of implementing a security and compliance strategy. The most important components to address are least privilege, auditing, password management, and compliance.

Join this engaging webinar, hosted by Oracle and BeyondTrust, to learn how you can best protect your organization during the upcoming holiday season. By attending this webcast, you'll learn:

  • Why it's important to implement a least privilege strategy this holiday season
  • Understanding your organization’s data security compliance efforts
  • Managing and implementing least privilege with BeyondTrust PowerBroker & Oracle Linux
  • What you can do NOW to beef up your organization’s security & compliance program


Paul Harper Product Manager for Server & Vulnerability Products BeyondTrust

Michele Casey Director of Product Management, Oracle Linux Oracle

Register today

Friday Jun 20, 2014

Friday Spotlight: A Wealth of Information on Oracle Linux

Happy Friday!

Our spotlight this week is on the large library of in-depth information about Oracle Linux on the Oracle documentation site. There is, of course, an administrator's guide, as you would expect. But there are also extremely comprehensive guides on Ksplice, DTrace, Spacewalk, security, and more. Check out the whole set for some Friday afternoon reading.

See you next week! 


Friday Mar 21, 2014

Friday Spotlight: Tips for Hardening an Oracle Linux Server

Happy Friday!

One of the things I like about our Friday Spotlight is not only do we talk about new things, it also gives us an opportunity to highlight older material that is still valuable. That's the case with this week's spotlight, which is about an article from 2012 that covers tips for hardening an Oracle Linux server. If you've come to Oracle Linux in the last couple of years, you might not have seen this, and it's just as a relevant today as it was then.

This in-depth article covers minimizing active services, locking down network services, managing users and authentication, and much more. If you're a Linux administrator, you might want to consider adding this article to your Reading List, saving to Pocket or Evernote, or whatever mechanism you use to hold on to good resources.

Read: Tips for Hardening an Oracle Linux Server

We'll see you next week!


Friday Dec 06, 2013

Oracle Linux Friday Spotlight - December 6, 2013

Happy Friday!

By now, you've probably heard about the release of Oracle Linux 6.5. One really cool thing about this release is that Unbreakable Enterprise Kernel Release 3 is installed by default, meaning you get to use all the great features of UEK R3 without needing to do a separate installation. And are there a lot of great features in UEK R3! So, our spotlight this week is on the release notes for the latest version of Oracle's Unbreakable Enteprise Kernel.

Unbreakable Enterprise Kernel Release 3 release notes

You'll learn about Control Groups, Linux Containers, DTrace, additional crypto options, improved diagnostics, the updated btrfs, better memory management, more networking options, improvements for performance, security, storage, and much more.

See you next Friday!


Friday Sep 07, 2012

New Article on OTN: Tips for Securing an Oracle Linux Environment

Some time ago, we published Tips for Hardening an Oracle Linux Server on the Oracle Technology Network. This article focused on hardening an Oracle Linux system right after the initial installation, exploring administrative approaches that help to minimize vulnerabilities.

This week we issued a second part,Tips for Securing an Oracle Linux Environment, which focuses on the operational part: detecting intrusion attempts, auditing and keeping systems up-to date and protected.

If you manage Oracle Linux systems in your environment, check out these articles for some invaluable hints and suggestions on how to improve and maintain security of these servers!

Tuesday Jul 24, 2012

Don't miss the Latest Technical Articles about Btrfs and Linux Security

We have two new Oracle Linux technical articles that you should not miss! They go into details about installation, best practices and key commands that will help you speed up your configurations.

1. How I Got Started with the Btrfs File System for Oracle Linux

by Margaret Bierman with Lenz Grimmer

This article describes the basic capabilities that writers discovered while becoming familiar with the Btrfs file system in Oracle Linux, plus the instructions she used to create a file system, verify its size, create subdirectories, and perform other basic administrative tasks.

Read more 

2. Tips for Hardening an Oracle Linux Server

by Lenz Grimmer and James Morris

Oracle Linux provides a complete security stack, from network firewall control to access control security policies. While Oracle Linux is designed "secure by default," this article explores a variety of those defaults and administrative approaches that help to minimize vulnerabilities.

Read more 

And don't forget to bookmark the Oracle Linux Technogy Center for future technical articles.

Happy reading. 


Get the latest updates on strategy, products, events, news, customers, partners and all things Oracle Linux! Connect with Oracle's Linux experts.

Stay Connected




« November 2015