CloudLinux today announced as part of its TuxCare security services that it is making available free open source software, UChecker, that scans Linux servers for vulnerable libraries that are outdated and being used by other applications. This provides detailed actionable information regarding which application is using which vulnerable library and needs to be updated, which helps improve the security awareness patching process.
“Patch management is a challenging area of security and IT operations because so many different systems require patching plus they have to be tested before being deployed,” said Jim Jackson, president and chief revenue officer, CloudLinux. “Also, some patches require reconfigurations and reboots of servers that are difficult to take offline for very long. Time is critical because hackers look to exploit vulnerabilities so it’s always a race for IT teams to apply security patches.”
UChecker detects and reports those shared libraries that are not-up-to-date both on disk and in memory – unlike other scanners that fail to spot in-memory outdated versions. Also, UChecker (short for “username checker”) can be integrated with tools like Nagios or other monitoring and management tools to alert of systems running outdated libraries.
UChecker works with all modern Linux distributions under the GNU General Public License and can be downloaded here.
After running UChecker there are two options to updating libraries.
The traditional approach to updating libraries can be used, which involves rebooting the server or restarting all the processes if there is no way to identify which processes are still using the outdated libraries, so there will be some disruption of service along with downtime.
However, with the live patching capability of the TuxCare LibraryCare service it is possible to apply security patches to OpenSSL and glibc libraries without having to reboot the server. That reduces service disruptions, along with vulnerability windows since the patches to libraries do not take effect until the server is rebooted and with live patching that effect is negated.
TuxCare services are the umbrella offering of the CloudLinux family of enterprise support services which include live patching for critical components in the Linux stack, from the kernel all the way to widely-used shared libraries. This eliminates the need for lengthy and costly service disruptions while servers or services are restarted to install the latest security patches, and no longer requires a disruptive maintenance window.
Also, with TuxCare Linux Support Services, regular patches and updates are delivered for all components of enterprise Linux systems, as well as 24/7 incident support – even when systems are past their End-of-Life (EOL).
CloudLinux is on a mission to continually increase security, stability and availability of Linux servers and devices. Headquartered in Palo Alto, California, CloudLinux Inc. develops a hardened Linux distribution, Linux kernel live security patching, extended support options for Linux, and web server security software used by enterprises, service providers, governments, and universities all over the world.
CloudLinux has more than 4,000 customers and partners, more than 500,000 product installations globally, and dedicated analysts and developers that together have more than 450 years’ worth of Linux experience along with a passion for delivering the best customer care.