Linux launched a new open-source tool, UChecker, to assist in the improvement of its operational security. The program is from CloudLinux and is included in the TuxCare security services of the company.
UChecker, which stands for “userspace checker,” scans for out-of-date libraries on storage and in-memory on Linux servers. It may also detect false negatives by alerting insecure libraries operating in memory that other scanners might overlook.
The tool is under GNU General Public License version 2 (GPLv2) and works with every modern Linux distribution. It gives you precise information on which applications are utilizing which vulnerable libraries.
The user will also be given the necessary process ID and name by the tool. With this data, you can determine which libraries require updating.
To offer stronger security protections for the servers, this tool may be linked with programs like Nagios or other programs for management, logging, and monitoring.
Kernelcare.com was the beginning of UChecker. The toolset allows users to patch Linux kernels and shared common libraries like Glibc and OpenSSL in real-time.
Users have 2 ways for upgrading their libraries after executing UChecker. First, there’s the traditional method. Using the packaging system, users update their libraries and reset the servers.
Alternatively, users may just restart the server, as even UCherker cannot guarantee which of the processes are still using the old libraries.
Or, users may utilize the live patching feature of TuxCare LibraryCare to deliver security fixes to Glibc and OpenSSL libraries without the need to restart the server.
CloudLinux’s TuxCare services are an umbrella offering security and support solutions. It includes live patching for important Linux stack components ranging from the kernel to shared common libraries.
It removes costly and lengthy service interruptions when rebooting to download the updated security patches. It also eliminates the requirement for a maintenance window that causes disruption.
TuxCare Linux Support Services, according to CloudLinux, will offer regular updates and patches for all parts of business Linux systems. There will also be incident support available all day, even if the systems are beyond their End-of-Life (EOL).
According to Jim Jackson, President of CloudLinux, some fixes ask for server reconfigurations and reboots that are hard to put down for an extended period. Hackers are continuously looking for vulnerabilities to attack, so IT professionals always install security updates.
Tools that can assist in quickly identifying and patching possible vulnerable libraries are a great advantage in many situations.