Keeping your Linux server secure is a never ending task. Every day there are new bugs found in the software that runs your website that require fixes to keep them secure. Mostly, these are in the peripheral applications like Apache, PHP or MySQL but at the heart of the Linux operating system is the 'Kernel' itself which handles the low-level operations for the OS.
Unfortunately, to fix the kernel you have to apply a fix and then reboot the server so that the kernel is reloaded. This introduces some down time whilst the server goes offline, reboots and then starts up again. In total this is usually just a few minutes but we don't like doing this on live systems unless it's of utmost importance. Kernel fixes happen infrequently, maybe once a month, but it's still one more reboot to a live system we'd rather not do.
On the other side of the equation, some sites demand the latest fixes to pass compliance with credit card issuers and banks. If you take credit cards on your site, you're probably aware that you and your site have to pass stringent PCI DSS compliance tests which check which versions of software are installed. Applying fixes asap then becomes a more important matter.
So, for the past month we've been trialling a system that lets us apply kernel fixes without rebooting called KSplice and we've been extremely happy with it. It's now used on all our shared hosting servers. We think you'll be happy with it too so from today we're offering it as a free install on our Dedicated Servers that have Managed Support.
If you've not purchased Managed Support with your dedicated server, please get in contact via a support ticket.
Friday, October 15, 2010