Linux is less vulnerable to attacks than Windows. However, Linux is not the perfection of security. Cloud Linux is helping to improve Linux’s operational security, by releasing UChecker.
The company is well known for creating a Red Hat Enterprise Linux (RHEL)/CentOS server clone, CloudLinux, and its fork, CentOS. The new open-source tool is part of the company’s TuxCare security services which scan Linux servers for out-of-date libraries on both memory and disk.
All modern Linux servers are supported
There are other tools that do the same things. However, this one can detect false negatives, by reporting on libraries with vulnerabilities that are running in memory. Other scanners tend to miss those. Linux users will be glad to know that it works with all modern Linux server distributions and is licensed under the GPLv2.
UChecker is an abbreviation of userspace checker and it works with more than just the RHEL family of Linux servers to provide all distributions’ users with detailed and actionable information on which app is using a vulnerable library. The program will also show users the relevant process ID and process name, information that helps users know which libraries need updating.
When you run UChecker from the shell, you will have two options for updating libraries. You can use the packaging system and reboot the servers OR just restart all the processes since even with the UChecker, it is difficult to be certain which processes may still be using out-of-date libraries.
You can also use TuxCare LibraryCare, which has live patching capabilities that apply security patches to Glibc libraries and OpenSSL, without rebooting the server. Other live patching options include Oracle Ksplice, Kpatch, SUSE Kgraft.