Enabling live kernel patching on Ubuntu Server 16.04 LTS

A couple of years ago, a set of changes was merged into the kernel core (version 4.0) that enabled kernel patching without a reboot. Although a similar functionality has been available for a while in commercial Linux distributions as a paid service (Oracle Ksplice, RHEL Live Patching and SUSE Live Patching), it’s now possible to configure it for up to 3 machines with Ubuntu for free. Live kernel patching in Ubuntu is known as Canonical Livepatch Service.

Let’s check how it works.

Read More

Configuring a fresh machine with Ubuntu Server 16.04 LTS

Let’s say you’ve just purchased a new VPS to play with. There are a few things you should consider configuring if you want your server to be secure and ready to run your development experiments.

In this post I’ll go step-by-step through:

  • configuring a secure SSH access on a custom port, with password authentication turned off
  • configuring a basic firewall with iptables
  • updating the distribution to the newest kernel with LTS Enablement Stack
  • verifying if automatic security updates are enabled
  • enabling system load information in MOTD (previously enabled by default in Ubuntu 14.04 LTS)
  • adding your server’s ASCII art to MOTD 🙂
  • installing newest Docker

This guide is based on configuring a fresh instance of the cheapest VPS purchased on Aruba Cloud (€1,00/month). Hopefully, there will be another post comparing the cheapest VPSs I know of.

Read More