Ubuntu

How to use Ubuntu Livepatch

The Ubuntu Livepatch service takes care of keeping your Ubuntu systems up to date with essential kernel updates, saving you time and effort. It is a tool that enables companies to patch Ubuntu Linux kernel vulnerabilities immediately. The live patch utility lets you directly patch the running kernel, eliminating the need to reboot your system. This feature was first added in Ubuntu 16.04 LTS, generally designed for servers expected to operate continuously without rebooting for months and years. This article will explain in detail how you can apply the live patch on Ubuntu OS.

How to access Ubuntu Livepatch service

Ubuntu users and community members will be able to access information, communicate, and contribute more easily with the help of this service that provides a single login service for all Ubuntu-related websites. A private key must be issued to you and associated with your Ubuntu One account If you want to operate the Livepatch services. You need to first click on the sign-in button then a new dialogue box that will ask if you want to create a new account or login from the existing account, as displayed below.

Graphical user interface, text, application Description automatically generated

Graphical user interface, text, application, email Description automatically generated

You can also do the same thing by visiting the official Ubuntu website as shown below.

Graphical user interface, text, application, email Description automatically generated

There are two main ways to enable the livepatch option on Ubuntu. One is for the desktop users, and the other one is for the servers, which are as follows:

  • Enabling livepatch using the Graphical user interface (GUI)
  • Enabling livepatch using the terminal

How to enable Livepatch on Ubuntu using the Graphical User Interface (GUI)

After login into your Ubuntu One account, you will see that now the livepatch is on. You can verify this by going to the “software and update” settings again, as shown below.

You can select the option of Livepatch by clicking on the “Activities” option and then searching for livepatch there, as shown below.

Graphical user interface, application Description automatically generated

You can also find the livepatch option by going into “Software and Update” and then clicking on the livepatch option available on the top right, as displayed below.

Graphical user interface, text, application, email Description automatically generated

So, if you have already logged in to your Ubuntu One account, you will see that the livepatch is now active and working, as shown below.

Graphical user interface, text, application, email Description automatically generated

This is how you can enable the livepatch option using the GUI. Enabling it using the terminal is also very simple that will be discussed in the next part.

How to enable Livepatch on Ubuntu using the terminal

You also need the Ubuntu one account to enable the livepatch using the terminal, just like you did in the previous method. After that, you need to visit the canonical livepatch official website, responsible for creating this application. Here you will see two options; one is for the “Ubuntu user”, which you should select if you are using it yourself, whereas the “Canonical customer” option is for a business user with multiple accounts. In our case, we are selecting the “Ubuntu user” option to get you the basic idea. After selecting this option, you need to click on the livepatch token option that can be seen on the bottom left.

Graphical user interface, text, application Description automatically generated

The instructions to activate the Ubuntu livepatch are also mentioned in the image below, along with a key. This will provide you with a secret key that is linked to your Ubuntu one account. After getting the secret key, the next step is to activate these services to use them. You need to follow them and apply accordingly as per the instructions to activate them without any issue.

Graphical user interface, text, application, email Description automatically generated

So, to activate the livepatch service, all you need to do is to type the following command in the terminal.

$sudo snap install canonical-livepatch

Text Description automatically generated

After that, you need to link your secret key with a canonical livepatch that you can do by typing the following command in the terminal.

$sudo canonical-livepatch enable <Enter_Your_secret_key_Here>

Later you can check the status to verify if everything is working fine by typing the following command in the terminal.

$sudo canonical-livepatch status

Text Description automatically generated

Canonical will secretly apply changes to your operating kernel in the background once this is up and running. The status command will list any patches that have been applied.

How to remove the canonical Livepatch service on Ubuntu

If, due to any reason, you have decided to remove these services, then you can do that by typing the following command in the terminal:

$sudo snap remove canonical-livepatch

Text Description automatically generated

You can also disable this option by opening the software, updating settings, and disabling it from the livepatch option below.

Graphical user interface, text, application, email Description automatically generated

Conclusion

There are two methods discussed in this article to apply a livepatch on Ubuntu OS. One is for desktop users, and the other one is for server-based systems. For both of these methods, you need to create a Ubuntu account if you already didn’t, and you can’t apply the live patch without it. Desktop users can use this feature too, but this is highly recommended for the servers-based system. The reason is that the servers need to remain operational for a more extended period, so any new patch or security feature can be installed on the server without turning them off.

About the author

Taimoor Mohsin