3.5 Managing Ksplice Updates

Ksplice patches are stored in /var/cache/uptrack. Following a reboot, Ksplice Uptrack automatically re-applies these patches very early in the boot process before the network is configured, so that the system is hardened before any remote connections can be established.

To list the available Ksplice updates, use the uptrack-upgrade command:

# uptrack-upgrade -n

To install all available Ksplice updates, enter:

# uptrack-upgrade -y

To install an individual Ksplice update, specify the update's ID as the argument (in this example, the ID is dfvn0zq8):

# uptrack-upgrade dfvn0zq8

After Ksplice has applied updates to a running kernel, the kernel has an effective version that is different from the original boot version displayed by the uname –a command. Use the uptrack-uname command to display the effective version of the kernel:

# uptrack-uname -a

uptrack-uname supports the commonly used uname flags, including -a and -r, and provides a way for applications to detect that the kernel has been patched. The effective version is based on the version number of the latest patch that Ksplice Uptrack has applied to the kernel.

To view the updates that Ksplice has made to the running kernel:

# uptrack-show

To view the updates that are available to be installed:

# uptrack-show --available

To remove all updates from the kernel:

# uptrack-remove --all

To prevent Ksplice Uptrack from reapplying the updates at the next system reboot, create the empty file /etc/uptrack/disable:

# touch /etc/uptrack/disable

Alternatively, specify nouptrack as a parameter on the boot command line when you next restart the system.