Ubuntu Linux Reference
Ubuntu Linux reference information
Canonical Livepatch
To avoid downtime during kernel upgrades, you can use a feature of the Linux kernel called live patching. This feature makes it possible to implement kernel updates without rebooting.
What Is Livepatch and How Does It Work?
Canonical Livepatch uses the Kernel Live Patching technology built into the standard Linux kernel. Canonical’s Livepatch website notes that massive corporations like AT&T, Cisco, and Walmart use it.
It’s free for personal use on up to three computers, these can be “desktops, servers, virtual machines, or cloud instances.” Organizations can use it on more systems with a paid Ubuntu Advantage subscription.
Kernel Patches Are Necessary But Inconvenient
Linux kernel patches are a fact of life. Keeping your system secure and patched up to date is vital in the inter-connected world we live in. But having to reboot your computer to apply kernel patches can be a pain. Especially if the computer is providing some sort of service to users and you have to co-ordinate or negotiate with them to take the service off-line. And there’s a multiplier. If you maintain several Ubuntu machines, at some point you have to bite the bullet and do each one in turn.
The Canonical Livepatch Service removes all of the aggravation of keeping your Ubuntu systems up to date with critical kernel patches. It’s easy to set up and it takes one more chore off your shoulders.
Anything that reduces maintenance efforts, boosts security, and reduces downtime has to be an attractive proposition, right? Yes, but there are some caveats.
- You must be using a Long Term Support (LTS) release of Ubuntu such as 20.04 or 22.04.
- It must be a 64-bit version.
- You must be running Linux Kernel 4.4 or higher
- You need to have an Ubuntu One account. If you don’t have an Ubuntu One account, you can sign up for a free account.
- You can use the Canonical Livepatch Service at no cost, but you’re limited to three computers per Ubuntu One account. If you have to maintain more than three computers, you’ll need additional Ubuntu One accounts.
- If you have physical, virtual, or cloud-hosted servers to look after, you’ll need to become an Ubuntu Advantage customer.
Installation
There are two major maintainers for kernel live patches: Canonical, who provides their own Livepatch Service for Ubuntu, and KernelCare who support Ubuntu in addition to most other major Linux distributions. Both require registration to use, and only Canonical’s service is free for individual use.
You can register for a Livepatch key at https://auth.livepatch.canonical.com/.
After enrolling, you can install the canonical-livepatch
snap package. Snap is another Ubuntu package manager that runs alongside apt
.
sudo snap install canonical-livepatch
You can enable canonical-livepatch
with a one-line command using the key you obtained when registering:
sudo canonical-livepatch enable your-key
The output should contain the message Successfully enabled device.
The service should run in the background from now on without any further intervention, and you can check its status using canonical-livepatch status
:
sudo canonical-livepatch status
After installing, you should see something like this:
Output
last check: 50 seconds ago
kernel: 5.15.0-25-generic
server check-in: succeeded
patch state: ✓ all applicable livepatch modules inserted
patch version: 84.1
tier: updates (Free usage; This machine beta tests new patches.)
machine id: 2565a9e7fc9f4405a167e4caf9b9dcf3
You have now configured automatic kernel updates for your server, meaning it should no longer be necessary to reboot in order to maintain a secure and up-to-date environment.
Updates
From time to time, you may need to update your livepatch software. Since this is a Snap package you will need to perform the following to check if you need to update it.
sudo snap info canonical-livepatch
You may also see a notification similar to this appear on your desktop's notification panel
To perform the update, follow these steps:
- Stop your existing Livepatch instance
sudo snap stop canonical-livepatch
2. Refresh your Livepatch instance
sudo snap refresh canonical-livepatch
If successful, you should see output in your terminal similar to this:
canonical-livepatch 10.5.4 from Canonical✓ refreshed
Commands
Most frequently used CLI (Terminal) commands on Linux
Commands used for System Information
Command(s) |
Sample Output |
DATE The simple “date” command displays the current date and time (including the day of the week, month, time, time zone, year).
Date TZ By default, “date” command uses the time zone defined in path “/etc/localtime”. Linux user can change the time zone via Terminal by using command “TZ”.
Date --set Linux allows its user to set the current date and time of the system manually.
|
Example - This would set the system date to May 18, 2023 10:10 PM
|
DF The command “df” shows the amount of disk space used and disk space available on every file system containing each filesystem’s name and its path.
The command “df -h” shows the same result as the command “df” but now the data is in a more human-readable format.
|
|
FREE The command “free” displays the amount of free and used memory in the complete system.
|
$ free
total used free shared buff/cache available
Mem: 16232800 4698636 6761664 59100 4772500 11205016
Swap: 2097152 0 2097152
|
PS The command “ps” which is also known as the process status command is used to provide information about the processes currently running on the system, including their respective process identification numbers (PIDs)
PS AUX & PS -EF Both list all processes of all users. In that aspect Where they differ is output format specifier,
|
|
UPTIME The command “uptime” provides information about how long the system has been running in one line. The result for this command includes the current time, the time duration system has been running, the number of users who are currently logged on, and the system load averages for the past 1, 5, and 15 minutes respectively.
|
$ uptime
19:59:06 up 22 days, 20:17, 1 user, load average: 0.52, 0.39, 0.38 |
W The command “w” displays detailed information about the users who are logged into the system currently.
|
$ w
20:00:25 up 22 days, 20:18, 1 user, load average: 0.44, 0.41, 0.38
USER TTY FROM LOGIN IDLE JCPU PCPU WHAT
tim :1 :1 07Feb23 xdm 2days 0.00s /usr/libexec/gdm-x-session --run-script env |
PASSWD The command “passwd” stands for password and it is used to change the password of the user.
|
$ passwd tim
changing password for tim.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully |
EXIT The command “exit” as the name says it is used to exit from the system and log out from the current user.
|
$ exit
logout
Connection to 192.168.1.1 closed. |
SS The ss command is a modern replacement for the classic netstat command. You can use it on Linux to get statistics about your network connections.
Use the -ltn flags to list all listening ports on your system.
Use the following to see if a specific port is listening on your system. In this case, the source port (sport) and destination port (dport) is 80 or you can use the protocol name, http, instead.
|
|
SHUTDOWN The command “shutdown” is used to shut down the system.
Note: The shutdown command needs superuser privileges. Hence, you should either be root or run the command with sudo.
Using the command with no flags will schedule a shutdown 1 minute from execution.
Use the following to IMMEDIATELY shutdown your system.
You can schedule a shutdown in future by providing the time argument either in +t format or in hh:mm format. For example, if you want to shutdown the system after 15 minutes, you can use this command:
If you want to shutdown the system at 6 PM in the afternoon, you can use it in the following manner:
Cancel a shutdown
Reboot a system
|
$ sudo shutdown
Shutdown scheduled for Thu 2023-03-02 20:12:13 EST, use 'shutdown -c' to cancel. |
Commands used for File Handling
LS The command “ls” displays the list of all directories, folder, and files present in the current directory.
LS - LTR The above-mentioned command displays the name of directories, folders, files with their respective owner name, group’s name, and rights your user has over these.
|
|
|
MKDIR The command “mkdir” allows users to create directories/folders in the system. The user running this command must have suitable rights over the parent directory to create a directory or they will receive an error. |
|
|
RMDIR The command “rmdir” allows users to remove directories/folders from the system. The user running this command must have suitable rights over the parent directory to remove a directory AND the directory must not have any files or sub-directories within it or you will receive an error. |
|
|
RM The command “rm” is used to remove files from a directory.
RM -RF Permanently deletes the specified directory and ALL files and sub-directories beneath the specified directory. Be VERY careful using this command as you can inadvertently delete your whole drive! |
|
|
MV The command “mv” is used for two purposes
|
|
|
CP The command “cp” is used to copy data from a source file to the destination file. Its function is almost like the command “mv”. The only difference is by using the command “cp” the source file is not removed from the directory after its data is moved to the destination file. |
|
|
TOUCH Creates an empty file at the specified path with the specified name. Useful for creating a blank file you intend to edit with a CLI editor, such as VIM or NANO. |
|
|
CAT The command “cat” is a reverse of the command “tac”. It is used to display each line of the file starting from the first row and finishing on its last row. This command is more frequently used than “tac”. |
|
|
ECHO The command “echo” used to display any expression that is passed as an argument. |
|
|
GREP The command “grep” is used to search for a text in the specified file/folder. |
|
|
ZIP The command “zip” is used to compress one or more files and store them in a new file with .zip extension. |
|
|
UNZIP The command “unzip” is used to decompress a .zip file and extract all the files within to current directory. |
|
|
SUDO Sudo stands for SuperUser DO and is used to access restricted files and operations. By default, Linux restricts access to certain parts of the system preventing sensitive files from being compromised. The
sudo -i elevates the user to root for the remainder of the session rather than a command by command basis. |
|
|