CloudLinux announced UChecker, a free open source tool that scans Linux servers for vulnerable libraries that are outdated and being used by other applications. This provides detailed actionable information regarding which application is using which vulnerable library and needs to be updated, which helps improve the security awareness patching process.
This activity diagram shows how UChecker works:
“Patch management is a challenging area of security and IT operations because so many different systems require patching plus they have to be tested before being deployed,” said Jim Jackson, president and chief revenue officer, CloudLinux. “Also, some patches require reconfigurations and reboots of servers that are difficult to take offline for very long. Time is critical because hackers look to exploit vulnerabilities so it’s always a race for IT teams to apply security patches.”
UChecker detects and reports those shared libraries that are not-up-to-date both on disk and in memory – unlike other scanners that fail to spot in-memory outdated versions.
Also, UChecker (short for “username checker”) can be integrated with tools like Nagios or other monitoring and management tools to alert of systems running outdated libraries.
The tool works with all modern Linux distributions under the GNU General Public License and can be downloaded here.
After running UChecker you can use the traditional approach to updating libraries, which involves rebooting the server or restarting all the processes if there is no way to identify which processes are still using the outdated libraries, so there will be some disruption of service along with downtime.