Automatically installing patches with the Canonical Livepatch service
In the previous section, I mentioned that if your updates include an update to the kernel, you'll need to reboot your server for the new kernel to take effect. While this is generally true, Canonical offers a Livepatch service for Ubuntu, which allows it to receive updates and have them applied without rebooting. This is a game changer, as it takes care of keeping your running kernel patched without you having to do anything, not even reboot. This is a massive benefit to security as it gives you the benefits of the latest security patches without the inconvenience of scheduling a restart of your servers right away.
However, the service is not free or included with Ubuntu by default. Even so, you can install the Livepatch service on three of your servers without paying, so it's still something you may want to consider. You're even able to utilize this service on the desktop version of Ubuntu if...