How KernelCare Protects Your Server

One of the most important things you can do to ensure the security and stability of your Linux server is to keep the kernel updated. Some Kernel updates patch security vulnerabilities and other issues. Kernel patches are released as issues are discovered.

Unless you are regularly checking for kernel updates, or your notified of a security issue, you may not be aware when a kernel update is available. Additionally, since updating the kernel traditionally requires a reboot, the prospect of associated downtime often prevents the updates from being applied as quickly as they should be.

KernelCare changes all that.

Automatic Updates; No Reboot Necessary

KernelCare is a CloudLinux product that automatically updates the Linux kernel to address security and stability issues without the need for a server reboot, even during its initial install. You can read more on KernelCare in our article: What Is KernelCare?

Liquid Web provides KernelCare on all new managed Storm® and Dedicated servers running a supported operating system (CentOS 5, 6, and 7, which also may report as “Derived From Red Hat Enterprise Linux”; or CloudLinux 5 and 6). Moreover, as part of Liquid Web’s proactive response to security concerns, KernelCare has been applied to nearly all existing Fully Managed servers running a supported operating system.

What Does It Mean For You?

KernelCare runs transparently on your server. There are no settings you need to configure nor commands that need to be run once installed. KernelCare will regularly check for kernel updates and automatically apply them as they become available with no impact on your server or services.

With KernelCare you never have to worry if your server’s kernel is protected against a particular vulnerability. You know it is. You never have to worry about downtime caused by rebooting to apply a kernel patch; cause there is none. And you never have to worry about how long you’ll have to wait for a new patch to be applied to your server. KernelCare offers the most efficient protection by automatically updating the kernel as soon as a patch is available, with no need for a reboot.

===

Liquid Web’s Heroic Support is always available to assist customers with this or any other issue. If you need our assistance please contact us:
Toll Free 1.800.580.4985
International 517.322.0434
support@liquidweb.com
https://manage.liquidweb.com/

What Is KernelCare?

Tux the Penguin with Hotpatching (KernelCare)The concept of ‘Kernel hotpatching’, sometimes called live patching, was introduced to the Linux community around 2008. Soon after groups began developing differing implementations of the concept. KernelCare, one of the more popular implementations, was originally released in March 2014 by Cloud Linux, Inc.

So, what does hot patching do? (Or: Why do I want KernelCare?)

The basic concept of Linux kernel hot patching is pretty much the same not matter what it’s called. The goal is to only update the changes rather than the whole Kernel – which normally requires a reboot. It’s much harder than it sounds though since kernel updates come as complete packages and the system is running.

Imagine trying to do an oil change on your car while driving at highway speeds; that’s kernel hot patching in a nutshell.

With a KernelCare enabled kernel updates can be processed and then applied selectively to a running server. This can mean not needing to reboot for much longer than you would normally require to stay secure.

How do I check if I have KernelCare and is it working? (Or: Checking KernelCare version)

The best way to check if your server is running with KernelCare is to look for its main CLI tool. You can do this with the following linux command:

which kcarectl

If the CLI tool is found on the server you will see output like the following, or something very similar.

# which kcarectl
/usr/bin/kcarectl

If the CLI tool is not installed you will see the following:

# which kcarectl
#
When using the Linux `which` command you will get no results if the executable is not found. In this case that means KernelCare is likely not active or installed on the server.

Assuming the test above was successful, you’ll now want to check the status of KernelCare. This will help you determine if KernelCare is active and what the effective version is. You can do this with the following command:

/usr/bin/kcarectl --info

The results will look similar to the following:

[root@host ~]# /usr/bin/kcarectl –info
kpatch-state: patch is applied
kpatch-for: Linux version 3.10.0-327.36.3.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Mon Oct 24 16:09:20 UTC 2016
kpatch-build-time: Mon Nov 7 08:20:19 2016
kpatch-description: 2;3.10.0-327.36.3.el7.x86_64

As you can see the output provides various details about the KernelCare status. Looking at the kpatch-state we can see that hot patching is working and enabled.

Where Is My DNS Hosted?

From time to time, you’ll have to make changes to your DNS records. For example, if you change IP addresses, your DNS A records will change. You’ll also change DNS if you want to add SPF records to help email authentication. For these changes to work properly, it’s vital to know where DNS is hosted.

DNS is always hosted at your domain’s authoritative nameservers. Your authoritative nameservers, and therefore your DNS, can be in three places:

  • Liquid Web’s nameservers
    • ns.liquidweb.com
    • ns1.liquidweb.com
    • ns.sourcedns.com
    • ns1.sourcedns.com
  • Your private nameservers on your server or another server you control
    • Ex.: ns.mysite.com
  • Where you registered your domain name
    • Ex.: Enom, GoDaddy, Namecheap, etc.

If you are using Liquid Web’s nameservers, you can update your DNS records in your Liquid Web account interface. If you use private nameservers on your server or another server, you can update DNS records in the control panel for your server (most likely WHM or Plesk, sometimes cPanel for SPF records). If your nameservers are where you registered your domain name, you’ll need to log into your account at that registrar and edit DNS there.

Either way you check your domains authoritative DNS you should always remember, if you don’t update DNS in the right place it wont take effect. This could mean your websites won’t load properly and can cause unnecessary downtime.

Discovering Where DNS Is Hosted – Web

If you aren’t comfortable using your terminal program to look up WHOIS information, use an online WHOIS checking tool.

Discovering Where DNS Is Hosted – CLI

You can easily find out where your DNS records are hosted using your server’s WHOIS entries.

  1. Launch your terminal program. Every operating system (Windows, Mac, and Linux) has a terminal program: use your computer’s search function to look for “terminal,” then open the terminal program you find.
  2. In the terminal window, type:
    whois mysite.com
    and press Enter. Be sure to replace “mysite.com” with your site’s domain.
  3. You’ll start seeing a lot of information about your domain, including where it is registered and the nameservers you’re using.
    Domain Name: LIQUIDWEB.COM
    Registrar: NETWORK SOLUTIONS, LLC.
    Sponsoring Registrar IANA ID: 2
    Whois Server: whois.networksolutions.com
    Referral URL: http://networksolutions.com
    Name Server: NS.LIQUIDWEB.COM
    Name Server: NS1.LIQUIDWEB.COM
    Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
    Updated Date: 04-aug-2016
    Creation Date: 05-aug-1997
    Expiration Date: 04-aug-2026
  4. Look specifically at the Name Server listing. In this example, you’ll see liquidweb.com uses Liquid Web’s nameservers. You might also see your own server listed as the nameserver (ns.mysite.com) or a domain registrar listed as the nameserver. This information tells you where you will be editing your DNS records:
    • If you use Liquid Web nameservers: edit your DNS records in your Liquid Web account.
    • If you use private nameservers: edit your DNS by logging into cPanel and searching for “Edit DNS Zone.”
    • If you use a different registrar’s nameservers: edit your DNS records by logging into your account at your registrar.

How to Install Git on Ubuntu 15.04

Introduction

Git is an open source, distributed version control system (VCS). It’s commonly used for source code management (SCM), with sites like GitHub offering a social coding experience, and popular projects such as Perl, Ruby on Rails, and the Linux kernel using it.

Pre-Flight Check

  • These instructions are intended for installing Git on Ubuntu 15.04.
  • I’ll be working from a Liquid Web Core Managed Ubuntu 15.04 server, and I’ll be logged in as root.

Continue reading “How to Install Git on Ubuntu 15.04”

How to Install and Configure Git on Fedora 22

Introduction

Git is a widely adopted, distributed version control system (VCS) and open source. It’s commonly used for source code management (SCM), with sites like GitHub offering a social coding experience, and popular projects such as Perl, Ruby on Rails, and the Linux kernel using it.

Pre-Flight Check

  • These instructions are intended for installing Git on Fedora 22.
  • I’ll be working from a Liquid Web Self Managed Fedora 22 server, and I’ll be logged in as root.

Continue reading “How to Install and Configure Git on Fedora 22”

How to Add a User and Grant Root Privileges on Fedora 22

Pre-Flight Check

  • These instructions are intended specifically for adding a user on Fedora 22.
  • I’ll be working from a Liquid Web Self Managed Fedora 22 server, and I’ll be logged in as root.

Continue reading “How to Add a User and Grant Root Privileges on Fedora 22”

View the Selected MySQL Database on Linux via Command Line

Pre-Flight Check

  • These instructions are intended for viewing the selected MySQL database via the command line.
  • I’ll be working from a Liquid Web Core Managed CentOS 7 server, and I’ll be logged in as root.

Continue reading “View the Selected MySQL Database on Linux via Command Line”

7 Extremely Useful Linux Commands for Beginners

#1: ls : What’s in this directory?

The command ls stands for list directory contents. And, cleverly, it will do just that: list a directory’s contents! Using it with -F will give a list of the directories contents, and denote items that are other directories with a trailing /.

ls -F

On my server returns:

allthethings.txt important.doc Indominus/ Misc/ probs.xls Red Wings/ Spreadsheets/ Work/

In the above case, allthethings.txt, garbage.file, important.doc, and probs.xls are files, and Indominus, Misc, Red Wings, Spreadsheets, and Work, each with the trailing /, are directories!

There are many other options, or switches, such as -F that can be used with ls for improved results. For example:

ls -lFa

Returns:

dr-xr-x---. 10 root root 4096 Apr 17 12:01 .
drwxr-xr-x. 19 root root 4096 Apr 14 12:45 ..
-rw-r--r-- 1 root root 0 Apr 17 12:00 allthethings.txt
-rw------- 1 root root 483 Apr 14 12:45 .bash_history
-rw-r--r--. 1 root root 18 Dec 28 2013 .bash_logout
-rw-r--r--. 1 root root 176 Dec 28 2013 .bash_profile
-rw-r--r--. 1 root root 361 Jan 1 01:24 .bashrc
drwxr-xr-x 3 root root 4096 Jan 1 01:25 .cache/
drwxr-xr-x 3 root root 4096 Jan 1 01:25 .config/
-rw-r--r--. 1 root root 100 Dec 28 2013 .cshrc
-rw-r--r-- 1 root root 0 Apr 17 12:01 garbage.file
-rw-r--r-- 1 root root 0 Apr 17 11:58 important.doc
drwxr-xr-x 2 root root 4096 Apr 17 11:59 Indominus/
drwxr-xr-x 2 root root 4096 Apr 17 11:57 Misc/
-rw------- 1 root root 42 Apr 14 12:44 .my.cnf
-rw-r--r-- 1 root root 0 Apr 17 12:00 probs.xls
drwxr-xr-x 2 root root 4096 Apr 17 11:57 Red Wings/
-rw------- 1 root root 1024 Jan 1 01:22 .rnd
drwxr-xr-x 2 root root 4096 Apr 17 11:56 Spreadsheets/
drw------- 2 root root 4096 Apr 14 12:42 .ssh/
-rw-r--r--. 1 root root 129 Dec 28 2013 .tcshrc
drwxr-xr-x 2 root root 4096 Apr 17 11:57 Work/

In the above case two switches are added: -l and -a. The -l uses the long listing format, and the -a switch lists all of the files, including hidden files.

Each column contains an important bit of information:

Column | Information | Example

  • 1 | Permissions | drwxr-xr-x
  • 2 | # of Hard Links | 2
  • 3 | User That Owns File or Directory | root
  • 4 | Group for File or Directory | root
  • 5 | File Size | 4096
  • 6 | Timestamp | Apr 17 11:59
  • 7 | Filename | Indominus/

Continue reading “7 Extremely Useful Linux Commands for Beginners”