Monthly Archives: October 2016

Halloween is Almost Here! Save With This Exclusive Promo Code!

Halloween is almost here and to celebrate we are giving you exclusive promo code for any shared hosting or wordpress hosting.

50% OFF FOR THREE MONTH ON ANY SHARED HOSTING OR WORDPRESS HOSTING!
Coupon Code: rocksane
Applies to new orders only. Valid for new and existing customers purchasing any new account.

haloween

How To Patch and Protect – Vulnerability Dirty Cow

very serious security problem has been found in the Linux kernel. A 0-day local privilege escalation vulnerability has existed for eleven years since 2005. This bug affects all sort of of Android or Linux kernel to escalate privileges. Any user can become root in less than 5 seconds. The bug has existed since Linux kernel version 2.6.22+. How do I fix this problem?

This bug is named as Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel. Exploitation of this bug does not leave any trace of anything abnormal happening to the logs. So you can not detect if someone has exploited this against your server.

If you are running CloudLinux follow these step to fix this issue:

Dirty Cow patch for CloudLinux 

  • CloudLinux 7:
    • To update:

      yum clean all; yum install kernel-3.10.0-427.10.1.lve1.4.22.el7 kmod-lve-1.4-22.el7 –enablerepo=cloudlinux-updates-testingand reboot the server

 

  • CloudLinux 6:
    • yum clean all; yum install kernel-2.6.32-673.26.1.lve1.4.18.el6 kmod-lve-1.4-18.el6 –enablerepo=cloudlinux-updates-testingand reboot the server

 

  • CloudLinux 5: Coming Soon

 

How do I fix CVE-2016-5195 on Linux?

Type the commands as per your Linux distro. You need to reboot the box. Before you apply patch, note down your current kernel version:

uname -a
uname -mrs

 

Debian or Ubuntu Linux

sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

then reboot the machine:

sudo reboot

RHEL / CentOS Linux 5.x/6.x/7.x

yum update
reboot

RHEL / CentOS Linux 4.x

up2date -u
reboot

Suse Enterprise Linux or Opensuse Linux

To apply all needed patches to the system type:
zypper patch
reboot

Verification

You need to make sure your version number has changed:
uname -a
uname -r
uname -mrs

If you are running an Android phone, you will need to wait your phone distributor or operators to release a patch, so simply update your phone when requested.

What is the CVE-2016-5195?

CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.

Why is it called the Dirty COW bug?

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

What makes the Dirty COW bug unique?

In fact, all the boring normal bugs are _way_ more important, just because there’s a lot more of them. I don’t think some spectacular security hole should be glorified or cared about as being any more “special” than a random spectacular crash due to bad locking.

—————————————————-

Your business need a managed host to take care of these issue as soon they arise, choose UnderHost and subscribe to our Managed Cloud Hosting  or our optimized shared hosting today.

How to Install Varnish on CentOS 7

1. Introduction

Varnish is a proxy and cache, or HTTP accelerator, designed to improve performance for busy, dynamic web sites. By redirecting traffic to static pages, varnish reduces the number of dynamic page calls, thus reducing load. Varnish is designed for content-heavy dynamic web sites as well as heavily consumed APIs. In contrast to other web accelerators, such as Squid, or Apache and nginx, which are primarily origin servers, Varnish was designed as an HTTP accelerator.

 

2. Varnish Cache Performance Parameters

Once installed, Varnish Cache allows us to use several apps to evaluate the server by means of statistics. These apps are the ones mentioned below.

  • varnishtop: grouped list with the most usual entries from different logs.
  • varnishhist: a histogram that shows the time taken for the requests processing.
  • varnishsizes: it performs the same task as “varnishhist” but showing the size of the objects.
  • varnishstat: it shows many contents on cache hits, resource consumption, etc..
  • varnishlog: it allows us to see all the requests made to the web backend server.

 

3. Requirements

You may need an operating system RHEL 7 or Centos 7 in your dedicated or vps server. Please make sure to set a hostname for your server and its dns is pointing to the IP address of the server.

 

4. Installation Steps

Before you begin please install LAMP (Linux Apache Mysql PHP) in your server. To install LAMP, Please refer the documentation from here

Update your server with latest packages.

# yum update

Now install varnish on Centos.

# yum install varnish

5. How to setup Varnish 4 for Apache

# vi /etc/varnish/varnish.params

Change Listen Port to 80 as we are going to run Varnish in front of Apache:

VARNISH_LISTEN_PORT=80

Now edit Apache configuration file:

# vi /etc/httpd/conf/httpd.conf

Then look for the line that says “Listen 80” and change it to “Listen 8080”

Now restart Apache at first so the webserver run on port 8080 leaving port 80 being usable by Varnish:

# systemctl restart httpd.service
# systemctl restart varnish.service
# systemctl enable varnish.service

You can see varnish running on port 80 using the following command:

# netstat -tunlp | grep :80 tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 22368/httpd tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22145/varnishd

6. Testing varnish

# varnishd -V

Gives you an output something like this:

varnishd (varnish-3.0.7 revision f544cd8)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2014 Varnish Software AS

You can check it like this

# curl -I 
# curl -I 192.168.3.18
HTTP/1.1 403 Forbidden
Date: Sun, 17 Jan 2016 10:42:54 GMT
Server: Apache/2.4.6 (CentOS) PHP/7
Last-Modified: Thu, 1 Oct 2016 15:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
X-Varnish: 13
Age: 0
Via: 1.1 varnish-v4
Connection: keep-alive

 

Get varnish and your site setup within few minutes on one of our virtual private servers or have experts get you online on our managed cloud hosting.