Archives

Updating/Patching your Linux Server

As a web hosting server admin, you want to keep your machine up-to-date. In RedHat/CentOS, you will use the yum tool to keep your packages updated.

What is yum?
yum is the primary tool for getting, installing, deleting, querying, and managing Red Hat Enterprise Linux RPM software packages from official Red Hat software repositories, as well as other third-party repositories. yum is used in Red Hat Enterprise Linux versions 5 and later. Versions of Red Hat Enterprise Linux 4 and earlier used up2date.

https://access.redhat.com/solutions/9934

To update your operating system packages:

1. Log in to SSH and switch to the root user

2. Clear the cached packages

yum clean all

On a cPanel server, the output will look like:

root@web [~]# yum clean all
Loaded plugins: fastestmirror, tsflags, universal-hooks
Cleaning repos: EA4 cpanel-addons-production-feed cpanel-plugins MariaDB103 base epel extras psrepo updates
Cleaning up list of fastest mirrors
Other repos take up 6.5 M of disk space (use --verbose for details)
root@web [~]#

3. Run the yum update command to update the packages

On one of our web hosting servers, the output is:

root@web [~]# yum update
Loaded plugins: fastestmirror, tsflags, universal-hooks
Determining fastest mirrors
epel/x86_64/metalink                                                                                                                             |  17 kB  00:00:00
 * EA4: 208.74.123.61
 * cpanel-addons-production-feed: 208.74.123.61
 * cpanel-plugins: 208.74.123.61
 * base: mirrors.unifiedlayer.com
 * epel: fedora-epel.mirror.lstn.net
 * extras: mirror.dc2.hackingand.coffee
 * updates: mirror.netdepot.com
EA4                                                                                                                                              | 2.9 kB  00:00:00
cpanel-addons-production-feed                                                                                                                    | 2.9 kB  00:00:00
cpanel-plugins                                                                                                                                   | 2.9 kB  00:00:00
MariaDB103                                                                                                                                       | 2.9 kB  00:00:00
base                                                                                                                                             | 3.6 kB  00:00:00
epel                                                                                                                                             | 5.3 kB  00:00:00
extras                                                                                                                                           | 2.9 kB  00:00:00
psrepo                                                                                                                                           | 2.9 kB  00:00:00
updates                                                                                                                                          | 2.9 kB  00:00:00
vz-base                                                                                                                                          |  951 B  00:00:00
vz-updates                                                                                                                                       |  951 B  00:00:00
(1/12): cpanel-addons-production-feed/x86_64/primary_db                                                                                          |  18 kB  00:00:00
(2/12): cpanel-plugins/x86_64/primary_db                                                                                                         |  30 kB  00:00:00
(3/12): MariaDB103/primary_db                                                                                                                    |  53 kB  00:00:00
(4/12): epel/x86_64/group_gz                                                                                                                     |  90 kB  00:00:00
(5/12): base/7/x86_64/group_gz                                                                                                                   | 165 kB  00:00:00
(6/12): EA4/7/x86_64/primary_db                                                                                                                  | 1.0 MB  00:00:00
(7/12): extras/7/x86_64/primary_db                                                                                                               | 153 kB  00:00:00
(8/12): psrepo/7/primary_db                                                                                                                      |  74 kB  00:00:00
(9/12): epel/x86_64/updateinfo                                                                                                                   | 1.0 MB  00:00:00
(10/12): base/7/x86_64/primary_db                                                                                                                | 6.0 MB  00:00:01
(11/12): updates/7/x86_64/primary_db                                                                                                             | 5.9 MB  00:00:01
(12/12): epel/x86_64/primary_db                                                                                                                  | 6.9 MB  00:00:01
(1/2): vz-base/primary                                                                                                                           |  723 B  00:00:00
(2/2): vz-updates/primary                                                                                                                        | 1.0 kB  00:00:00
vz-base                                                                                                                                                             1/1
vz-updates                                                                                                                                                          4/4
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be updated
---> Package epel-release.noarch 0:7-12 will be an update
---> Package kmod-libs.x86_64 0:20-23.el7 will be updated
---> Package kmod-libs.x86_64 0:20-25.el7 will be an update
---> Package yara.x86_64 0:3.8.1-1.el7 will be updated
---> Package yara.x86_64 0:3.11.0-1.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================================================
 Package                                    Arch                                 Version                                       Repository                          Size
========================================================================================================================================================================
Updating:
 epel-release                               noarch                               7-12                                          epel                                15 k
 kmod-libs                                  x86_64                               20-25.el7                                     base                                51 k
 yara                                       x86_64                               3.11.0-1.el7                                  epel                               213 k

Transaction Summary
========================================================================================================================================================================
Upgrade  3 Packages

Total download size: 278 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/3): epel-release-7-12.noarch.rpm                                                                                                              |  15 kB  00:00:00
(2/3): kmod-libs-20-25.el7.x86_64.rpm                                                                                                            |  51 kB  00:00:00
(3/3): yara-3.11.0-1.el7.x86_64.rpm                                                                                                              | 213 kB  00:00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                   656 kB/s | 278 kB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : epel-release-7-12.noarch                                                                                                                             1/6
  Updating   : kmod-libs-20-25.el7.x86_64                                                                                                                           2/6
  Updating   : yara-3.11.0-1.el7.x86_64                                                                                                                             3/6
  Cleanup    : epel-release-7-11.noarch                                                                                                                             4/6
  Cleanup    : kmod-libs-20-23.el7.x86_64                                                                                                                           5/6
  Cleanup    : yara-3.8.1-1.el7.x86_64                                                                                                                              6/6
  Verifying  : yara-3.11.0-1.el7.x86_64                                                                                                                             1/6
  Verifying  : kmod-libs-20-25.el7.x86_64                                                                                                                           2/6
  Verifying  : epel-release-7-12.noarch                                                                                                                             3/6
  Verifying  : kmod-libs-20-23.el7.x86_64                                                                                                                           4/6
  Verifying  : yara-3.8.1-1.el7.x86_64                                                                                                                              5/6
  Verifying  : epel-release-7-11.noarch                                                                                                                             6/6

Updated:
  epel-release.noarch 0:7-12                             kmod-libs.x86_64 0:20-25.el7                             yara.x86_64 0:3.11.0-1.el7

Complete!
root@web [~]#

Resources:
Working with yum cache
yum command cheat sheet

Switching to Root User on Linux

Running your web hosting server will require many times to run commands as the root user. Many admins choose to block direct root logins, so first, you will need to log in as a normal user and then switch to the root user.

There are some web hosting companies that sell managed servers without root access. This is to prevent any issues you can accidentally cause logged in as root. So, take care when working as root 😉

To switch to the root user use the su – command. Enter the root password when asked.

[mab@localhost ~]$ su -
Password: 
[root@localhost ~]#

If you want to switch back to the initial user or to another user:

su - <username>

[root@localhost ~]# su - mab
[mab@localhost ~]$ 

Maintenance mode via .htaccess

Many times we are asked by our clients how to put the site offline but still be able to work on it. We will show in this article how to set a “maintenance mode”/ “down for maintenance” page.

WordPress users can simply use a plugin. Just search, install and test the one that suits your needs. Look at https://wordpress.org/plugins/search/maintenance+mode/

We discuss how you can ‘set’ maintenance mode via the .htaccess file. Notice that .htaccess file is a hidden file. To see hidden files in cPanel, check these articles:
View hidden files in FileZilla
Show hidden files in cPanel

Site Maintenance Mode

The following code snippet will send all web traffic to the maintenance.html file, excepting the traffic from the specified IP address. Replace 123.123.123.123 with your IP address.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123.123.123.123
RewriteCond %{REQUEST_URI} !^/maintenance.html$
RewriteRule ^(.*)$ https://domain.com/maintenance.html [L]
</IfModule>

If you are using images, css/js files in the maintenance.html, put them in the /resources/ directory and use:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123.123.123.123

RewriteCond %{REQUEST_URI} !^/resources/.*$
RewriteCond %{REQUEST_URI} !^/maintenance.html$
RewriteRule ^(.*)$ https://domain.com/maintenance.html [L]
</IfModule>

Some recommend using a redirect code 307 or 503 in the last rule. We do not recommend such a code, as 503 HTTP means Service Unavailable. The 307 HTTP code is Temporary Redirect.

Resources:
HTTP status codes

Add/Remove Linux users

To add a Linux user to your server you will use the adduser command:

adduser <new_username>
passwd <username_password>

Here we will add user ‘ph1’ to the server:

root@web [/]# adduser ph1
root@web [/]# passwd ph1
Changing password for user ph1.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
root@web [/]#
CentOS Login Screen

Notice that the home directory of the user will usually be /home/username/. To specify a home directory when creating the user, use:

adduser -d <desire_user_directory>

The users’ home directories are stored in /etc/passwd file. To view the home directory for a user:

root@web [/]# cat /etc/passwd | grep ph1
ph1:x:32012:32015::/home/ph1:/bin/bash
root@web [/]#


To remove a Linux user from your server:

userdel <username>
root@web [/]# userdel ph1
root@web [/]#

To delete the user’s account, the user’s directory and the user’s mail spool, use:

userdel -r <username>

root@web [/]# userdel -r ph1
root@web [/]#

Notice that the commands adduse and userdel will not display any confirmations on success.

Resources:
adduser man page
userdel man page

List active FTP connections/users

To list the active FTP connections on your server use:

netstat -n | grep :21

root@web [~]# netstat -n | grep :21
tcp        0      0 162.255.200.197:80      17.58.101.200:21715     TIME_WAIT
tcp        0      0 162.255.200.197:37224   29.112.111.129:21       TIME_WAIT
tcp        0      0 162.255.200.197:21      69.117.199.248:3861     ESTABLISHED
tcp       30      0 162.255.200.197:56022   29.112.111.129:21       CLOSE_WAIT
tcp        0      0 162.255.200.197:46948   29.112.111.129:21       TIME_WAIT
tcp        0      0 162.255.200.197:80      175.100.10.241:21277    FIN_WAIT2
tcp        0      0 162.255.200.197:21      69.117.199.248:4498     ESTABLISHED
tcp        0      0 162.255.200.197:38998   29.112.111.129:21       ESTABLISHED
tcp        0      0 162.255.200.197:80      175.100.10.241:21276    TIME_WAIT

To list the server users, use:

ps aux| grep ftp

root@web [~]# ps aux| grep ftp
root       129  0.0  0.0  42688    80 ?        Ss    2019   0:11 /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
root       550  0.0  0.0 148816   276 ?        Ss    2019   0:13 pure-ftpd (SERVER)
bobcom   20107  0.0  0.0 148820   892 ?        S    05:41   0:00 pure-ftpd (IDLE)
root     20108  0.0  0.0 148820   604 ?        S    05:41   0:00 pure-ftpd (PRIV)
bobcom   20303  0.0  0.0 148820   892 ?        S    05:42   0:00 pure-ftpd (IDLE)
root     20304  0.0  0.0 148820   604 ?        S    05:42   0:00 pure-ftpd (PRIV)
root     24943  0.0  0.0   9096   664 pts/1    S+   05:54   0:00 grep --color=auto ftp
root@web [~]# 

To summarize the above output:

ps aux | grep ftp | awk {'print $1'} | sort | uniq -c

root@web [~]# ps aux | grep ftp | awk {'print $1'} | sort | uniq -c
      2 bobcom
      6 root
root@web [~]#

Notice that the most information about the FTP activity you will get from the /var/log/messages. This is the log file for the Pure-FTPd on web hosting servers.

Page 3 of 10
1 2 3 4 5 10