• Welcome, Guest. Please login.
 

System Kernal

Started by Bigguy, May 15, 2018, 07:38 pm

previous topic - next topic

0 Members and 1 Guest are viewing this topic.

Bigguy

May 15, 2018, 07:38 pm Last Edit: May 21, 2018, 10:10 pm by Bigguy
Ok, so this needs updated on my server. I have a screen shot but not sure if I should post if this creates a security breech for this server. I doubt it, but to be safe I will not post it yet. Keep in mind this shit makes me nervous as hell. Almost like playin with electricity. (I hate that) Anywho, it says I should run the update from a command line, which I understand. I need to download a program that is talked about here in this board and configure it to access my server and go from there.

Keep in mind I am on a vps. So I am not sure I should even do this. What I did was go into the security advisor in WHM and ran a scan to see what problems I had. This is one that comes up on pretty much every server I have ever had. So, do I update it or not. Remember my nerves please lol.

* Bigguy walks away sweating.

chen_zhen

Your panel should have the option to allow you to update your OS.
It should also have an option to access the command line as the root user else you sudo root.

What are you using CentOS, Ubuntu, Windows?

You should be updating your OS on a regular basis.
ie. check at least every few weeks or less.


chen_zhen

May 16, 2018, 12:00 am #2 Last Edit: May 16, 2018, 12:02 am by chen_zhen
I just read in one of the other threads something about CentOS with yum installed.
If that's the case then you can usually update using the command line with:
yum update

or if you are not set as root by default then it is (prompted with root password):
sudo yum update

Bigguy

It is centos 6.9 I will post the screen shot for a bit than take it down.

chen_zhen


The -y is so it does not prompt you with any yes/no questions but it's the same command.
Just run it, nothing to be worried about.


Bigguy

Would this do the same thing. I just updated WHM and cpanel from WHM. Now I find this button. Would that update the kernal the way it should.

Bigguy

I can't find a command line in WHM so I guess I need software to do this.

chen_zhen

May 18, 2018, 11:03 am #7 Last Edit: May 18, 2018, 11:05 am by chen_zhen
Your server host panel (not your control panel) may have command line access.
Perhaps check that first prior to the info below but eventually you will need to learn how to do what I am instructing.



I use pUTTY but there are other terminal command line platforms.
I think Skhilled uses something else that he mentioned in the past.

putty download:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

If you set something like that up it has to be secured else hackers/bots will attempt to access it.
It needs SSL encryption.

Even though some tutorials suggest not to use a passphrase for the ssh tunnel I will suggest that you do.
This way there are 2 layers of p/w protection to access the terminal (key & passphrase).
When you learn a bit more you can change the port access but at your level I suggest sticking with port 22 for now.

install putty ref.
https://www.youtube.com/watch?v=RhD08kJOTy0

setup ssh tunnel & generate keys for putty:
https://www.ssh.com/ssh/putty/windows/puttygen
https://www.youtube.com/watch?v=M4Nmqu8nHhM



After setting up the SSH tunnel make sure you first open a second putty window and test the new tunnel settings before closing the first opened putty page. This way you can make sure you have it set correctly prior to logging out of the initial terminal window.



SSH Port:
You can change your SSH port to make it's more secure. This step can be done at a later time when you are more comfortable with the command line.  Make sure to heed my warning and test in a second open window after making changes so that you know you can log in.

ref.
https://wiki.centos.org/HowTos/Network/SecuringSSH#line-52

.. ensure you edit the file & do the firewall changes else it will not allow you to use your terminal.
Also do not forget to change your port setting in putty and save it after changes to your OS files & firewall.



Bigguy

Ok, that's alot to take in but I will check things out today or tomorrow.

Bigguy

I still have to get at this. I have just been a bit busy. It might be a week more before I get into it.

Skhilled

To change SSH port in WHM you just need to:

1.  Open the port you wish to use in the firewall you are using. Also, read this from the cPanel docs:

QuoteWe recommend that you use a privileged port of 1 -- 1023 that another service does not not currently use. Only the root user can bind to ports 1 -- 1023. Anyone can use the unprivileged ports of 1024 and greater.

2.  Open the file /etc/ssh/sshd_config and change this line to the port you wish it to be:

#Port 22 - remove the " # " and change " 22 " to the port number you wish to use.

3. Run:

QuoteAfter you configure SSH, run the /scripts/restart_sshd script or the service sshd restart command to restart the SSH daemon.

After you restart SSH, log out of your server and log in again with the user, IP address, and port number that you specified in the sshd_config file.
If you are using MobaXTERM, which I highly recommend, you can edit the Session/IP you are using to add the port so it does it automatically and with one click. That program makes things SOOOO much easier to learn using SSH and more.

Please read the docs here for more info on this:

https://documentation.cpanel.net/display/CKB/How+to+Secure+SSH

As far as the kernel goes, That's something your provider may have to update. Check with them first or you may hose your VPS like I did. Otherwise, you can try something like KernelCare but you have to pay for that.

https://www.kernelcare.com/

Skhilled

I forgot to mention... In MobaxTerm, after you log into a session, you'll see a new tab called "SFTP" on the left. Click it to navigate your files on the server like Windows File Manager. You can edit the files using that. It has a built-in text editor or you can choose another one installed on your PC/device. Just right-click on files/folders and you'll see the options.

Bigguy

Awesome info man. I will get to this soon. Not sure when but it has to be done.

Skhilled

I've forgot to mention... Always restart the ssh service using one of the following commands depending on your distro:

https://www.cyberciti.biz/faq/howto-restart-ssh/

If you change the port and do not run one of those commands before you logout...you will not be able to login again until you reboot the VPS. If you reboot the VPS the sites go down until it completes the reboot cycle...up to a minute or two.

Using the commands in the link above will only reboot the ssh service/daemon and not logout any sites. Any reboot will log all users out of SSH.

Bigguy

good to know. I will maybe check this out later today, not sure what I got left on my plate yet.