Further to our last blog post regarding the Intel vulnerabilities Meltdown and Spectre we are now in a position to give our customers guidance on protecting their own server. Note however that not all operating systems can be patched so to find out how to protect yourself, please read on!
What Operating System do you Have?
As some operating systems are now end of life it is important that you check what version of Windows or Linux you are running before attempting to patch your operating system. Just follow these instructions to find out:
If you are running Windows on your server simply login via remote desktop as the Administrator and click the Start button or Windows logo depending on what you have. If you can see a Run option, click it and type winver.exe and press enter. If you only see a search field type winver and then double click winver.exe from the results. You can also access the version through control panel under the system properties.
If none of these options work then try visiting http://whatsmyos.com/ in a browser from the server desktop and this should be able to determine the Windows version.
Login to the server as root through SSH using Putty or similar and type the command uname -a and then press enter. This will give you the current kernel version and should also display the operating system be it Centos, Ubuntu, etc. If this doesn’t work try typing one of the following commands instead:
- lsb_release -a
- cat /etc/*release
- cat /etc/issue*
- cat /proc/version
Can I Patch my Operating System
The vast majority of our customers will be able to proceed and patch their servers however if you are running any of the operating systems listed below then they have reached end of life and you will not be able to apply the patches:
- Any version of windows 2003 or lower. Windows 2008 and later are fine
- RHEL4 or lower. Often referred to as Redhat
- CentOS 5 or lower
- Ubuntu 12.04 or lower
- Debian 6 or lower
- Suse 10 or lower
If you are running any of the operating systems above unfortunately you will not be able to patch your system as updates are no longer provided. In this case you should contact our team on 0370 755 5088 for further advice and options.
If you are running VMWare then there are additional requirements outside the scope of this post and you should in the first instance refer to the VMWare security blog which discusses your options further: https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html
OK I’m Good, my Operating System can be Patched
**IMPORTANT – Before proceeding further makes sure you have a full backup of your software/files! – IMPORTANT**
This line is important as you should always have an up to date backup but we cannot take any responsibility for a broken system running the following commands.
If you are running a supported operating system then the process to patch against the vulnerabilities is very simple.
Just access Windows Updates and Check for new updates through the control panel. If there any updates to install then you should proceed to install the updates, there might be a few if you haven’t done this for a while or have automatic updating switched off. You may also want to revisit the updates section in a few days to check if any further updates are available.
The instructions vary slightly dependent on your distribution:
Open an SSH session and type yum update and then hit enter. You may see a large number of updates which ideally should all be installed. Once the update is complete you will need to reboot your server after the updates are complete.
Open a SSH session and type dnf –refresh update kernel or dnf update and hit enter. As above, install the updates and then reboot
Type the following command hitting enter after each one:
- apt-get update
- apt-get upgrade
- shutdown -r 0
Once the reboot has completed you should now be patched and secure. If you have any problems with these instructions or you would like our support team to assist then please get in touch.