Bobcares
        • Web Hosting

        • Customized web hosting support solutions with 20 years of experience.

        • Cloud Hosting

        • 24x7x365 cloud support services for all major cloud platforms.

        • VPS Hosting

        • Premium support and management solutions for VPS providers.

        • Data Center

        • Enhanced support solutions for small to hyperscale data center providers. 

        • SaaS

        • Efficient deployment, updates, and end-user support for SaaS companies.

        • VPN

        • Premium support solutions for VPN companies.

        • Digital Agency

        • Comprehensive development and marketing solutions for digital agencies

        • ISP

        • Reliable end-user support and technical teams for ISP companies...

        • CDN

        • Reliable support solutions for CDN providers.

        • WE ARE HERE TO HELP
        • Image Description

          If you can't find the service you need, just write to us and we will figure something out.

          Chat with us

Client Area
Emergency Support
Server Management

CentOS patching – 8 best practices to follow

by | Dec 1, 2018

Maintaining a server can be really hard.

Applying regular updates and patches is important to keep the Operating system up to date and secure.

In our Server Management Services, we help server owners forget their server concerns by keeping the servers secure, update the server software and install critical patches on time.

Today, let’s discuss more on “CentOS patching – best practices“.

 

What is a Patch and Why to Patch?

Patches are updates that contain changes in source code and are installed into the existing software program.

Here’s what patches can do:

  • Address new security vulnerabilities.
  • Integrate new features.
  • Address a specific bug or flaw.
  • Improve Operating system/software stability.
  • Install new drivers.

 

Why to Patch?

Unpatched systems are one of the easiest entry points for hackers to gain access to the network.

So, patches to an Operating system are essential to keep the systems up to date, stable and safe from malware and other security threats.

Now, let’s see the best practices to patch a CentOS server.

 

CentOS Patching – Best Practices

In our experience managing servers, below are the common steps that our Server Experts follow while patching CentOS servers.

 

1) Develop an updated inventory list

Firstly, we develop an up to date inventory of systems like OS types, OS versions, IP addresses in the system, etc.

This helps us to easily identify which patches are needed by each system.

Therefore, this keeps the patch management process up to date.

At Bobcares, for the servers that we manage, we regularly audit the servers and update the new software additions or resource additions in our inventory.

 

2) Schedule regular patching

Usually, CentOS releases their patches at different times.

So, our Server Management Team schedule check for patches and updates atleast once a month.

Also, we regularly check for critical patches and apply them that are released in between.

In CentOS servers with EPEL repository, we use “yum-plugin-security” package to install security updates.

For example, we use the below command in Centos 6/7 to list all security updates.

yum updateinfo list security all

 

And, we use the below command to install all security packages.

yum update --security

Unfortunately, this will not work on CentOS as it does not supply the necessary data in the yum repositories to allow the yum -plugin-security plugin to work at all. That’s why, we just run yum update on a regular basis to get all the security updates.

 

3) Schedule automatic patching

Moreover, we setup automatic patch management system to keep systems up to date with latest security patches and updates.

On CentOS servers, we use the package “yum-cron” to automate the security updates via yum.

First, we install this package with the command:

yum -y install yum-cron

 

After the installation is complete, we start the service, and enable it to automatically start on server boot with the below commands:

systemctl start yum-cron
systemctl enable yum-cron

 

Finally, we modify the file “/etc/yum/yum-cron.conf” for automatic updates.

For example, to automatically install security updates, we modify the below parameter in the yum-cron.conf file.

update_cmd = security

 

4) Download patches from trusted source

This is one of the most important steps in Centos patching.

When updating software, it is important to download the updates or patches from a trusted source.

Because, an attacker can easily rebuild and release a package as the one that is supposed to fix the problem but with a different security exploit.

At Bobcares, Our Security Engineers, always download RPMs from trusted sources and verify the package for its integrity.

For example, in Centos all packages are signed with GPG key that guarantees the authenticity of the files.

 

5) Prioritize the patches based on severity

Some patches must be applied immediately to prevent malicious access to your network.

Likewise, some may have only a minimal effect on certain system configurations.

So, we first assess the level of vulnerability, severity and the cost of mitigating each attack and then prioritize the patches like Critical, Urgent, etc.

 

6) Test the patches

Server patches can conflict with your systems and take down the system completely.

In other words, patches require certain system requirements for installation, and if they are not properly tested, the dependent systems or applications may go down.

So, before applying the patches, it’s always recommended to test the patches on a test environment.

During this phase, we identify whether the server requires a reboot. If so, our Server Management Team plans a maintenance window to apply these patches in the live system.

 

7) Schedule a Downtime or maintenance window

Patching requires time, reboots, that can interrupt normal business operations.

That’s why, we often maintain a scheduled maintenance window for such activities.

So, customers can plan their business activities accordingly. Also, there are no unexpected reboots that disrupt business operations.

At Bobcares, our System Engineers, often schedule such patches/updates during weekends at off peak hours so customers have minimal impact.

 

8) Have a good backup

Above all, we always take a complete backup of the system before applying the patch.

So that, if something goes wrong, we can easily roll back to the previous version.

 

Conclusion

Patches are important to make the system secure and stable. With a little planning ahead, patching can be a smooth process. Today, we discussed more about  CentOS patching best practices and the steps our Server Administration Team took to make it a pain free process.

Related posts:

  1. CentOS DDoS protection – A guide to secure your server from DDoS!
  2. How to fix “Temporary failure in name resolution” error in CentOS?
  3. How to install and configure Grafana on CentOS 7
  4. How we install PHP FPM on CentOS – Related errors and fix

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. CentOS DDoS protection – A guide to secure your server from DDoS!
  2. How to fix “Temporary failure in name resolution” error in CentOS?
  3. How to install and configure Grafana on CentOS 7
  4. How we install PHP FPM on CentOS – Related errors and fix

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF