How to update CentOS 8

When you manage a CentOS 8 server, it is important that you always ensure that the security and software updates have been carried out. This is because servers with the most recent updates are less likely to be victims of cybercrime. For example, hacks and vulnerabilities are a lot less common with servers that have the most recent software.

Before updating your CentOS 8 server, it is important to make an externally stored backup. Having an external backup (not on your CentOS 8 server) comes in handy when your server has errors or crashes. In such cases it is no longer possible to access your backup. If you do not have an externally stored backup, it could mean that you have lost all of your data.

In addition to an externally stored backup, you need SSH access to update your CentOS 8 server. You can use putty on Windows for this. Do you have Mac or Linux? Then you can use the terminal.

Check if you’re using CentOS 8

After you’ve logged in, we have to check if you’re indeed running CentOS 8. To know which version of CentOS you are using, you can use the following command:

cat /etc/redhat-release

If you’re running CentOS 8, you should get the following result:

CentOS Linux release 8.X

If you got this result, we know that you’re running the correct CentOS version and we can continue with step 2.

Step 2: Clear cache

Before updating your CentOS server, it’s really important that you empty all the caches and have the most recent repos (software servers and lists). You can use the following command to do this:

yum clean all -y

After you’ve cleared the cache, it’s time to update CentOS.

Step 3: Update your CentOS 8 server

When updating CentOS, you can choose to use the recommended settings or you can determine which settings are used yourself.

If you want to use the recommended settings, you can run the following command:

yum update -y

Do you prefer deciding which settings are used in the update? Then you can omit -y. The command then looks as follows:

yum update

When the update is done successfully, the only thing left to do is a server reboot. After the server reboot you’ll be sure that everything went well and that the update has been completed properly. You can use the following command to perform a reboot:

reboot

Do you have questions about updating CentOS or need help? We are more than happy to help you! Do not hesitate to contact us click here

Also check out our other posts on topics such as “the best ways to secure your server”, “how to create an external backup server” and a lot more! Click here

How to Install Pure-FTPd with Let’s Encrypt

If you manage multiple servers, it is super important to make backups yourself. Hosting providers often do offer backup services, however, it’s also important to have a back-up server elsewhere so that you always have access to your own data. This is especially useful when, for example, your hosting provider is completely offline.

In this “how to install” we’ll explain step by step how you can setup an FTP server with Pure-FTPd and how you can secure it with a certificate.

For this setup, we recommend that you use a dedicated server with Debian 10.

Step 1: Update server

Make sure that your Debian 10 server is up-to-date.

Step 2: Pure-FTPd installation

When your server is up-to-date, we can install the FTP server with Pure FTPd. For this, we use the following command:

apt-get install pure-ftpd

Step 3: Configuration and setup of Pure-FTPd

To ensure that everything runs properly, the following commands must be executed:

echo "yes" > /etc/pure-ftpd/conf/Daemonize
echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
echo "2" > /etc/pure-ftpd/conf/TLS

We recommend setting your FTP to IPv4 only, as the performance of IPv6 is not the same for every provider. You can do this by using the following command:

echo "yes" > /etc/pure-ftpd/conf/IPV4Only

Now we are going to set the config. Out of experience we know that the following works best:

We start with deleting the existing config. To do this, you can use the following command:

rm -rf /etc/pure-ftpd/pure-ftpd.conf

Now that we’ve deleted the existing config, we can complete the config file with our settings. Open the pure-ftpd.conf.

nano /etc/pure-ftpd/pure-ftpd.conf

Now that we have the text editor open, you can copy & paste the following:

ChrootEveryone               		yes
BrokenClientsCompatibility no
MaxClientsNumber 50
Daemonize yes
MaxClientsPerIP 8
VerboseLog no
DisplayDotFiles yes
AnonymousOnly no
NoAnonymous no
SyslogFacility ftp
DontResolve yes
MaxIdleTime 15
LimitRecursion 10000
AnonymousCanCreateDirs no
MaxLoad 4
AntiWarez yes
Umask 133:022
MinUID 100
AllowUserFXP no
AllowAnonymousFXP no
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
AutoRename no
AnonymousCantUpload no
MaxDiskUsage 99
CustomerProof yes
CertFile /etc/ssl/private/pure-ftpd.pem

Everything is now set up and configured.

Step 4: Secure the FTP server with Let’s Encrypt.

It’s important to make sure that you’re using a secure connection for your FTP traffic.

If you want to use an SSL/TLS, we first need to create the folder for it. The certificate will be placed in this folder. To do this, you can use the following command:

mkdir -p /etc/ssl/pure-ftpd

Secure your FTP server with the SSL of Let’s Encrypt

In order to use Let’s Encrypt we first have to install Certbot.

apt-get install certbot

Now that we have done the installation, it is time to request an SSL. Make sure you have a hostname and A record for your server and go through all the steps of certbot.

certbot certonly --standalone

Now we are going to merge the created Let’s Encrypt certificate files. We do this with the following command:

cat /etc/letsencrypt/live/*/privkey.pem /etc/letsencrypt/live/*/fullchain.pem > /etc/ssl/private/pure-ftpd.pem

After we’ve merged the certificates, we have to make sure that the renewed SSL is automatically merged via cronob:

nano /etc/cron.d/certbot

If all goes well, the last line should say:

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

Now we have to add the following to the last line:

&& cat /etc/letsencrypt/live/*/privkey.pem /etc/letsencrypt/live/*/fullchain.pem > /etc/ssl/private/pure-ftpd.pem

It should then look as follows:

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew && cat /etc/letsencrypt/live/*/privkey.pem /etc/letsencrypt/live/*/fullchain.pem > /etc/ssl/private/pure-ftpd.pem

If all went well, we can restart Pure-FTPd with the following command:

service pure-ftpd restart

Step 5: create user(s)

There are two ways: create a user with SSH access or create a user without SSH access and set a storage limit.

For every account that is created, a home profile is created at /home.

Easy way to create user(s)

Use the following command to easily create an user:

adduser USERNAME

After entering this command, you can set your password. After having set the password, everything will be ready for this user and a profile will be created on /home/username.

Create user with extra options

If you want to create a user with extra options, we first have to create a user group for FTP users without SSH access.

groupadd ftpgroup

Now we can create the user:

useradd -g ftpgroup -d /dev/null -s /etc USERNAME 

pure-pw useradd USERNAME -u USERNAME -g ftpgroup -d /home/USERNAME

If you want to give the user a storage limit you can add: -N 1000.
This gives the user a storage limit of 1000MB.

Example of the command with a storage limit of 1000 MB:

pure-pw useradd USERNAME -u ftpuser -g ftpgroup -d /home/USERNAME -N 1000

Now we have to create the directory for the FTP user with the following command:

mkdir /home/USERNAME

chown -R USERNAME:ftpgroup /home/USERNAME

The next step is to update the Pure-FTPd database. You can do this with the following command:

pure-pw mkdb

ln -s /etc/pure-ftpd/pureftpd.passwd /etc/pureftpd.passwd

ln -s /etc/pure-ftpd/pureftpd.pdb /etc/pureftpd.pdb

ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB

Finally, we have to restart the Pure-FTPd:

service pure-ftpd restart

Every time you make changes to a user, the database must be updated:

pure-pw mkdb

Do you want to change the password for an FTP user? Then you can use the following command:

pure-pw passwd USERNAME

In case you have any questions or need help, you can contact our support team: click here

Also check out our other posts on topics such as “the best ways to secure your server”, “how to create an external backup server” and a lot more! Click here

How to update CentOS 6

If you manage a CentOS 6 server yourself, it is necessary to ensure that all software and security updates are up to date at all times. This ensures that you are not susceptible to a hack/vulnerability.

Before you start, it is always extremely important that you have backups that are stored externally – so not on your server itself. This is important because if your server has any errors or has crashed, it won’t be possible to access your backup.

To update your CentOS 6 server you need SSH access. On Windows, you can use putty to do this. Mac and Linux users can use the terminal.

Step 1: Check CentOS version

Once you are logged in, we will first check whether you are indeed running CentOS 7.

Run the command below to see which CentOS version you are using:

cat /etc/redhat-release

You should get the following result:

CentOS release 6.10 (Final)

Now that we are sure that the correct CentOS version is running, we can get started.

Step 2: Clear cache

We will first ensure that all caches are emptied and that we have the most recent repos (software servers and lists),

yum clean all -y

Now that all caches have been cleared, we can start with the updates.

Step 3: Update CentOS

If you want to use the recommended settings for any upgrades, you can run the following command:

yum update -y

If you want to control which settings are used in an upgrade, you can omit -y

yum update

If all updates have been performed successfully, all you have to do is to perform a server reboot so that everything is completed properly.

reboot

If you have any questions or need help, you can always contact our support team click here

Also check out our other posts on topics such as “the best ways to secure your server”, “how to create an external backup server” and a lot more! Click here

How to update CentOS 7

Do you manage a CentOS 7 server yourself? Then it’s important to ensure that all software and security updates are performed at all times. Having your software and security up-to-date ensures that you’re not susceptible to a hack/vulnerability.

When performing updates on your server, it’s always important to have a backup that’s stored externally (so not on your server itself). This is important in case your server has any error or crashes. When this happens, it won’t be possible to access your backup. By saving your backup externally, you can prevent a lot of problems.

To update CentOS 7 on your server you need to have SSH access. To get this, you can use Putty on Windows or the terminal on Mac and Linux.

Step 1: Check if you’re using CentOS 7 

Before we start with updating CentOS 7, we have to check if you’re indeed running CentOS on your server. To see if this is the case, we have to run the following command:

cat /etc/redhat-release

If you’re indeed running CentOS 7, you should get the following result:

CentOS Linux release 7.8.2003 (Core)

If you got this result, we know that you’re running the correct CentOS version and we can continue with step 2.

Step 2: Clear cache

Before we start with the actual update of CentOS 7, we have to ensure that all caches are emptied and that it has the most recent repos (software servers and lists). We can do this with the following command:

yum clean all -y

When this has been done successfully, we can continue with the update.

Step 3: Update CentOS 7

Do you want to use the recommended settings for the update? Then you can run the following command: 

yum update -y

If you want to decide which settings are used in the update yourself, you can omit -y. This command will look as follows:

yum update

After you’ve updated CentOS 7, it’s important to perform a server reboot. By performing a server reboot you can confirm that everything is done successfully. 

reboot

If you have any questions or need help, you can always contact our support team click here

Also check out our other posts on topics such as “the best ways to secure your server”, “how to create an external backup server” and a lot more! Click here