Updating Your Dedicated Server for the Spectre/Meltdown Vulnerabilities 列印

  • Spectre
  • 1

Recent vulnerabilities related to server hardware have recently been identified and require updating your operating system software to protect your server. Referred to as “Spectre” or “Meltdown”, these vulnerabilities apply to almost all modern computing equipment (servers and desktops alike) and should be taken very seriously. Best Practice is to apply updates to your servers and workstations as soon as they are available from the manufacturers.

NOTE: VPS servers do not require microcode updates as these updates are applied on the parent server. However, operating system and registry updates should still be applied to Cloud servers as part of the recommended Best Practice for server security.

CentOS Systems

To properly mitigate against these vulnerabilities, you need to update the following packages:

  • kernel
  • microcode.ctl
  1. To update, run the following command after Logging into Your Server via Secure Shell (SSH):

    yum update -y kernel microcode_ctl

    On CentOS 6/CloudLinux 6 systems, you also need to run the following before rebooting:

    if ! (mount -l | grep -q debugfs) ; then
    mount -t debugfs none /sys/kernel/debug
    echo "debugfs /sys/kernel/debug debugfs defaults 0 0" >> /etc/fstab
    fi ; echo 1 > /sys/kernel/debug/x86/ibrs_enabled 2>/dev/null || true


  2. Reboot the server.

  3. Check your server's status with the following script:

    /usr/local/lp/apps/sonarpush-helpers/spectre-meltdown-checker*


NOTE: Some motherboard/CPU combinations cannot be patched with microcode updates or BIOS patches. If your server has such a limitation, we may be contacting you about upgrading your server hardware after we've verified that such an upgrade is necessary.

If you have questions or need additional assistance submit a Support Request here:

https://www.alpineweb.com/backroom/submitticket.php

Or visit the Contact Us page for additional contact options:

https://www.alpineweb.com/contact-us/


這篇文章有幫助嗎?

« 返回