Server security and reliability – Kernel Upgrades
There are so many new and interesting things happening around here that I just didn’t know where to start my post. So, I thought I should go talk to Marian. He is our chief system administrator and is a real source of inspiration when it comes to servers and technology. After an hour spent chatting with him, I decided that “the kernel” is the answer. Marian’s team has just upgraded our kernel again and was quite excited about the new tweaks they made.
For those who haven’t encountered the term ‘kernel”, here is a brief explanation I took from Wikipedia: -– “A Unix kernel — the core or key components of the operating system — consists of many kernel subsystems like process management, memory management, file management, device management and network management.” Although you may run a system with a default kernel, the well- built, stable and secure kernel is essential for offering top notch web hosting services.
Nowadays it’s not that big of a deal when you say you are using the “Latest Linux Kernel”. Everybody does that and most of the modern Linux OS will update their kernel with a click of a button. So, “What’s so special about SiteGround’s Kernel then?” you will ask. Read on and you might just find out:
1. Always up2date with Security Patches:
There is a new Linux Kernel release every once in a while. To be completely honest with you, we do not update the core each time there is a new version available. The kernel updates, as they come out pretty often, are usually very small changes with really minor updates and it would mean rebooting all of our servers each time there is a new minor release. But whenever there is an update concerning security, reliability or system stability, we would be among the first to implement, test and deploy that.
Here are some of the features the latest kernel allowed us and you – the user:
- Improved memory management scalability (more info can be found here)
- Better control of the I/O (Hard Disk) operations to ensure that the I/O operations of all users processes are shared equally. (more info here)
- Memory tests on boot and during the lifetime of the system – early memory corruption detection (more info here)
- Kill of previous unkillable processes and free unused resources (more info here)
2. Additional patches to improve security:
GRSecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. Here at SiteGround, we built each and every kernel with GRSecurity support, as GRSec has proven itself over the years to be among the best security enhancements for the Linux Core.
Often the Linux Kernel with major security updates comes out to the general public pretty quickly after a security breach has been found. However, the GRSec is not really a part of the Kernel but is more like a module for the Linux Core. Therefore, you can imagine that in some cases, the Kernel comes out and it takes weeks or even months to get the GRSec patch for that particular Kernel. But our sys admin team has a solution for that issue too: they port the GRsec to work with the latest Kernel themselves. It saves us time on waiting and it spares the security risks for you.
3. Latest Kernel + Latest GRSec + SiteGround InHouse Chroot = Immortal Combination?
Last year, Marian developed an InHouse Chroot system. Chroot is an operation that changes the current disk root directory for the current running process (and all of its sub-processes) and doesn’t allow accessing files and folders outside that directory.
A simple example of how Chroot works and how you benefit from it would be: if another customer’s website, hosted on the same server gets hacked due to whatever reason, the hacker will not be able to affect anything on the server but that particular customer. The attacker will not be able in any way to access/change/delete any system files/folders or other customers’ files and folders. On a standard host server without such a Chroot system, when one customer gets hacked, all customers on the same server get affected too.
With all of the above said, you can probably imagine how secure a customer can feel whenever his website is hosted on a server that has:
- The Latest Kernel with heavy modifications
- Latest GRSecurity for the Kernel (ported, if there is none) with Chroot enhancements
- A Chroot security system built in especially for our needs.
Unfortunately, I was able to mention only a small portion of what Marian told me he and his team do for the Kernel. If I were to mention them all, nobody would have read that article as it would have been 20 pages long. But the bottom-line here is: If I were the customer, I would rest assured that my website is safe and secure with SiteGround. And what about you?