Protect Your Server Against the Dirty COW Linux Vulnerability

Check Vulnerability

Ubuntu/Debian

To find out if your server is affected, check your kernel version.

uname -rv

If your version is earlier than the following, you are affected:

  • 4.8.0-26.28 for Ubuntu 16.10
  • 4.4.0-45.66 for Ubuntu 16.04 LTS
  • 3.13.0-100.147 for Ubuntu 14.04 LTS
  • 3.2.0-113.155 for Ubuntu 12.04 LTS
  • 3.16.36-1+deb8u2 for Debian 8
  • 3.2.82-1 for Debian 7
  • 4.7.8-1 for Debian unstable

CentOS

Some versions of CentOS can use this script provided by RedHat for RHEL to test your server’s vulnerability. To try it, first download the script.

  • wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

Then run it with bash.

  • bash rh-cve-2016-5195_1.sh

If you’re vulnerable, you’ll see output like this:

Output
Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .

Fix Vulnerability

Fortunately, applying the fix is straightforward: update your system and reboot your server.

On Ubuntu and Debian, upgrade your packages using apt-get.

  • sudo apt-get update && sudo apt-get dist-upgrade

You can update all of your packages on CentOS 5, 6, and 7 with sudo yum update, but if you only want to update the kernel to address this bug, run:

  • sudo yum update kernel

Finally, on all distributions, you’ll need to reboot your server to apply the changes.

  • sudo reboot

start apache2,mysql,nginx from shell script root crontab on ubuntu

in case Debian 3.2.68 distribution . all syntax will be working fine as per my live test.

cd /usr/local/vesta/bin

sudo nano apache-restart.sh

type following..

=========================================================================..

#!/bin/sh

ps auxw | grep apache2 | grep -v grep > /dev/null

if [ $? != 0 ]
then
        service apache2 start > /dev/null
fi
======================================================================================
save it as apache-restart.sh
sudo nano mysql-restart.sh
===================================================================================
#!/bin/bash
/usr/bin/mysqladmin ping| grep 'mysql is alive' > /dev/null 2>&1
if [ $? != 0 ]
then
 sudo service mysql restart
fi
====================================================================================================
save it as mysql-restart.sh

sudo nginx-restart.sh
=========================================================================================

#!/bin/sh
sudo service nginx status > /dev/null

if [ $? != 0 ]
then
 echo "nginx stopped"
 sudo service nginx start > /dev/null
 echo "nginx start"
fi

=============================================================
type crontab -e and type the following shell script to run every minute from root cron user.

* * * * * sh -x /usr/local/vesta/bin/mysql-restart.sh
* * * * * sh -x /usr/local/vesta/bin/apache-restart.sh
* * * * * sh -x /usr/local/vesta/bin/nginx-restart.sh

and save it . that's all. in case any problem you can contact me at [email protected]

 

mysql restart shell script

#!/bin/bash
# mysql root/admin username
MUSER=”root”
# mysql admin/root password
MPASS=”xxxxxxx”
#nano /usr/etc/mysql/debian.cnf
# mysql server hostname
MHOST=”localhost”
#Shell script to start MySQL server i.e. path to MySQL daemon start/stop script.
# Debain uses following script, need to setup this according to your UNIX/Linux/BSD OS.
MSTART=”/etc/init.d/mysql start”
# Email ID to send notification
#EMAILID=”[email protected]
# path to mail program
#MAILCMD=”$(which mail)”
# path mysqladmin
MADMIN=”/usr/bin/mysqladmin”

#### DO NOT CHANGE anything BELOW ####
MAILMESSAGE=”/tmp/mysql.fail.$$”

$MADMIN -h $MHOST -u $MUSER -p${MPASS} ping 2>/dev/null 1>/dev/null
if [ $? -ne 0 ]; then
echo “” >$MAILMESSAGE
echo “Error: MySQL Server is not running/responding ping request”>>$MAILMESSAGE
echo “Hostname: $(hostname)” >>$MAILMESSAGE
echo “Date & Time: $(date)” >>$MAILMESSAGE
# try to start mysql
$MSTART > /dev/null
# see if it is started or not
o=$(ps cax | grep -c ‘ mysqld$’)
if [ $o -eq 1 ]; then
sMess=”MySQL Server MySQL server successfully restarted”
else
sMess=”MySQL server FAILED to restart”
fi
# Email status too
echo “Current Status: $sMess” >>$MAILMESSAGE
echo “” >>$MAILMESSAGE
echo “*** This email generated by $(basename $0) shell script ***” >>$MAILMESSAGE
echo “*** Please don’t reply this email, this is just notification email ***” >>$MAILMESSAGE
# send email
#$MAILCMD -s “MySQL server” $EMAILID < $MAILMESSAGE
else # MySQL is running 🙂 and do nothing
:
fi
# remove file
rm -f $MAILMESSAGE