CentOS Project Announces Early End-of-Life Date for CentOS 8

CentOS 8 Announces Early End-of-Life Date - Plesk

We recently found out that the CentOS Project accelerated the End-of-Life date for CentOS 8, meaning that no further operating system updates will be available after December 31, 2021. In the meantime, though, Plesk will continue supporting both CentOS 7 and 8 and CloudLinux 7 and 8 until their planned end of life dates.

CentOS also announced other critical changes to its roadmap that have an impact on the Plesk products and our users and partners:

  • CentOS 8 will be transformed to an upstream (development) branch of Red Hat Enterprise Linux called CentOS Stream, where previous CentOS versions are part of the stable branch.
  • Although CentOS 7 life cycle remains unchanged, updates and security patches will be available until June 30, 2024. The life cycle timing is subject to change.

For additional information on the CentOS Project changes, you can also read their detailed blog post or refer to the CentOS FAQ page.

Plesk Support for CentOS 8

Plesk Support for CentOS 8 - CentOS 8 Announces Early End-of-Life Date - Plesk

If you’re wondering how CentOS 8 End-of-Life policy could affect your Plesk, here are some workarounds that you may want to hear. The good news is that Plesk has already been investing in product support for Ubuntu for decades, and will continue to support CentOS 8. 

Plesk Obsidian supports Ubuntu 20.04 LTS starting from Plesk Obsidian 18.0.29, and Plesk Onyx 17.8, Ubuntu 18.04 LTS. Nonetheless, if you’re a Plesk Onyx user, note that from April 22, 2021, it will no longer be available for new purchases and will stop receiving further development and technical support requests. Please read this article to learn how to upgrade to the latest Plesk Obsidian and how to automate renewals to keep your Plesk updated at all times.

When to Transition and Other Alternatives

CentOS 7 is the most popular choice of Plesk users. Therefore, it will be officially supported by RHEL until June 30, 2024, and will be supported by Plesk to that date. CentOS 7 remains a good choice for a new server.

We will consider supporting CentOS Stream as an alternative to CentOS 8 based on actual industry flow. So, people who will make a decision to follow the official RHEL distro will have CentOS Stream as an option. RHEL states that switching from CentOS 8 to CentOS Stream will be in-place and smooth. 

Additionally, we also plan to deliver AlmaLinux OS support for Plesk in summer 2021. AlmaLinux OS is a free new RHEL fork from the CloudLinux team, and it’s been developed in close co-operation with the community. 

Another good thing is that Plesk will also keep supporting CloudLinux OS 8. This additional supported operating system provides an upgrade path for customers with CloudLinux 6 or 7 deployments. CloudLinux is another commercially supported operating system that many of our partners benefit from. CloudLinux includes many advanced features such as improved user resource limitations, increased user visibility, and advanced customer isolation.

If you need additional information about this topic, please reach out to our support team. They will be happy to support you. And if you want to share your thoughts with us, drop us a line in the comment section below. 

How to Install and Configure CSF

CSF installation guide Plesk blog

As a firewall application suite designed for Linux servers, Config Server Firewall ( CSF ) is a Login/Intrusion Detection that’s effective for such applications as SSH, Pop3, IMAP, SMTP and others.

CSF will recognize when a user is signing into the server through SSH and send you an alert if they attempt to utilize the “su” command to attain higher privileges on the server.

Another key function of CSF is that it will check for failed login authentications on mail servers (IMAP, Exim, uw-imap, Dovecot, Kerio), Ftp servers (Pure-ftpd, Proftpd, vsftpd), OpenSSH servers, and Plesk & cPanel servers for replacing software such as fail2ban.

CSF is a solid security solution for server hosting, and it can be integrated easily into Plesk and WHM/cPanel’s user interface.

Steps to follow:

Step One – Install CSF Dependencies

As CSF is based on Perl, you’ll need to install this on our server to begin. You should have wget for downloading the CSF installer as well as vim (or an editor of your choosing) to make changes to the CSF configuration file.

When ready, you should install the packages using the following command:

yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes

Step Two – CSF Installation

Navigate to the “/usr/src/” directory to download CSF using this wget command:

cd /usr/src/
wget https://download.configserver.com/csf.tgz

Extract the tar.gz file and head to the CSF directory. Then, install the tar.gz file:

tar -xzf csf.tgz
cd csf
sh install.sh

If this has gone smoothly, you’ll be presented with a message stating that the CSF installation has been completed. Next, check that CSG actually works as required on this server. How? Make your way to the “/usr/local/csf/bin/” directory. Then, you’ll need to run “csftest.pl”, like so:

cd /usr/local/csf/bin/
perl csftest.pl

You’ll know that CSF is operating on your server with no issues if you see the following response:

RESULT: csf should function on this server

Step Three – Configuration of CSF

There’s one thing you should know before you dive into the process of configuring CSF: CentOS 7’s default firewall application (“firewalld”) must be stopped and removed from the startup.

To stop it:

systemctl stop firewalld

To disable and remove firewalld from the startup:

systemctl disable firewalld

Next, head to the CSF Configuration directory “/etc/csf/” and change the file “csf.conf” using the vim editor:

cd /etc/csf/
vim csf.conf

To apply the CSF firewall configuration, change line 11 “TESTING” to “0”.

TESTING = “0”

CSF enables traffic (incoming and outgoing) for the SSH standard port 22 by default. If you choose to utilize an alternative SSH port, add your port of choice to the configuration in line 139 “TCP_IN”.

Next, start CSF and LFD with the following command:

systemctl start csf
systemctl start lfd

Set up the csf and lfd services to start when booting:

systemctl enable csf
systemctl enable lfd

Now, you’ll see the CSF list default rules with command:

csf -l

Step Four – Basic CSF Commands

1. Starting the CSF firewall (enabling firewall rules):

csf -s

2. Flushing/stopping firewall rules.

csf -f

3. Reloading firewall rules.

csf -r

4. To allow an IP and add it to csf.allow.

csf -a 192.168.1.109

Here are the results:

Adding 192.168.1.109 to csf.allow and iptables ACCEPT...
ACCEPT all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109

5. Removal and deletion of an IP from csf.allow.

csf -ar 192.168.1.109

Here are the results:

Removing rule...
ACCEPT all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109

6. Denial of an IP and adding to csf.deny:

csf -d 192.168.1.109

Here are the results:

Adding 192.168.1.109 to csf.deny and iptables DROP...
DROP all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109

7. Removal and deletion of an IP from csf.deny.

csf -dr 192.168.1.109

Results:

Removing rule...
DROP all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109

8. Removal and unblocking every entry from csf.deny.

csf -df

Results:

DROP all opt -- in !lo out * 192.168.1.110 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.110
DROP all opt -- in !lo out * 192.168.1.111 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.111
csf: all entries removed from csf.deny

9. Searching for a pattern match on iptables (such as CIDR, IP, Port Number)

csf -g 192.168.1.110

Step Five – Advanced Configuration

Want to configure as and when you need to? Check out these CSF tweaks.

Go back to the csf configuration directory and change the csf.conf configuration file like so:

cd /etc/csf/
vim csf.conf

1. Non-blocking of IP addresses in your csf.allow files:

By default, LFD will block IPs under csf.allow files. But if you’re looking to make sure that a certain IP in csf.allow will never be blocked by LFD, navigate to the line 272 and edit “IGNORE_ALLOW” to “1”.

This can be helpful when you use a static IP at work or home and would like to make sure that the internet server or firewall never blocks it.

IGNORE_ALLOW = "1"

2. Enable incoming and outgoing ICMP

Head to the line 152 for incoming ping/ICMP:

ICMP_IN = "1"

And for outgoing ping ping/ICMP, go to line 159:

ICMP_OUT = "1"

3. Blocking specific countries

CSF gives you the option to deny or allow access to certain countries, through the CIDR (Country Code).

How? Go to line 836 and add the codes of those countries you want to allow or deny:

CC_DENY = "CN,UK,US"
CC_ALLOW = "ID,MY,DE"

4. Emailing the Su and SSH Login log

Another trick you can try is setting an address that LFD can use for sending alert emails about “SSH login” events and occasions when users run the “su” command.

To do this, find the line 1069 and edit the value to “1”:

LF_SSH_EMAIL_ALERT = "1"

LF_SU_EMAIL_ALERT = "1"

Input the email address you would like to use for this in line 588:

LF_ALERT_TO = "[email protected]"

Looking for extra changes you can make? Take a look at the options in the “/etc/csf/csf.conf” configuration files.

Conclusion

CSF is a valuable application-based firewall for iptables available Linux servers, offering a number of features. It is supported by Plesk, cPanel/WHM, DirectAdmin and Webmin.

Fortunately, CSF installation and configuration is simple, and it’s easy to use on the server, so it has the power to make security management much more efficient for sysadmins.

Industry Insights – Ubuntu vs CentOS, does your Linux OS matter?

Ubuntu vs CentOs

When it comes to operating systems (OS), we are spoilt for choice with the likes of Debian, CentOS, Microsoft Windows Server, and Red Hat vying for our affection. But what about Ubuntu? How does it square up to the top players in the market? Here’s why I think Ubuntu rules and is a must in every service provider’s product portfolio.

Let’s start with a little history

As its name suggests in Zulu, humanity towards others and human kindness, Ubuntu is committed to the principles of open-source software development in which people are encouraged to use the free software, study how it works, improve on its code and distribute it amongst its users.

In 2004, Linux was already established as an enterprise server platform, but free software was not a part of everyday life for most computer users. That’s why Mark Shuttleworth gathered a small team of developers from one of the most established Linux projects — Debian — and set out to create an easy-to-use Linux desktop: Ubuntu.

To-date, Ubuntu is the reference operating system for the OpenStack project and it’s a hugely popular OS on Amazon’s EC2 and Rackspace’s Cloud. Ubuntu is a unique single platform that scales from consumer electronics to the desktop and up into the cloud for enterprise computing. According to Canonical 70% of public cloud workloads and 55% of OpenStack clouds run on Ubuntu.

Not bad… But what are the people saying?

A most recent study conducted from W3Techs describes that 34% of usage for Linux is dominated by Ubuntu, measured by looking at the top 10 million websites as ranked by Alexa. The historical yearly trends showcase the increase in Ubuntu’s popularity over the past 6 years with only a slight increase of usage with Debian, CentOs and Red Hat.

Linux versions for websites - yearly trends

But what’s Ubuntu’s key values?

“This is a great platform to get starting with open source world as well as Linux. From a very newbie user with a USB stick, to a software developer that need a LAMP application platform, all the way up to a system administrator that need a platform to run their utilities, Ubuntu is a good choice” (Tran Phong Vu)

“Ubuntu is a free and community supported operating system. Especially for Python, Ruby, Go and Java developers Ubuntu is a common operating system. On the other hand, Ubuntu is easy to use for end-users, built-in features are covering daily needs. Libre Office, Mozilla Firefox, integrated media and audio players are pretty enough for most of the computer users. We use Ubuntu for both development and daily usage in the company and we are pretty satisfied with the results”.(Mustafa Serhat Dundar)

In the another user survey conducted by Openstack respondents were asked: “Which operating systems are running OpenStack developments?” Ubuntu servers continue to provide the operating system for the majority of OpenStack developments, indicated by 45% more deployments than in the last survey in October 2015.

Operating systems for clouds with 1000+ users

“Ubuntu has a lot of software available to be used. It also allows you to have an environment that lets you build software from source fairly easily. Usually, source code of stand-alone apps that can run on MACs can be compiled to run on Ubuntu. It caters to the developer as a vast amount of developer tools are already in the repositories for you to install”

What’s the picture in the hosting industry?

We take a closer look at our Plesk universe to find out if they are following the overall cloud-driven trends or are failing to catch up quickly enough. Globally, 78% of all Plesk servers are based on Linux (yes, we do support both Linux and Windows). Let’s ignore Windows for the moment and focus on the share of 4 Linux distros and all versions Plesk supports today:

CentOS – 61%
Ubuntu – 26%
Debian – 10%
RedHat – 1,3%

If you check out any community forum and ask any user about Ubuntu, the sentiments are the same. They like that Ubuntu is open source which you can’t find in Windows or Mac. As a user, you are given the ability to contribute to a code and have a large community group to answer the most challenging questions. Ubuntu is a rock-solid operating system that isn’t going to break the bank and it’s great for development. There is a good reason as to why the majority of public cloud workloads run on Ubuntu.

So the question remains

Why companies aren’t considering Ubuntu? Is it because Ubuntu is known as an open-source for beginners and doesn’t provide the security and reliability needed to run enterprise OS? Or, are companies unwilling to invest in more options because the complexity, compatibility and support that’s needed to run multiple OS can be challenging?

Let me know what you think in the comments below.

 

Interested in learning more about Ubuntu and Plesk? Check out our latest Plesk Onyx release that also supports Ubuntu, or our Partners page to find out how you can become a Plesk Partner.