Question
I see the following message in WHM's Security Advisor:
Kernel does not support the prevention of symlink ownership attacks.
You do not appear to have any symlink protection enabled through a properly
patched kernel on this server, which provides additional protections beyond
those solutions employed in userland. Please review the documentation to
learn how to apply this protection.
What methods solve this?
Answer
These are the supported solutions to this issue:
-
KernelCare patch sets (free or extra)
Note: The kernel is only protected if kernelcare has a patch released for your server's kernel. To confirm if Kernelcare has yet patched your kernel, search for your kernel at patches.kernelcare.com -
The Bluehost patch with cPanel modifications
Important: We recommend that you only use this patch (in EasyApache) if you cannot implement any of the other options. Malicious users could circumvent this patch.
Our full documentation describing the solutions can be found here:
Symlink Race Condition Protection