Security Advisor "No symlink protection detected" Message When KernelCare + Extras Is Installed
I have installed KernelCare + Extras, but I am still being told by Security Advisor that Symlink protection is not enabled.
[quote]# sysctl -p
fs.enforce_symlinksifowner = 1
fs.symlinkown_gid = 99
[quote]# kcarectl --patch-info OS: centos7 kernel: kernel-3.10.0-693.17.1.el7 time: 2018-01-27 11:54:28 kpatch-name: 3.10.0/CVE-2017-14140-0001-Sanitize-move_pages-permission-checks.patch kpatch-description: Sanitize 'move_pages()' permission checks kpatch-kernel: >3.10.0-693.5.2.el7 kpatch-cve: CVE-2017-14140 kpatch-cvss: 3.3 kpatch-cve-url: CVE-2017-14140 - Red Hat Customer Portal kpatch-patch-url: kernel/git/torvalds/linux.git - Linux kernel source tree kpatch-name: 3.10.0/dccp-fix-use-after-free.patch kpatch-description: dccp: fix use-after-free (CVE-2017-8824) kpatch-kernel: kernel-3.10.0-714.10.2.lve1.4.77.el7 kpatch-cve: CVE-2017-8824 kpatch-cvss: 7.8 kpatch-cve-url: CVE-2017-8824 - Red Hat Customer Portal kpatch-patch-url: kernel/git/davem/net.git - David Miller's networking tree kpatch-name: 3.10.0/proc-restrict-pagemap-access.patch kpatch-description: Restrict access to pagemap/kpageflags/kpagecount kpatch-kernel: kpatch-cve: kpatch-cvss: kpatch-cve-url: Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges kpatch-patch-url: kpatch-name: 3.10.0/symlink-protection-ge-693.patch kpatch-description: symlink protection kpatch-kernel: kernel-3.10.0-514.el7 kpatch-cve: N/A kpatch-cvss: N/A kpatch-cve-url: N/A kpatch-patch-url: Gerrit Code Review kpatch-name: 3.10.0/symlink-protection-ge-693.kpatch-1.patch kpatch-description: symlink protection (kpatch adaptation) kpatch-kernel: kernel-3.10.0-514.el7 kpatch-cve: N/A kpatch-cvss: N/A kpatch-cve-url: N/A kpatch-patch-url: Gerrit Code Review uname: 3.10.0-693.17.1.el7
However, I still receive this notice: [quote]No symlink protection detected You do not appear to have any symlink protection enabled on this server. You can protect against this in multiple ways. Please review the following documentation to find a solution that is suited to your needs.
Thank you for your help! Anthony
[quote]# kcarectl --patch-info OS: centos7 kernel: kernel-3.10.0-693.17.1.el7 time: 2018-01-27 11:54:28 kpatch-name: 3.10.0/CVE-2017-14140-0001-Sanitize-move_pages-permission-checks.patch kpatch-description: Sanitize 'move_pages()' permission checks kpatch-kernel: >3.10.0-693.5.2.el7 kpatch-cve: CVE-2017-14140 kpatch-cvss: 3.3 kpatch-cve-url: CVE-2017-14140 - Red Hat Customer Portal kpatch-patch-url: kernel/git/torvalds/linux.git - Linux kernel source tree kpatch-name: 3.10.0/dccp-fix-use-after-free.patch kpatch-description: dccp: fix use-after-free (CVE-2017-8824) kpatch-kernel: kernel-3.10.0-714.10.2.lve1.4.77.el7 kpatch-cve: CVE-2017-8824 kpatch-cvss: 7.8 kpatch-cve-url: CVE-2017-8824 - Red Hat Customer Portal kpatch-patch-url: kernel/git/davem/net.git - David Miller's networking tree kpatch-name: 3.10.0/proc-restrict-pagemap-access.patch kpatch-description: Restrict access to pagemap/kpageflags/kpagecount kpatch-kernel: kpatch-cve: kpatch-cvss: kpatch-cve-url: Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges kpatch-patch-url: kpatch-name: 3.10.0/symlink-protection-ge-693.patch kpatch-description: symlink protection kpatch-kernel: kernel-3.10.0-514.el7 kpatch-cve: N/A kpatch-cvss: N/A kpatch-cve-url: N/A kpatch-patch-url: Gerrit Code Review kpatch-name: 3.10.0/symlink-protection-ge-693.kpatch-1.patch kpatch-description: symlink protection (kpatch adaptation) kpatch-kernel: kernel-3.10.0-514.el7 kpatch-cve: N/A kpatch-cvss: N/A kpatch-cve-url: N/A kpatch-patch-url: Gerrit Code Review uname: 3.10.0-693.17.1.el7
However, I still receive this notice: [quote]No symlink protection detected You do not appear to have any symlink protection enabled on this server. You can protect against this in multiple ways. Please review the following documentation to find a solution that is suited to your needs.
Thank you for your help! Anthony
-
Update. I got a reply from cPanel support: [quote]While the kernel care symbolic link protection patch is encouraged, Security Advisor does not yet have the capability to detect that it is in play. Per < 70 Change Log - Change Logs - cPanel Documentation >, for 69.9999.122: Implemented case CPANEL-17016: Add support for detecting and installing KernelCare's free patch set. The ability to detect the patch is available in the non-production-recommended version of cPanel. 0 -
Hello, I'm glad to see our Technical Support team was able to answer your inquiry. Thank you for sharing the outcome. 0
Please sign in to leave a comment.
Comments
2 comments