Skip to main content

constant emails about unrecognized kernel

Comments

14 comments

  • dalem
    that because 4.15.13-x86_64-linode106 is a custom compiled kernel you need to use CloudLinux kernel it has the the lve modole a bit pointless run the 4.15 kernel as you are disabling the "real symlink protection" you are looking for. kernel care error is the same it cant live patch a kennel that is has no idea what it is
    0
  • Spork Schivago
    That's what I thought, but it said that the symlink protection would be provided free of charge. So do I have to still pay to get the CloudLinux kernel that has the lve module in it? If so, I wonder if it's allowed for someone to send me the symlink protection portion of the kernel in a patch file so I can just patch it myself. Also, what version is that CloudLinux kernel at? Don't get me wrong, I would almost die for a legit CloudLinux subscription, but my wife has a bit more say over the money than I do, and with all the cash I've currently spent on this start-up business of mine (this year alone, over 30k {: - ( ), we're taking a big chance that it pays off, and if it doesn't, we won't stop trying, we'll adapt the business and try something else, but we're doing it for our daughter. The hardware purchases and software purchases where one thing, but there's a lot of new monthly bills we weren't accounting for. We didn't realize that if you wanted to keep SolidWorks PCB and SolidWorks Pro up-to-date, you had to pay a 1,500$ maintenance fee per year per each of them. That's 250$ a month. Then of course we have the CSP licenses for Office Enterprise E3 and Windows 10 Enterprise E3. We save a little bit by having them being user based licenses, but it still adds up. And finally, the anti-virus program still needs to be purchases (we're currently using Norton, which is about to expire and will more than likely make the switch to Symantec EndPoint Manager), which means another monthly fee to "maintain" it, if we purchase it, instead of doing a monthly license thing, and we still need to purchase a proper gateway, some wires and NEMA L6-30R receptacles to wire up the PDUs, etc, etc. She has definitely put her foot down and said no more monthly bills! Happy wife, happy life, right?
    0
  • dalem
    kernel care is giving the the syslink patch away for free No need to have cloudlinux or kernelcare you just have to user the stock rh kernel set your server to boot to the centos vanilla kernel and install per instructions The Symlink Protection patchset is available for free for CentOS 6 & 7, even if you are not running KernelCare
    0
  • cPanelLauren
    @dalem is correct. Because you're using a non-stock kernel (custom by Linode) KernelCare's not recognizing it and therefore you're not being protected. You don't need to buy CloudLinx or have a monthly payment to have symlink protection but you would need to use a recognized kernel. Thanks!
    0
  • Spork Schivago
    Is there any way to obtain the patches manually so I can patch the newer kernel that I'm running? I have experience with stuff like this and from looking at the older patches (that were once free), this doesn't seem like it'd be very hard. Granted, it'd be all on me if something went wrong and I wouldn't be able to seek advice here or anywhere else, using an unsupported kernel....
    0
  • cPanelLauren
    Hi @Spork Schivago You might want to look at CloudLinux's KernelCare documentation here for that KernelCare Documentation as well as here: The Symlink Protection patchset is available for free for CentOS 6 & 7, even if you are not running KernelCare
    0
  • Spork Schivago
    Hrmm, I've looked at both links, and I even read through some of the various comments for the second, unfortunately, I cannot find an actual patch file (or patch files). I was expecting something in a diff format where I could modify it to work with my 4.15.13 kernel. I need to currently stay on the higher kernel for some 3rd party modules that require the v4+ kernel, among some other reasons....was hoping I could just manually download the patch files somewheres...maybe if I crawl around the site or examine kcarectl or whatever it is (if it's a script file), I'll see where the patch files are being downloaded from. That's assuming they're actual patch files and just not kernel images with the patch already applied. That'd suck for me.
    0
  • Spork Schivago
    Just so you guy are clear, it's files like these that I'm looking for: 3.10.0/proc-restrict-pagemap-access.patch 3.10.0/KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch 3.10.0/RDS-verify-the-underlying-transport-exists-before-cr.patch 3.10.0/symlink-protection.patch 3.10.0/symlink-protection.kpatch-1.patch
    I've tried going to Gerrit Code Review hoping it'd have something I could use, but just says session expired, I need to login again, and if I attempt to login as guest, I don't see any patches to download :(
    0
  • Spork Schivago
    Are there any one time purchase options to obtain KernelCare of CloudLinux, where we don't have to continue to pay a monthly fee? Even if it's fairly expensive, I'd rather pay a couple grand up front and have CloudLinux forever than pay 10$ a month or whatever it is.
    0
  • cPanelLauren
    @Spork Schivago You might want to check with CloudLinux/KernelCare directly they might be able to point you in the right direction - as far as purchase options, I'm only aware of the monthly fee but then again they may be able to work with you (not guaranteeing that just suggesting) Thanks!
    0
  • Spork Schivago
    @cPanelLauren, I've sent them an email about possible a one-time payment fee for a lifetime subscription of KernelCare (not CloudLinux), and am waiting for a response. I tried calling but got a voicemail. I forgot to ask for the free patches to see if I could obtain them. What's odd though, KernelCare supports even the latest kernel, according to their site, but that's probably if you pay them or something. They say running an older kernel or the newest? Custom compiled kernel? No problem with kernel care! We support all the way up to the latest.
    0
  • rpvw
    @cPanelLauren,
    as far as purchase options, I'm only aware of the monthly fee

    Yearly licenses apparently from $45 -
    0
  • Spork Schivago
    Yes, for 8 licenses, they gave me a reasonable yearly price, so I think I will go for that. It's a bit nicer than just the symlink protection because they provide patches for a lot more known vulnerabilities. However, I'm kinda on the fence. The whole idea behind Linux kernel being open source was so people, anyone, could fix it, not make money off of it. At the same time, I really want to be secure. I hadn't realized CloudLinux was for shared VPSes. So that's out. It would be nice to a more secure kernel on my servers, especially the ones with what we consider highly sensitive / confidential data.
    0
  • cPanelLauren
    Thanks for the information @rpvw I'm glad they got you a good deal on the licenses @Spork Schivago Thanks!
    0

Please sign in to leave a comment.