New kernel notification in Security Advisor

PeteS

• October 16, 2018 02:38

Tipically Security Advisor sends me email notices when there is a newer kernel available. If memory serves me, the kernel had not been been installed already and it was prompting me to run yum update and reboot. Pretty straightforward.... 1- Am I correct in assuming that upcp runs a yum update check and if a newer kernel is available it triggers this warning and notification? 2- I assume this should be the same for Cloudlinux, right? I'm asking because on a test VPS there was CL kernel update that became available but no notification. I'm wondering if there's a setting I missed, or maybe it's because the cPanel and CL licenses are trial licenses. 3- On another server (not CL) I *did* get notified of the last kernel update, but had to wait a few weeks to update. But I noticed that Security Advisor no longer showed the warning at the time I updated it. Under what circumstances does that clear (before the kernel has been updated)... a period of time, or ??? -Pete

• 

  cPanelLauren

  • October 17, 2018 20:07

  Hi @PeteS I think the issues here are potentially addressed in the other thread Let me know if they're not.

  0
• 

  PeteS

  • October 18, 2018 08:25

  Hi @PeteS I think the issues here are potentially addressed in the other thread

  0
• 

  cPanelLauren

  • October 19, 2018 17:22

  The default setting is to not install kernel updates (via upcp), but Security Advisor still notifies that one is available. I assume this is correct about upcp, but can't confirm-probably because I don't recognize the script that's called to do this?

  
  The upcp, if set to fully automatic, will download the new kernel during maintenance as part of the yum update if available but that won't be used until you reboot (kernel is installed but not in use until you reboot the server into the new kernel -unless you're running kernelcare). Kernel updates are a part of OS software updates. Security Advisor should notify that a new kernel is available until the new kernel is installed I'm not sure why you wouldn't have a notification present if a new kernel was available and not installed on the system, to be honest in this circumstance I'd have to actually see the behavior to understand what is occurring.

  0
• 

  PeteS

  • October 20, 2018 04:31

  The upcp, if set to fully automatic, will download the new kernel during maintenance as part of the yum update if available but that won't be used until you reboot (kernel is installed but not in use until you reboot the server into the new kernel -unless you're running kernelcare). Kernel updates are a part of OS software updates.

  
  By "full automatic" do you mean Update Preferences' OS setting being in Auto, AND Enable Linux kernel update during nightly maintenance (in Tweak Settings) being On (Off is default)? Without the latter set to On it should not download the kernel update, but Sec Adv should still notify of it, Correct me if I'm wrong. BTW, I like this setting a lot! When was "Enable Linux kernel update during nightly maintenance" added?

  Security Advisor should notify that a new kernel is available until the new kernel is installed I'm not sure why you wouldn't have a notification present if a new kernel was available and not installed on the system, to be honest in this circumstance I'd have to actually see the behavior to understand what is occurring.

  
  By "a new kernel is available" do you mean that a new kernel is already downloaded and awaiting reboot, or just that one is available (but not necessarily downloaded)? I assume the latter because the Sec Adv noticed prompts to run yum update and then reboot, not just reboot. He's hat happened: my two servers (both configured with update defaults of OS=auto, Tweak Setting/enable kernel update=Off) did not notify of the last (Sept. 28) kernel update. Both servers were on V74.0.8 at the time of the kernel update becoming available, and both were running upcp daily. -Pete

  0
• 

  cPanelLauren

  • October 22, 2018 14:04

  By "full automatic" do you mean Update Preferences' OS setting being in Auto, AND Enable Linux kernel update during nightly maintenance (in Tweak Settings) being On (Off is default)?

  
  Yes this would need to be set to on to be fully automatic, the libraries and tools associated with the kernel will update but the kernel update won't be downloaded automatically unless this is enabled.

  BTW, I like this setting a lot! When was "Enable Linux kernel update during nightly maintenance" added?

  
  I can't give you a specific release it was added in but looking back in the release notes indicates that it's been there for some time - I went back to version 56 without a modification to that specific tweak setting.

  By "a new kernel is available" do you mean that a new kernel is already downloaded and awaiting reboot, or just that one is available (but not necessarily downloaded)?

  
  Definitely the latter in this instance.

  He's hat happened: my two servers (both configured with update defaults of OS=auto, Tweak Setting/enable kernel update=Off) did not notify of the last (Sept. 28) kernel update. Both servers were on V74.0.8 at the time of the kernel update becoming available, and both were running upcp daily.

  
  If you had the kernel update tweak setting to off meaning that the kernel would be updated during upcp and you do not have kernelcare did you by chance check the kernel version installed at the time? If you had rebooted in this instance you would have booted into the newer kernel.

  0
• 

  PeteS

  • October 22, 2018 18:35

  Thanks for the info & confirmations.

  If you had the kernel update tweak setting to off meaning that the kernel would be updated during upcp and you do not have kernelcare did you by chance check the kernel version installed at the time? If you had rebooted in this instance you would have booted into the newer kernel.

  
  I think you have the logic backward when you say "If you had the kernel update tweak setting to off meaning that the kernel would be updated during upcp..." I assume you meant "On." But i my case it was Off (default), and yes I checked installed and running kernel versions prior and after the yum update/reboot that I did manually. There was an update needed, it was installed, but Sec Adv did not notify in either server's case. It had been several days in both cases. -Pete

  0
• 

  cPanelLauren

  • October 22, 2018 19:43

  Hi @PeteS

  I think you have the logic backward when you say "If you had the kernel update tweak setting to off

  
  Yes, you're correct, I mistyped - if it's on you'll get linux kernel updates during nightly maintenance and if it's off you will not.

  There was an update needed, it was installed, but Sec Adv did not notify in either server's case. It had been several days in both cases.

  
  In this instance because it's already been resolved there's not a lot I can do, I haven't seen this behavior on any of my servers, as a matter of fact I checked security advisor this morning while replying to you and got a notification that there was a kernel update for my own test server available. The best thing to do, if this occurs on even one server again that you notice would be to open a ticket so that we can look into the behavior on the system itself. Thanks!

  0
• 

  PeteS

  • October 23, 2018 19:16

  Agreed. If I notice that there's a kernel update and Sec Adv is not notifying again I will open a ticket *before* I update the kernel so you can have a look. -Pete

  0
• 

  cPanelLauren

  • October 23, 2018 19:21

  Agreed. If I notice that there's a kernel update and Sec Adv is not notifying again I will open a ticket *before* I update the kernel so you can have a look. -Pete

  
  Yes please do! That sounds perfect. I do hope that you don't experience the issue again though. Thanks!

  0

Please sign in to leave a comment.