Security advisor strange results
Hello,
The cPanel/Whm "security advisor" feature tells me :
Important
add kernelcare's free symlink protection
Information
Use kernelcare to automate kernel security updates without reboots
I have imunify360 so the last message is strange as kernelcare is included and i did have that symlink patch installed so what is this mess ? according to kercelcare docs
-
Hey hey! Could you send me the output of "uname -r" on the system so I can see the kernel that is currently in use? 0 -
Hello, that command returns "3.10.0-1160.24.1.el7.x86_64" 0 -
Cool - the same as my personal machine :D I ask because there were reports in the past of the Security Advisor giving bad information if there was a custom kernel running, but that doesn't seem to be the case here. If you run this, does it give you version info, indicating it's installed and running? kcarectl --version0 -
Hello, That one returns "2.42-1.el7" nothing more. 0 -
Thanks for that - could you submit a ticket to our team so we can do some additional testing? There could be an issue with the Security Advisor page, but we'd need to see that in action in order to confirm the behavior. 0 -
Hello, The ticket system tells me i have to create a ticket not directly to cPanel it is getting late in here will do tomorrow. 0 -
I'm not totally sure what that message means from the ticket system, but if you can get me more details I'm happy to help. I do plan to be around tomorrow as well. 0 -
Hello, I just clicked that link in your signature and logged in while filling in the form at "licenced ip" a message was displayed stating i do have a valid cPanel licence but if i submit a ticket to cPanel directly it might cause delays in solving the issue. Kernelcare is known as not being the fasted in releasing updates (and that is not criticism to them) so i think that patch is not available yet for the kernel i am running. *edit* or maybe kernelcare is confused the 0 -
Hello, The issue is solved the symlink patch for my kernel was not yet available yesterday it has been added by kernelcare i just did kcarectl --set-patch-type extra --update 'extra' patch type selected Downloading updates Patch level 1 applied. Effective kernel version 3.10.0-1160.24.1.el7 Kernel is safe result in whm's security advisor is attached 0 -
Ah, that was just letting you know we were getting a lot of tickets at that point yesterday. I'm glad the issue turned out to just be a bit of dealy from KernelCare though! 0 -
Hello, I spoke to soon security advisor is showing that again "add kernelcare free symlink protection" and "upgrade to kernelcare to automate kernel security updates without reboots" there is definetely something going wrong somewhere cd /usr/local/cpanel/logs tail error_log Argument "unknown" isn't numeric in numeric eq (==) at /usr/local/cpanel/Cpanel/Security/Advisor/Assessors/Kernel.pm line 140. Argument "unknown" isn't numeric in numeric eq (==) at /usr/local/cpanel/Cpanel/KernelCare.pm line 50.0 -
Hello, it seems like i found a "workaround" when you type this command [quote] kcarectl --set-patch-type extra --update
i get [quote] 'extra' patch type selected Updates already downloaded Patch level 1 applied. Effective kernel version 3.10.0-1160.24.1.el7 Kernel is safe
and that message in whm's security advisor is gone but it comes back after x amount of time this is not normal absolutely not you should type that command once and be protected forever.0 -
Hello, it seems like i found a "workaround" when you type this command i get and that message in whm's security advisor is gone but it comes back after x amount of time this is not normal absolutely not you should type that command once and be protected forever.
For some reason it looks like it's getting reset or somethingfs.enforce_symlinksifowner = 1 fs.symlinkown_gid = 99
to verify the gid i useps -ef | egrep '(httpd|apache2|apache)' | grep -v `whoami` | grep -v root | head -n1 | awk '{print $1}'
i don't get this ??0 -
Could you submit a ticket so we can check this out? 0 -
Thanks for that - I'm following along on that ticket now as well. 0 -
Hello, hmmmm could you believe it ? it looks like the issue is gone just when i reported it and asked to look into it i feel like cursing but i won't .I just leave it as it is but in case support wants information i am in Europe (Belgium) 9.32 pm here right now . 0 -
Oh man, I hate it when that happens! 0 -
Update - we were able to determine the license wasn't purchased through us, so it would be best to contact CloudLinux directly to ensure things are working well there with the tools and license. 0 -
Hello, The cPanel support staff was able to reproduce this issue on my server and said it might be happening due to the involved software licence is not purchased through the official cPanel store and suggested i contact kernelcare support so i did .For some odd reason the file /etc/sysconfig/kcare/kcare.conf get's modified and PATCH_TYPE get's set to edf as a temporarly workaround kernelcare support adjusted the kernelcare cron while they investigate the issue more. It is strange and annoying this is happening but in my case imunify360 and kernelcare (as a standalone product) are resold by many providers cPanel doesn't have access to external parties systems and thus is unable to verify the software licence the issue reason is acceptable but disappointing oh well the issue will get solved :) 0
Please sign in to leave a comment.
Comments
20 comments