Skip to main content

out of date kernel warning

Comments

15 comments

  • SysSachin
    Hello, You can update the kernel version using the yum update command and reboot the server.
    0
  • cPanelMichael
    Hello, It's possible some recent changes to how the kernel version is checked with Security Advisor will address this issue. Could you let us know the version of cPanel installed on the system? You can check this with a command such as:
    cat /usr/local/cpanel/version
    Note that instructions on how to use the latest version of SecurityAdvisor for development or testing purposes are located at: GitHub - SecurityAdvisor - ReadMe Thank you.
    0
  • dantium
    Hi, The cpanel version is: 11.56.0.25
    So could this just be a bug in the SecurityAdvisor?
    0
  • cPanelMichael
    So could this just be a bug in the SecurityAdvisor?

    Do you mind following the instructions from the "Installation" section on the
    0
  • dantium
    I installed from github as per instructions, when I went back into WHM it's still shows the Kernel warning, do I actually need to restart anything?
    0
  • cPanelMichael
    Would you mind opening a support ticket using the link in my signature so we can take a closer look and reproduce the issue on your Linode environment? You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0
  • dantium
    This issue is reoccurring, I have opened a support ticket as suggested: 7757863 Thanks
    0
  • Spork Schivago
    I'm interested in the outcome. Any update? I'm also renting a VPS from Linode and in WHM, it always shows You must reboot the server to update the kernel. I run CentOS 7 and am running a Linode kernel of version 4.9.15-x86_64-linode81. I don't believe they patch the kernel or anything. I've rebooted multiple times and always get the message. yum info kernel.x86_64 shows that there's three yum provided kernels installed, version 3.10.0, release 514.el7, version 3.10.0, release 514.16.1.el7, and version 3.10.0, release 514.21.1.el7. I'm running cPanel version 11.64.0.24. In cPanel, under Server Information, it correctly shows 4.9.15-x86_64-linode81 for the kernel version... It's a bit annoying and I wish I could find away to fix this. Linode does some weird stuff that I don't understand to boot the 4.9.15 kernel. For example, it's not physically located on the hard drive, at least not in the /boot directory (where the other three yum provided kernels are located). I'm not sure if this is the same issue the original poster was having or not, but it seems very similar. Thanks.
    0
  • Spork Schivago
    I think I fixed it. I noticed under Security Advisor that I was getting a message, as well, that was saying the booted kernel isn't the kernel version that's running, which is incorrect. But after looking through some cPanel perl modules, I understand how cPanel detects which kernel was booted. It looks at /boot/grub2/grub.cfg (or /boot/grub/grub.cfg) and /boot/grub2/grubenv. I created /etc/grub.d/08_linode and changed it to executable. This is what the contents looks like:
    #!/bin/sh -e cat << EOF menuentry 'CentOS 4.9.15-x86_64-linode81' { set root=(hd0) linux /boot/vmlinuz-4.9.15-x86_64-linode81 root=/dev/sda console=ttyS0,19200n8 initrd /boot/initramfs-4.9.15-x86_64-linode81.img } EOF
    The kernel and initrd files don't have to physically exist. Then I edited /boot/grub2/grubenv to show:
    saved_entry=CentOS 4.9.15-x86_64-linode81
    Then I just rebuilt the grub.cfg file (even though I don't use grub).
    grub2-mkconfig -o /boot/grub2/grub.cfg
    Now Security Advisor doesn't give me the message and I don't see any messages about me needing to reboot the kernel. I also say some grub2.cfg.rpmnew file that I removed. Maybe that was causing the You need to reboot your server message. Maybe a better way for cPanel to try and detect what kernel was booted (and which one is running) would be to check /proc/config.gz if it exists? I dunno if someone was to change to a different kernel version after booting up without restarting the system if the /proc/config.gz would get overwritten with the new kernel version's /proc/config.gz (if the kernel is exporting it, I mean).
    0
  • cPanelMichael
    Hello, The following case in cPanel version 66 should address this issue: Fixed case CPANEL-11651: Use grubby for determining default boot kernel. Thank you.
    0
  • Spork Schivago
    Hello, The following case in cPanel version 66 should address this issue: Fixed case CPANEL-11651: Use grubby for determining default boot kernel. Thank you.

    Thanks! I was looking at grubby and I don't see how you can use it to figure out what kernel was booted, but maybe there's away. With Linode, and using the updated kernel they provide (rather than the one that comes with CentOS 7), the following commands return nothing:
    grubby --default-title grubby --default-kernel
    Just thought I'd share. I'll wait for version 66 to become in the Release tier.
    0
  • cPanelMichael
    Hello, Note that I believe you can also boot into the standard kernel with Linode using the instructions at the following URL: Run a Distribution-Supplied Kernel on a KVM Linode Thank you.
    0
  • Spork Schivago
    Hello, Note that I believe you can also boot into the standard kernel with Linode using the instructions at the following URL: Run a Distribution-Supplied Kernel on a KVM Linode Thank you.

    Yes, I can even boot into a custom kernel. I am aware of this, I didn't want to use the kernel provided with CentOS because I prefer a bit newer of a kernel. I was planning on running a custom kernel with the GRSecurity patches so I'd have symlink protection at the kernel level, but it seems now GRSecurity costs money. I've contacted them to see how much it'd cost me, but they haven't replied yet. I know another option is to upgrade to CloudLinux, but that's another monthly expense. I was hoping with something like GRSecurity, it'd be a one time fee (which I doubt, but eh, maybe I'll get lucky). I wonder if there's any other patches for the kernel that don't cost money to get the symlink protection. I guess that'd be for another thread though. Thanks!
    0
  • Misiek
    This is an issue also with OVH kernels. I updated Yum but server will not run on kernel other that the one from OVH so the info about incorrect kernel should not occur but it is there
    0
  • Spork Schivago
    OVH kernels...I'm not familiar with those. I'm googling it and it looks like some sort of network boot kernel or something, is that correct? Do you want some help trying to figure out why the server will not run on a kernel other than the one from OVH? Are you talking about the CentOS stock kernels and that when you choose to use one of those, it refuses to boot? I might be able to help you.
    0

Please sign in to leave a comment.