Kernel does not support the prevention of symlink ownership attacks
I ran security advisor tonight and it indicated a kernel update was available. As I normally do when I get this notification I SSH to my box and su - to become root, then run yum update. After I did that I ran security advisor and got the error in the title (never got that before after a yum update). So I read about the fix and choose the cPanel hardened kernel route.
cd /etc/yum.repos.d/
wget WHM 62.0 (build 15)
-
Did you reboot the server? If you are unsure verify with the admin that kernel update was successful. How to Harden Your cPanel System's Kernel - cPanel Knowledge Base - cPanel Documentation 0 -
I AM the admin (how do you think I was able to log in and gain root access) and I rebooted the server. 0 -
Hello, Please post the output from the following commands after you have rebooted the system: uname -r rpm -qa|grep kernel
Thank you.0 -
Michael I was away on a cruise so sorry for the delay in responding. I reran the security advisor and was notified the kernel was out of date. Went to the box and ran yum update. Results: ================================================================================= Package Arch Version Repository Size ================================================================================= Installing: kernel x86_64 2.6.32-642.15.1.199.cpanel6 cPkernel 32 M Removing: kernel x86_64 2.6.32-642.13.2.199.cpanel6 @cPkernel 131 M Transaction Summary ================================================================================= Install 1 Package(s) Remove 1 Package(s) Total download size: 32 M Downloading Packages: kernel-2.6.32-642.15.1.199.cpanel6.x86_64.rpm | 32 MB 00:03 ... Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : kernel-2.6.32-642.15.1.199.cpanel6.x86_64 1/2 This server is already configured for symlink protection, skipping sysctl changes Cleanup : kernel-2.6.32-642.13.2.199.cpanel6.x86_64 2/2 warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/weak-updates failed: No such file or directory warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/modules.order failed: No such file or directory warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/modules.networking failed: No such file or directory warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/modules.modesetting failed: No such file or directory warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/modules.drm failed: No such file or directory warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/modules.block failed: No such file or directory Verifying : kernel-2.6.32-642.15.1.199.cpanel6.x86_64 1/2 Verifying : kernel-2.6.32-642.13.2.199.cpanel6.x86_64 2/2 Removed: kernel.x86_64 0:2.6.32-642.13.2.199.cpanel6 Installed: kernel.x86_64 0:2.6.32-642.15.1.199.cpanel6 Complete! Then performed a graceful reboot and the commands you suggested... uname -r 2.6.32-642.15.1.199.cpanel6.x86_64 rpm -qa|grep kernel kernel-2.6.32-642.15.1.el6.x86_64 libreport-plugin-kerneloops-2.0.9-32.el6.centos.x86_64 abrt-addon-kerneloops-2.0.8-40.el6.centos.x86_64 dracut-kernel-004-409.el6_8.2.noarch kernel-headers-2.6.32-642.15.1.199.cpanel6.x86_64 kernel-firmware-2.6.32-642.15.1.199.cpanel6.x86_64 kernel-2.6.32-642.15.1.199.cpanel6.x86_64 A rerun of the security advisor returns no errors now. I am deducing that the yum update that I performed after earlier following the wget described in my initial post got this resolved. As of now I believe that my server is back in shape. Thank you for your time. 0 -
Hello, I'm happy to see the issue is now addressed after updating to the recently published cPanel-hardened kernel. Thank you for updating us with the outcome. 0
Please sign in to leave a comment.
Comments
5 comments