KernelCare and cPanel kernel

Sometimes people use the hardened Cpanel kernel instead of the regular CentOS kernel. And when they look in their security advisor they see that they have an option to subscribe to the services of KernelCare. To me it seemed very interesting so I subscribed and felt that again, I had improved the security of my server. But after a while I came to the understanding that if you do use the hardened Cpanel kernel, KernelCare cannot function. KernelCare only functions with regular kernels. For a full list view KernelCare Directory. So now I needed to install the right kernel for my trusty CentOS system. How to do that? With the help of KernelCare ofcourse, because I always want to be sure. They helped me perfectly and I thought it is a smart move to inform you here. How to install the right kernel for use with KernelCare To install the regular CentOS kernel, use: # yum install kernel --disablerepo=* --enablerepo=updates Preventing overwriting the regular kernel with future updates To prevent yum from updating the regular kernel and replacing it with the cPanel hardened kernel you need disable 'cPkernel' repository (in /etc/yum.repos.d/). This can be done in the file: /etc/yum.repos.d/cPkernel.repo Edit in this file: enabled=0 After this run: # yum update kernel You can check the changes here, before you reboot: # yum repolist all # cat /boot/grub/grub.conf # rpm -qa| grep kernel| sort If all looks OK, reboot machine. KernelCare active but still no kernel symlink protection After rebooting, KernelCare should be up and running. But after checking the security advisor in WHM you notice that symlink protection is not enabled. To enable this you need to enable the KernelCare 'extra patches' that have symlink protection built in. More information about these extra patches is found at Extra Patchset To enable extra patches, do the following: # kcarectl --update # kcarectl --set-patch-type extra --update And you're done! From now on KernelCare keeps a watchful eye on your kernel 24/7 and (without rebooting) you can now see that the cPanel security advisor states that kernel symlink protection is enabled.