Skip to main content

Add KernelCare’s Free Symlink Protection

Comments

24 comments

  • Andrew
    Translate

    Can you go to Terminal in WHM and execute this command?

    kcarectl --info

    Andrew N. - cPanel Plesk VMWare Certified Professional
    Do you need immediate assistance? 20 minutes response time!*
    EmergencySupport - Professional Server Management and One-time Services

    0
  • WorkinOnIt


    [root@~]# kcarectl --info
    No patches applied, but some are available, run 'kcarectl --update'.
    [root@~]# kcarectl --update
    Downloading updates
    HTTP Error 401: Unauthorized: https://patches.kernelcare.com/patches/K20240119_03/c843b85222f88820f3a259673ae462735ed23f09/1/kpatch.bin
    [root@~]#

    0
  • WorkinOnIt

    OK I contacted Cloudlinux to get support and they told me to uninstall the kernel care 

    yum remove kernelcare 

    Then reinstall it:

    curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash
    kcarectl --set-patch-type free --update

     

    Please note that in some cases, you'll get the following message:

    'free' patch type is unavailable for your kernel

    That means that the kernel you're running has been released very recently and there are no patches yet for it. 

    I think they are very slow in supporting kernel updates.... we shall see (I am using up to date kernel)

    https://patches.kernelcare.com/

    2
  • WorkinOnIt

    This is still bugging me. 

    I can't figure out if the machine is covered against symlinks or not.

    This is what I am seeing:

    1) If I run kcarectl --update I get:

    Downloading updates
    The IP 12.3.45.6 was already used for a trial license on 2018-05-15

    2) yum remove kernelcare 

    Removed:
      kernelcare-2.85-2.el9.x86_64

    Complete!

     

    3) curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash

    Installed:
      kernelcare-2.85-2.el9.x86_64

    Complete!

    4) kcarectl --set-patch-type free --update

    Downloading updates
    The IP 12.3.45.6 was already used for a trial license on 2018-05-15

     

    Seems to be stuck in some kind of loop.  Security Advisor still says 

    Kernel does not support the prevention of symlink ownership attacks. 

    Add KernelCare’s Free Symlink Protection.

     

    So your assistance on this would be appreciated.

     

    0
  • cPRex Jurassic Moderator

    We'll need a ticket on this one to look into the license problem - I'm not able to do anything with licenses over the Forums, unfortunately.

    0
  • WorkinOnIt

    Hi cPRex

    It's not a license thing... we are using the free version... but it's just going around in a loop.

     

    0
  • cPRex Jurassic Moderator

    We're still going to need a ticket on this one :D - there's KernelCare, Imunify, Rocky, all talking to each other, and something is clearly not working as intended on your system or it wouldn't be taking this long to track down.

    0
  • WorkinOnIt

    Here it is:  #95279186

    0
  • cPRex Jurassic Moderator

    It looks like our team found this issue:

    https://support.cpanel.net/hc/en-us/articles/23094436295959-Security-Advisor-suggests-unavailable-free-patch-for-KernelCare-on-AlmaLinux-9

    but we were also able to confirm that your kernel itself is on the latest version with no vulnerabilities.

    0
  • WorkinOnIt

    Sorry for the cross post, I hadn't remembered this one. I opened another here: https://support.cpanel.net/hc/en-us/community/posts/25873975759895-kernel-care-free-patch-set

    > It looks like our team found this issue:

    If this is the case, why keep showing that message in WHM ?

    0
  • Darryl

    Any reason this is still not fixed 1 year on?

    0
  • cPRex Jurassic Moderator

    Darryl - I don't see that there was a case made for this behavior since the CloudLinux team confirmed things were fine on their end.

    Could you submit a ticket from a server where this is happening so this can be examined?

    0
  • Darryl

    Nothing unique about my setup, brand new server, latest AL9.5, fresh cPanel install provisioned today 124.0.21 and security advisor shows:

     Kernel does not support the prevention of symlink ownership attacks.

    You do not appear to have any symlink protection enabled through a properly patched kernel on this server, which provides additional protections beyond those solutions employed in userland. Please review the documentation to learn how to apply this protection.

     Add KernelCare’s Free Symlink Protection.

    This free patch set protects your system from symlink attacks. Add KernelCare’s Free Patch Set. Add KernelCare’s Free Symlink Protection. NOTE: This is not the full KernelCare product and service.

    You can protect against this in multiple ways. Please review the following documentation to find a solution that is suited to your needs.

    ------

    Clicking the link just reloads the page, same as original reported case here.

    Assume that should be a very simple test case, I don't particularly have time to spare on this atm but if you can't reproduce let me know and I will sort something out next week.

    0
  • celiac101

    I just want to mention that this issue came back after the latest cPanel update. This is the 2nd time that the issue, like a good zombie movie, has come back from the dead. In other words, you've fixed this before, but it somehow is getting put back into the software in your updates.

    0
  • WorkinOnIt

    Yes I also find it somewhat irritating that even when there is no vulnerability, the alert still shows. Surely it would be straight forward to perform a check and if no vulnerability exists for this kernel, then don't show the kernel care message. However I don't think this issue is strictly a cpanel one, when I reached out to kernelcare, they were extremely dismissive and uninterested. Perhaps because I'm not a kernel care premium subscriber? Still if this issue could be resolved it would be appreciated. I don't want to be confrontated with warning messages that don't apply or are unnecessary for my os.

    1
  • Darryl

    Yes there's a multitude of reasons really, it should be a simple fix cPanel side but whilst the issue exists we have clients querying why we have not secured their servers making us look bad and the cPanel article https://support.cpanel.net/hc/en-us/articles/23094436295959-Security-Advisor-suggests-unavailable-free-patch-for-KernelCare-on-AlmaLinux-9 that explains it is a cPanel bug/non-issue is behind a login which our clients do not have so they have no way to verify this.

    Issues like this persisting whilst our license fee's keep increasing way above inflation are so grating.

    1
  • cPRex Jurassic Moderator

    Thanks for all the feedback - let me do some testing with this and I'll see what I come up with.  I'll let you know as soon as I have more details!

    0
  • cPRex Jurassic Moderator

    I wasn't able to find out much today, and at this point in the development cycle nothing is going to get pushed/address until mid January at the earliest.  I'll try poking this one again after the holidays as I do suspect we want to get this resolved as more and more users start moving toward AlmaLinux 9. 

    0
  • celiac101

    For some reason I ran Security Advisor again today, and the notification vanished. I no longer see it, even though it was there over the last couple of weeks after an update.

    0
  • cPRex Jurassic Moderator

    It's afraid - it's like when you take your car to the mechanic and it stops making that weird noise!

    0
  • milo695

    Guys, do we ignore this warrning and Bluehost patch or?
    Same problem on my AlmaLinux 9

    0
  • cPRex Jurassic Moderator

    At this time you can ignore the warnings.

    0
  • milo695

    got it chief

    0
  • Gilberto David

    i have the same problem, but when i run 

    kcarectl --info

    the result:

    This kernel doesn't require any patches.

    tha i still getting the same msg:

     Add KernelCare’s Free Symlink Protection.

    This free patch set protects your system from symlink attacks. Add KernelCare’s Free Patch Set. Add KernelCare’s Free Symlink Protection. NOTE: This is not the full KernelCare product and service.

    0

Please sign in to leave a comment.