Add KernelCare’s Free Symlink Protection
I have just upgraded OS to Rocky8
OS
When I run cPanel Security Advisor I get the following:
Kernel does not support the prevention of symlink ownership attacks.
You do not appear to have any symlink protection enabled through a properly patched kernel on this server, which provides additional protections beyond those solutions employed in userland. Please review the documentation to learn how to apply this protection.
Add KernelCare’s Free Symlink Protection.
This free patch set protects your system from symlink attacks. Add KernelCare’s Free Patch Set. Add KernelCare’s Free Symlink Protection. NOTE: This is not the full KernelCare product and service.
You can protect against this in multiple ways. Please review the following documentation to find a solution that is suited to your needs.
A KernelCare update is available.
You must take one of the following actions to ensure the system is up-to-date:
- Patch the kernel (run “kcarectl --update” on the command line).
- Update the system (run “yum -y update” on the command line), and reboot the system.
----
However, when I run the kcarectl --update in ssh, I get "downloading updates" and then "complete". When I restart the server and re-run the security advisor, I get the exact same message. It appears symlink protection has not been added.
If I click on the "Add KernelCare’s Free Symlink Protection." in whm, it navigates to "https://serveraddress:2087/cpsess7608784606/scripts13/add_kernelcare_free_symlink_protection" and just reloads the security advisor page with the same warning messages.
-
Can you go to Terminal in WHM and execute this command?
kcarectl --info
Andrew N. - cPanel Plesk VMWare Certified Professional
Do you need immediate assistance? 20 minutes response time!*
EmergencySupport - Professional Server Management and One-time Services0 -
[root@~]# kcarectl --info
No patches applied, but some are available, run 'kcarectl --update'.
[root@~]# kcarectl --update
Downloading updates
HTTP Error 401: Unauthorized: https://patches.kernelcare.com/patches/K20240119_03/c843b85222f88820f3a259673ae462735ed23f09/1/kpatch.bin
[root@~]#0 -
OK I contacted Cloudlinux to get support and they told me to uninstall the kernel care
yum remove kernelcare
Then reinstall it:
curl -s https://repo.cloudlinux.com/
kernelcare/kernelcare_install. | bashsh
kcarectl --set-patch-type free --updatePlease note that in some cases, you'll get the following message:
'free' patch type is unavailable for your kernel
That means that the kernel you're running has been released very recently and there are no patches yet for it.
I think they are very slow in supporting kernel updates.... we shall see (I am using up to date kernel)
2 -
This is still bugging me.
I can't figure out if the machine is covered against symlinks or not.
This is what I am seeing:
1) If I run kcarectl --update I get:
Downloading updates
The IP 12.3.45.6 was already used for a trial license on 2018-05-152) yum remove kernelcare
Removed:
kernelcare-2.85-2.el9.x86_64Complete!
3) curl -s https://repo.cloudlinux.com/
kernelcare/kernelcare_install. | bashsh Installed:
kernelcare-2.85-2.el9.x86_64Complete!
4) kcarectl --set-patch-type free --update
Downloading updates
The IP 12.3.45.6 was already used for a trial license on 2018-05-15Seems to be stuck in some kind of loop. Security Advisor still says
Kernel does not support the prevention of symlink ownership attacks.
Add KernelCare’s Free Symlink Protection.
So your assistance on this would be appreciated.
0 -
We'll need a ticket on this one to look into the license problem - I'm not able to do anything with licenses over the Forums, unfortunately.
0 -
Hi cPRex
It's not a license thing... we are using the free version... but it's just going around in a loop.
0 -
We're still going to need a ticket on this one :D - there's KernelCare, Imunify, Rocky, all talking to each other, and something is clearly not working as intended on your system or it wouldn't be taking this long to track down.
0 -
Here it is: #95279186
0 -
It looks like our team found this issue:
but we were also able to confirm that your kernel itself is on the latest version with no vulnerabilities.
0 -
Sorry for the cross post, I hadn't remembered this one. I opened another here: https://support.cpanel.net/hc/en-us/community/posts/25873975759895-kernel-care-free-patch-set
> It looks like our team found this issue:
If this is the case, why keep showing that message in WHM ?
0
Please sign in to leave a comment.
Comments
10 comments