Full Kernelcare Product and prevention of symlink ownership attacks
I have purchased the full kernelcare product and I'm on
AlmaLinux release 9.3
/usr/local/cpanel/version:11.116.0.11
/var/cpanel/envtype:standard
CPANEL=release
Server version: Apache/2.4.58 (cPanel)
PHP 8.2.15
I run
# kcarectl --patch-info
OS: almalinux9
kernel: kernel-5.14.0-362.13.1.el9_3
time: 2024-01-29 13:33:01
uname: 5.14.0-362.13.1.el9_3
If I run
# kcarectl --set-patch-type extra --update
'extra' patch type is unavailable for your kernel
# kcarectl --check
The latest patch is applied.
# kcarectl --update
Updates already downloaded
No updates are needed for this kernel
Kernel is safe
However I still get the notification on security advisor " Kernel does not support the prevention of symlink ownership attacks."
I checked https://support.cpanel.net/hc/en-us/articles/4409416800919-How-to-enable-symlink-protection-with-KernelCare and tried to find the file /etc/sysconfig/kcare/sysctl.conf which doesn't exist.
Please advise, thank you in advance
-
it is always the same crap after every kernel update that symlink protection patch no longer works and it always takes ages before there is a new patch.
it either says "'extra' patch type is unavailable for your kernel" or "No updates are needed for this kernel kernel is safe" but that is a lie !!!!
Cloudlinux get your act together and .....2 -
Hey there! I reached out to KernelCare directly about this since I'm also getting some odd results when I test with AlmaLinux 9, but I haven't heard back from them yet. I'll be sure to reply as son as I hear something!
1 -
You shouldn't need to use the free patch when you're a paid customer.
I still haven't heard back from KernelCare about this issue.
1 -
cPRex I did a few months ago but the conclusion was that the message in the security advisor (Kernel does not support the prevention of symlink ownership attacks.) is probably a false report and that my server "should" be secure.
1 -
I think the reason for this is that under extra patchset no patched kernel is available yet for this type of OS however the symlink protection is also available under the free one which might work in your case so can you give this a try:
kcarectl –set-patch-type free –update
then follow the instructions above.
Andrew N. - cPanel Plesk VMWare Certified Professional
Do you need immediate assistance? 20 minutes response time!*
EmergencySupport - Professional Server Management and One-time Services0 -
# kcarectl --set-patch-type free --update
'free' patch type is unavailable for your kernel0 -
I just heard back from KernelCare and they aren't aware of this issue on their end. Could you submit a ticket and then we can get it escalated to KernelCare for you?
0 -
I guess I can do that, does the ticket require access to my server?
0 -
Yes, they would require access to troubleshoot this behavior.
0 -
I have the same problem... no news?
0 -
AmedeoSca - I don't see any additional details on my end for this problem, so it would likely be best to submit a ticket.
0 -
cPRex what does kernelcare report on your almalinux 9 box, does it still have issues?
0 -
So far we haven't been able to reproduce this - could someone in this thread submit a ticket and then we can escalate it to KernelCare directly?
0 -
From here seems that the latest kernel havo no patch....
https://patches.kernelcare.com/?search=&distro=almalinux9-arm64&type=kernel
0 -
Excuse me, this is the right link
https://patches.kernelcare.com/?search=5.14.0-362.18.1.el9_3&distro=almalinux9&type=kernel
0 -
I opened a ticket with kernelcare. It seems that Kernelcare symlink protection doesn't exist for Almalinux 9 yet:
"We clarified with developers and informing you that Almalinux 9 patch for symlink protection is yet to be implemented and, unfortunately, we cannot yet say when it will be done."
If I ever notice that it works as intended I will update this thread. If you notice earlier than me feel free to update this thread as well. For the time being Kernelcare doesn't provide symlink protection for Almalinux 9
0 -
Thanks for sharing!
0 -
We're seeing the same issue with Almalinux8.9 Kernel 4.18.0-513.18.2.el8_9.x86_64
Kernel is not listed on compatibility list.
Ticket submitted with Cloudlinux
0 -
Let us know what they say!
0 -
They came back with the following:-
"4.18.0-513.18.2.el8_9.x86_64"
is not yet supported by us, and the "extra" patchThe first set of patches for this kernel should be released in the next few weeks. We just need to double-check that the symlink parameters are already configured, for example:
cat /etc/sysconfig/kcare/sysctl.conf
fs.enforce_symlinksifowner=10 -
That's often the case if the kernel is brand new - it takes a bit of dev time for them to get it added to their tools.
0 -
Can confirm this morning Cloudlinux have already patched the kernel.
Extra patch set and symlink protection can now be enabled.
0 -
Nice - that was quick!
0 -
kcarectl --set-patch-type extra --update
'extra' patch type is unavailable for your kernel0 -
AmedeoSca - it's possible it just isn't available for your kernel because it's not supported or because it is too new.
0 -
I've got the same problem with Rocky linux 9, Kernel does not support the prevention of symlink ownership attacks. for months with the paid KernelCare.
0 -
filoucp - if it's been happening for months, it's time to make a ticket.
0
Please sign in to leave a comment.
Comments
27 comments