Skip to main content

AlmaLinux 8.10 / cPanel/WHM and Add KernelCare’s Free Symlink Protection

Comments

11 comments

  • MegaBytu

    Unfortunately not. After investigation I have concluded that is a bad user experience in WHM/cPanel.

    If current installed kernel is not yet supported by KernelCare (for example current kernel is newly released), Security Advisor interface continues to suggest "Add KernelCare’s Free Symlink Protection", but on click returns a blank page, although KernelCare is correctly installed but no Symlink Protection Patch is not availabile for current kernel version.

    Instead of a blank page which suggests a potential issue, the Security Advisor should prompt a message such as: "You have succesfuly installed KernelCare. KernelCare and Symlink Protection is not yet availabile for your current kernel version, but will be applied automatically when KernelCare will support your kernel in the future".

    The current experience creates the impression that there is a bug/installation error, until you investigate logs and until you get in touch with KernelCare support.

    0
  • cPRex Jurassic Moderator

    MegaBytu - so basically you're saying the tool should be smart enough to detect if the kernel isn't yet supported and then remove the option from the WHM >> Security Advisor page, or provide a better warning, or some other improved user experience, right?

    0
  • MegaBytu

    At this moment you click on "Add KernelCare’s Free Symlink Protection" and you don't know what is happening, and without any confirmation the click action installs KernelCare/Libcare, but if the kernel is not (yet) supported it provides a blank page. Without analysing the logs you simply don't know what happened.

    What I suggest is that Security Advisor to analyse the following cases and display the informational message accordingly:

    (1) If KernelCare is not yet installed Security Advisor should display an informational message such as "Add KernelCare’s Free Symlink Protection (this action will install KernelCare and apply Free Symlink Protection Patch if your kernel is supported)"

    (2) If KernelCare is installed but kernel is not (yet) supported by KernelCare, Security Advisor should display an informational message such as "KernelCare is installed, but your Kernel is not (yet) supported, so KernelCare’s Free Symlink Protection is not (yet) availabile for your server. Free Symlink Protection Patch will be applied automatically when the support for your kernel will become availabile". As I understand that will happen, KernelCare is installed, it checks periodically to see if the kernel is supported, and if support is found, it applies patches provided by KernelCare, such as Free Symlink Protection. At this moment Security Advisor continues to prompt for "Add KernelCare’s Free Symlink Protection", which on click returns a blank page.

     

     

    0
  • cPRex Jurassic Moderator

    Sounds like a good plan to me!  So good in fact, that I submitted a case with the following text a few months ago:

    When clicking the "Add KernelCare's Free Symlink Protection" link in WHM >> Security Center, it just performs the installation right then without notifying the user what is happening.  The Security Center page will just refresh, which looks like an error to the user, and it is not obvious the tool has been installed.

    Additionally, the URL for that link of https://10.2.32.191:2087/cpsess2319248918/scripts13/add_kernelcare_free_symlink_protection doesn't actually exist, as in you can't navigate to the page directly, adding to the confusion, as a user may try and go directly to that or open it in a new tab.

    There is a temporary splash screen that shows up saying it is installing the software, but on fast machines with fast connections, it moves too quickly to be read or may not show up at all.

    I'm going to reach out to the developers to see if that's something they can get adjusted.

    0
  • MegaBytu

    That is correct.

    The fact that KernelCare is a good software reduced the frustration that it got installed by clicking on a informational-like link, without any warning or confirmation.

    But, cPanel should avoid in general this practice of installing software automatically by clicking on informational-like links, without any clear information that on-click something will be installed, and without any confirmation that user agrees something will be installed.

    This user experience is bad and is very common to Microsoft products, which is what many of us are trying to avoid, because of huge bloating of a basic product with useless other products. One cPanel example is WP Toolkit, which got installed on many servers because a junior sysadmin clicked Next or something like that, at a point in time, in the Feature Showcase. That is not OK.

    If KernelCare would present risks of damaging the system, or if would be a bad software, this would become very frustrating.

     

    0
  • cPRex Jurassic Moderator

    Oh for sure - there needs to be some type of confirmation in there.

    I've brought this up again with the team. The case is CPANEL-43860 although I don't have a way for you to follow along with this one, but I've added a link to this thread as well so I can keep this updated if I hear more details.

    0
  • MegaBytu

    Thank you!

    0
  • cPRex Jurassic Moderator

    You're very welcome!

    0
  • ruyman

    Hello!

    This information is very helpful as I have had the same problem and was confused. (4.18.0-553.5.1.el8_10.x86_64)

    Thanks!

    0
  • PPNSteve

    Same problem.. no idea if it actually installed or not. Just takes me back to the  cPanel Security Advisor page..

    1

Please sign in to leave a comment.