Adding KernelCare patch via command line

CanSpace · Sep 25, 2018

We use a script to provision new servers and one step we'd like to add is provisioning kernelcare's free symlink patch automatically.

How can this be done via the command line? Assuming this is on a brand new server with a standard kernel.

dalem · Sep 25, 2018

add a bash script to run something like this

--------------------------------
#!/bin/bash
curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash
kcarectl --set-patch-type free --update
echo "fs.enforce_symlinksifowner = 1" >>/etc/sysconfig/kcare/sysctl.conf
echo "fs.symlinkown_gid = 99" >>/etc/sysconfig/kcare/sysctl.conf
sysctl -w fs.enforce_symlinksifowner=1
sysctl -w fs.symlinkown_gid=99
-----------------------------------------

CanSpace · Sep 26, 2018

Are these the exact steps that WHM takes when it is enabled via WHM?

dalem · Sep 26, 2018

You cant enable it VIA WHM it is a kernel module it has to be installed

the steps above are form the CloudLinux install instructions for cpanel servers

CanSpace · Sep 26, 2018

Actually it can be enabled via WHM. If you click the security advisor link in WHM it will warn you that symlink protection is not installed and provide you with a link to add the free kernelcare patch (which it will do for you). I want to know how to do this via teh command line.

dalem · Sep 26, 2018

Update read Wrong

Yes as stated that is the instructions from the cloudLinux website

CanSpace · Sep 26, 2018

Sigh. No you are incorrect - you can add the free kernelcare patch via WHM, and that is what I am trying to figure out how to do via the command line. Thanks for your assistance but it is not useful.

dalem · Sep 26, 2018

Updated above New feature I was not aware of
yes those are the CLI instructions direct from cloudLinux

dalem · Sep 26, 2018

Just fyi The installer in WHM does not install the extra patch set

sysctl -w fs.enforce_symlinksifowner=1
sysctl -w fs.symlinkown_gid=99

cPanelLauren · Sep 26, 2018

Hello @CanSpace

The instructions provided were correct. That is the way to add symlink protection over CLI. If you want to add it through WHM you'll need to run the security advisor at WHM>>Security Center>>Security advisor this calls a perl module:
Code:
/usr/local/cpanel/Cpanel/Security/Advisor/Assessors/Kernel.pm
Because this is a perl module with many different functions it's not available as a WHMAPI1 function and is best/easiest done using CloudLinux's instructions pending your Kernel is stock CentOS

Thanks!

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Adding KernelCare patch via command line

CanSpace Member

dalem Well-Known Member PartnerNOC

CanSpace Member

dalem Well-Known Member PartnerNOC

CanSpace Member

dalem Well-Known Member PartnerNOC

CanSpace Member

dalem Well-Known Member PartnerNOC

dalem Well-Known Member PartnerNOC

cPanelLauren Forums Analyst II Staff Member

Adding to CSF's Temporary Deny via PHP

Error adding account

Adding Dedicated IPs in AWS

Adding RoundCube RPM question

Adding Comodo WAF rules

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Adding KernelCare patch via command line

CanSpace Member

dalem Well-Known Member PartnerNOC

CanSpace Member

dalem Well-Known Member PartnerNOC

CanSpace Member

dalem Well-Known Member PartnerNOC

CanSpace Member

dalem Well-Known Member PartnerNOC

dalem Well-Known Member PartnerNOC

cPanelLauren Forums Analyst II Staff Member

Adding to CSF's Temporary Deny via PHP

Error adding account

Adding Dedicated IPs in AWS

Adding RoundCube RPM question

Adding Comodo WAF rules

Share This Page