SOLVED Can not install KernelCare's Free Patch

Nirjonadda

Well-Known Member
May 8, 2013
736
27
78
cPanel Access Level
Root Administrator
Add KernelCare's Free Symlink Protection link does not work. When clicking this link from cPanel Security Advisor this show Ensuring that KernelCare is installed ... The installation of KernelCare failed on this system.

Code:
Ensuring that KernelCare is installed ...

The installation of KernelCare failed on this system.
Also SSH command not working.

Code:
[[email protected] ~]# kcarectl --set-patch-type free --update
-bash: kcarectl: command not found
[[email protected] ~]#
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Does need kernelcare paid license key for Add KernelCare's Free Symlink Protection?
No, you do not.

Also SSH command not working.
Right, if the installation failed you won't be able to set the patch type.

What is the output of the following?

Code:
uname -a
Code:
curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash
 

Nirjonadda

Well-Known Member
May 8, 2013
736
27
78
cPanel Access Level
Root Administrator
The output of the following:

Code:
[[email protected] ~]# uname -a
Linux hostname.mysite.com 3.10.0-1062.9.1.el7.x86_64 #1 SMP Fri Dec 6 15:49:49 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
The output of the following:

Code:
Running transaction
  Installing : pyOpenSSL-0.13.1-4.el7.x86_64                                                                                                                                                                                             1/2
  Installing : kernelcare-2.23-1.el7.x86_64                                                                                                                                                                                              2/2
  Verifying  : kernelcare-2.23-1.el7.x86_64                                                                                                                                                                                              1/2
  Verifying  : pyOpenSSL-0.13.1-4.el7.x86_64                                                                                                                                                                                             2/2

Installed:
  kernelcare.x86_64 0:2.23-1.el7

Dependency Installed:
  pyOpenSSL.x86_64 0:0.13.1-4.el7
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hello @Nirjonadda

Your kernel supports the free patch and it looks like running the script directly didn't encounter any issues:

Code:
Installed:
  kernelcare.x86_64 0:2.23-1.el7
Now you should be able to run the following:
Code:
kcarectl --set-patch-type free --update
 
  • Like
Reactions: Nirjonadda

Nirjonadda

Well-Known Member
May 8, 2013
736
27
78
cPanel Access Level
Root Administrator

sparek-3

Well-Known Member
Aug 10, 2002
2,021
226
368
cPanel Access Level
Root Administrator
It's important to note... and maybe this needs to be made sticky or somehow better stressed by Kernelcare or cPanel or someone....

The 3.10.0-1062.12.1 kernel was just released yesterday (2020-02-05)... Kernelcare tends to not get into much of a hurry to release updates for new kernels. It may be a week or two before they patch based on this kernel.

New kernels released by CentOS will take ... at least a few days (possibly weeks) ... before they are picked up by Kernelcare for their patching.

This applies to both the free symlink patch and the paid for service.

I suppose they pay more attention to their own CloudLinux based kernels (and that's certainly understandable). But at least the CentOS kernel tends to lag behind. I suspect their other distro based kernels also lag behind but I can't speak to that.

Bottom Line: You just updated the kernel on your server... don't expect instant patching with Kernelcare.
 
  • Like
Reactions: cPanelLauren

quietFinn

Well-Known Member
Feb 4, 2006
1,299
127
193
Finland
cPanel Access Level
Root Administrator
I suppose they pay more attention to their own CloudLinux based kernels (and that's certainly understandable). But at least the CentOS kernel tends to lag behind. I suspect their other distro based kernels also lag behind but I can't speak to that.
They are not very fast with their own kernels either.
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
New kernels released by CentOS will take ... at least a few days (possibly weeks) ... before they are picked up by Kernelcare for their patching.
In most cases it's a few days but there is definitely lead time between when a new kernel is released and when the updated version of the KernelCare Symlink protection patch is available.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
You shouldn't be installing kernelcare when you already have it installed and if you're using the full product you would not be using the free patch. As has already been noted, there is a delay between when a new kernel is released and when it is available for not only kernelcare the full product but for the free patch as well.