SOLVED Can not install KernelCare's Free Patch

[Nirjonadda]

Add KernelCare's Free Symlink Protection link does not work. When clicking this link from cPanel Security Advisor this show Ensuring that KernelCare is installed ... The installation of KernelCare failed on this system.

Ensuring that KernelCare is installed ...

The installation of KernelCare failed on this system.

Also SSH command not working.

[root@na ~]# kcarectl --set-patch-type free --update
-bash: kcarectl: command not found
[root@na ~]#

 

[vacancy]

What is the result of the command?

yum list kernelcare

 

[Nirjonadda]

What is the result of the command?

yum list kernelcare

Does need kernelcare paid license key for Add KernelCare's Free Symlink Protection?

 

[cPanelLauren]

Does need kernelcare paid license key for Add KernelCare's Free Symlink Protection?

No, you do not.

Also SSH command not working.

Right, if the installation failed you won't be able to set the patch type.

What is the output of the following?

uname -a

curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash

 

[Nirjonadda]

uname -a

The output of the following:

[root@na ~]# uname -a
Linux hostname.mysite.com 3.10.0-1062.9.1.el7.x86_64 #1 SMP Fri Dec 6 15:49:49 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

The output of the following:

curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash

Running transaction
  Installing : pyOpenSSL-0.13.1-4.el7.x86_64                                                                                                                                                                                             1/2
  Installing : kernelcare-2.23-1.el7.x86_64                                                                                                                                                                                              2/2
  Verifying  : kernelcare-2.23-1.el7.x86_64                                                                                                                                                                                              1/2
  Verifying  : pyOpenSSL-0.13.1-4.el7.x86_64                                                                                                                                                                                             2/2

Installed:
  kernelcare.x86_64 0:2.23-1.el7

Dependency Installed:
  pyOpenSSL.x86_64 0:0.13.1-4.el7

 

[cPanelLauren]

Hello @Nirjonadda

Your kernel supports the free patch and it looks like running the script directly didn't encounter any issues:

Installed:
  kernelcare.x86_64 0:2.23-1.el7

Now you should be able to run the following:

kcarectl --set-patch-type free --update

 

[Nirjonadda]

Fixed, Thanks

 

[Nirjonadda]

@cPanelLauren Toady updated kernel version then now does not working Free Patch.

[root@na ~]# uname -r
3.10.0-1062.12.1.el7.x86_64
[root@na ~]#

[root@na ~]# kcarectl --patch-info
This kernel doesn't require any patches.
[root@na ~]# kcarectl --set-patch-type free --update
'free' patch type is unavailable for your kernel
[root@na ~]# kcarectl -i
This kernel doesn't require any patches.
[root@na ~]#

 

[sparek-3]

It's important to note... and maybe this needs to be made sticky or somehow better stressed by Kernelcare or cPanel or someone....

The 3.10.0-1062.12.1 kernel was just released yesterday (2020-02-05)... Kernelcare tends to not get into much of a hurry to release updates for new kernels. It may be a week or two before they patch based on this kernel.

New kernels released by CentOS will take ... at least a few days (possibly weeks) ... before they are picked up by Kernelcare for their patching.

This applies to both the free symlink patch and the paid for service.

I suppose they pay more attention to their own CloudLinux based kernels (and that's certainly understandable). But at least the CentOS kernel tends to lag behind. I suspect their other distro based kernels also lag behind but I can't speak to that.

Bottom Line: You just updated the kernel on your server... don't expect instant patching with Kernelcare.

 

[quietFinn]

I suppose they pay more attention to their own CloudLinux based kernels (and that's certainly understandable). But at least the CentOS kernel tends to lag behind. I suspect their other distro based kernels also lag behind but I can't speak to that.

They are not very fast with their own kernels either.

 

[cPanelLauren]

New kernels released by CentOS will take ... at least a few days (possibly weeks) ... before they are picked up by Kernelcare for their patching.

In most cases it's a few days but there is definitely lead time between when a new kernel is released and when the updated version of the KernelCare Symlink protection patch is available.

 

[Thiago Vagostelo]

Hi, I'm having the same issue.

uname -a

Return

curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash

Return



And when I try to use the free version I have this erro:

 

[Nirjonadda]

This fixed will releasing: CentOS 7.8 kernel free-patch support?

 

[cPanelLauren]

You shouldn't be installing kernelcare when you already have it installed and if you're using the full product you would not be using the free patch. As has already been noted, there is a delay between when a new kernel is released and when it is available for not only kernelcare the full product but for the free patch as well.

 

[cPanelLauren]

This fixed will releasing: CentOS 7.8 kernel free-patch support?

Based on that you're looking at 5 days for the update.