In Progress [CPANEL-24474] Offer advice in the Security Advisor when the "KernelCare Gap" is in effect

jsw4

Member
Oct 8, 2014
12
1
3
cPanel Access Level
Root Administrator
I'm also seeing this. I note that the RHEL/CentOS release level of kernel on most recent updates was incremented. (862 to 957). There is not yet a patch available in the KernelCare download directory for this kernel.

I do not remember activating this free service. Was this automatically done by a cPanel update? Is there a way to check status of free patch installation and installation date?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello Everyone,

Internal case CPANEL-24474 is open to add functionality in Security Advisor that will detect and advise administrators about the KernelCare "gap" that occurs when KernelCare has yet to release a patched kernel that's as up to date as the CentOS/RHEL kernel. I'll update this thread with more information on the status of this case as it becomes available.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
I do not remember activating this free service. Was this automatically done by a cPanel update? Is there a way to check status of free patch installation and installation date?
Hi @jsw4,

KernelCare is not automatically installed. Is it possible you enabled it per the instructions in WHM >> Security Advisor? You can read about it at:

Symlink Race Condition Protection - EasyApache 4 - cPanel Documentation

As far as the installation history, your YUM log should have that information:

Code:
grep kernel /var/log/yum.log
Thank you.
 

thanasis

Well-Known Member
Nov 24, 2017
73
4
8
Greece
cPanel Access Level
Root Administrator
Hello,
i went automatically at 78.0.18 version and my VPSs need to reboot.
I did them.
After that i run "Security Advisor".
I had to run "yum update" and the reboot.
I did it.
After that i run again "Security Advisor".
I had the red notice "Add KernelCare's Free Symlink Protection".
I clicked at link "Add KernelCare's Free Symlink Protection", then the page reload and i had the same message "Add KernelCare's Free Symlink Protection"
I did this 3-4 times, also i did a reboot, but i have the same problem.

I have the same problem with my two VPSs (CENTOS 7.6 v78.0.18)

Any help?
 

Attachments

Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello @thanasis,

This can happen when KernelCare has yet to release a patch for the current CentOS/RHEL kernel installed on your system. KernelCare patches are typically published a few days after the stock CentOS/RHEL kernels are published. You can confirm this by running the following commands:

Code:
uname -r
kcarectl --info
If you've recently updated your kernel, then you're likely to see the following output:

Code:
# uname -r
3.10.0-957.10.1.el7.x86_64
# kcarectl --latest-patch-info
No patches available
As you can see on the KernelCare Patches page, a patch for kernel version 3.10.0-957.10.1 is not yet available. Security Advisor will no longer present that warning once KernelCare publishes the patch and it's installed on your system. You can read more about this on the following thread:

In Progress - [CPANEL-24474] Offer advice in the Security Advisor when the "KernelCare Gap" is in effect

Thank you.
 
  • Like
Reactions: thanasis

WorkinOnIt

Well-Known Member
Aug 3, 2016
195
27
28
UK
cPanel Access Level
Root Administrator
Yes, I also have the above issue, so just adding my voice to the thread.

updated to kernel 3.10.0-957.10.1.el7 and also seeing "Kernel does not support the prevention of symlink ownership attacks."

I assume when Kernelcare release a patch, will it be added automatically?

Glad to hear an kernelcare gap message is coming, would be useful.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello Everyone,

I've merged the posts from additional threads here to keep better track of the number of reports we've received. I'll continue to monitor CPANEL-24474 and update this thread with more information as it becomes available.

Thank you.
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
195
27
28
UK
cPanel Access Level
Root Administrator
I received an Update notification from inside WHM. Looks like the new patch is ready - it requires to be installed from command line SSH;

A KernelCare update is available.You must take one of the following actions to ensure the system is up-to-date:
  • Patch the kernel (run “kcarectl --update” on the command line).
  • Update the system (run “yum -y update” on the command line), and reboot the system.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello @WorkinOnIt,

I can confirm the KernelCare patch for kernel-3.10.0-957.10.1.el7 was published and is visible on the KernelCare Patches website. KernelCare enables automatic updates with the following cron job by default:

Code:
# cat /etc/cron.d/kcare-cron
15 */4  * * * root /usr/bin/kcarectl -q --auto-update
If you've disabled automatic updates, run kcarectl --update on the command line as noted in the email notification.

Note that while this addresses the issue for now, I'll continue to monitor CPANEL-24474 and report the outcome here once it's available.

Thanks!
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
195
27
28
UK
cPanel Access Level
Root Administrator
Just another update to say latest kernel is also not supported by kernel care at the moment;;

Dec 7 2019

Cron /usr/bin/kcarectl --auto-update

Unknown Kernel (CentOS Linux 3.10.0-1062.9.1.el7.x86_64)



@cPanelMichael - is there an internal case still open to advise this matter in the security advisor in WHM ?