Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

In Progress [CPANEL-24474] Offer advice in the Security Advisor when the "KernelCare Gap" is in effect

Discussion in 'General Discussion' started by WorkinOnIt, Dec 16, 2018.

  1. WorkinOnIt

    WorkinOnIt Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    168
    Likes Received:
    24
    Trophy Points:
    18
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    #1 WorkinOnIt, Dec 16, 2018
    Last edited: Dec 16, 2018
    hoseke likes this.
  2. hoseke

    hoseke Member

    Joined:
    Jan 4, 2012
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    I have the same issue @WorkinOnIt on all my servers, this looks like a common kernel problem.
     
  3. jsw4

    jsw4 Member

    Joined:
    Oct 8, 2014
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    I'm also seeing this. I note that the RHEL/CentOS release level of kernel on most recent updates was incremented. (862 to 957). There is not yet a patch available in the KernelCare download directory for this kernel.

    I do not remember activating this free service. Was this automatically done by a cPanel update? Is there a way to check status of free patch installation and installation date?
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,528
    Likes Received:
    2,180
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Everyone,

    Internal case CPANEL-24474 is open to add functionality in Security Advisor that will detect and advise administrators about the KernelCare "gap" that occurs when KernelCare has yet to release a patched kernel that's as up to date as the CentOS/RHEL kernel. I'll update this thread with more information on the status of this case as it becomes available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,528
    Likes Received:
    2,180
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi @jsw4,

    KernelCare is not automatically installed. Is it possible you enabled it per the instructions in WHM >> Security Advisor? You can read about it at:

    Symlink Race Condition Protection - EasyApache 4 - cPanel Documentation

    As far as the installation history, your YUM log should have that information:

    Code:
    grep kernel /var/log/yum.log
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. thanasis

    thanasis Well-Known Member

    Joined:
    Nov 24, 2017
    Messages:
    64
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Hello,
    i went automatically at 78.0.18 version and my VPSs need to reboot.
    I did them.
    After that i run "Security Advisor".
    I had to run "yum update" and the reboot.
    I did it.
    After that i run again "Security Advisor".
    I had the red notice "Add KernelCare's Free Symlink Protection".
    I clicked at link "Add KernelCare's Free Symlink Protection", then the page reload and i had the same message "Add KernelCare's Free Symlink Protection"
    I did this 3-4 times, also i did a reboot, but i have the same problem.

    I have the same problem with my two VPSs (CENTOS 7.6 v78.0.18)

    Any help?
     

    Attached Files:

    #6 thanasis, Mar 19, 2019
    Last edited: Mar 19, 2019
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,528
    Likes Received:
    2,180
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @thanasis,

    This can happen when KernelCare has yet to release a patch for the current CentOS/RHEL kernel installed on your system. KernelCare patches are typically published a few days after the stock CentOS/RHEL kernels are published. You can confirm this by running the following commands:

    Code:
    uname -r
    kcarectl --info
    If you've recently updated your kernel, then you're likely to see the following output:

    Code:
    # uname -r
    3.10.0-957.10.1.el7.x86_64
    # kcarectl --latest-patch-info
    No patches available
    As you can see on the KernelCare Patches page, a patch for kernel version 3.10.0-957.10.1 is not yet available. Security Advisor will no longer present that warning once KernelCare publishes the patch and it's installed on your system. You can read more about this on the following thread:

    In Progress - [CPANEL-24474] Offer advice in the Security Advisor when the "KernelCare Gap" is in effect

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    thanasis likes this.
  8. thanasis

    thanasis Well-Known Member

    Joined:
    Nov 24, 2017
    Messages:
    64
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Thank you.
     
    cPanelMichael likes this.
  9. WorkinOnIt

    WorkinOnIt Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    168
    Likes Received:
    24
    Trophy Points:
    18
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Yes, I also have the above issue, so just adding my voice to the thread.

    updated to kernel 3.10.0-957.10.1.el7 and also seeing "Kernel does not support the prevention of symlink ownership attacks."

    I assume when Kernelcare release a patch, will it be added automatically?

    Glad to hear an kernelcare gap message is coming, would be useful.
     
  10. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,528
    Likes Received:
    2,180
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Everyone,

    I've merged the posts from additional threads here to keep better track of the number of reports we've received. I'll continue to monitor CPANEL-24474 and update this thread with more information as it becomes available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. WorkinOnIt

    WorkinOnIt Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    168
    Likes Received:
    24
    Trophy Points:
    18
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I received an Update notification from inside WHM. Looks like the new patch is ready - it requires to be installed from command line SSH;

    A KernelCare update is available.You must take one of the following actions to ensure the system is up-to-date:
    • Patch the kernel (run “kcarectl --update” on the command line).
    • Update the system (run “yum -y update” on the command line), and reboot the system.
     
  12. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,528
    Likes Received:
    2,180
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @WorkinOnIt,

    I can confirm the KernelCare patch for kernel-3.10.0-957.10.1.el7 was published and is visible on the KernelCare Patches website. KernelCare enables automatic updates with the following cron job by default:

    Code:
    # cat /etc/cron.d/kcare-cron
    15 */4  * * * root /usr/bin/kcarectl -q --auto-update
    If you've disabled automatic updates, run kcarectl --update on the command line as noted in the email notification.

    Note that while this addresses the issue for now, I'll continue to monitor CPANEL-24474 and report the outcome here once it's available.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice