The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Does CPanel automatically patch / upgrade Kernel Vulnerabilities.

Discussion in 'General Discussion' started by infra001, Dec 21, 2008.

  1. infra001

    infra001 Registered

    Joined:
    Oct 20, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hi there :)

    I have a CPanel server running CPanel 11.

    Details follow:

    Code:
    WHM 11.23.2 cPanel 11.23.6-S27698
    FEDORA 5 i686 on standard - WHM X v3.1.0 
    My server has been up just under a year, and I'm worried there could be an issue with the Kernel now, however I can't see to find any updates for it - so I'm assuming it's safe (..but would rather be 100% sure)

    System information follow:

    Code:
    root@removed [~]# uptime
     16:23:12 up 317 days,  8:00,  1 user,  load average: 0.49, 0.60, 0.51
    
    root@removed [~]# uname -a
    Linux some-secret-domain.com 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686 i686 i386 GNU/Linux
    
    Thanks for your input / help.
     
  2. zigzam

    zigzam Well-Known Member

    Joined:
    May 9, 2005
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    16
    It does not upgrade your kernel.

    You can use Yum to upgrade it if using Centos, but if you dont know what you are doing I would recommend getting a professional to do it for you.

    Also your kernel is very old and should be upgraded ASAP.
     
  3. sirotex

    sirotex Well-Known Member

    Joined:
    Jul 10, 2008
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Really you shouldn't use the default kernel anyways. Use grsec for linux.
     
  4. infra001

    infra001 Registered

    Joined:
    Oct 20, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I know this isn't really the place to ask, but I tried checking with Yum if there was a new Kernel. It seems I am running the latest... Which is well over a year old.

    As there's no newer version, would it be safe to assume that the kernel I'm running is therefore secure?

    My Kernel: 2.6.20-1.2320.fc5smp #1 SMP

    Code:
    root@secret [/etc/yum.repos.d]# yum search kernel |grep 2.6
    kernel-smp.i686                          2.6.15-1.2054_FC5      core
    kernel-xenU.i686                         2.6.15-1.2054_FC5      core
    cman-kernel-smp.i686                     2.6.15.1-0.FC5.16      core
    kernel-xen0-devel.i686                   2.6.15-1.2054_FC5      core
    GFS-kernel-smp.i686                      2.6.15.1-5.FC5.17      core
    gnbd-kernel-xen0.i686                    2.6.15-5.FC5.23        core
    GFS-kernel-xenU.i686                     2.6.15.1-5.FC5.17      core
    GFS-kernheaders.i686                     2.6.15.1-5.FC5.17      core
    iproute.i386                             2.6.15-1.2             core
    capabilities of the Linux 2.4.x and 2.6.x kernel.
    kernel-doc.noarch                        2.6.15-1.2054_FC5      core
    cman-kernheaders.i686                    2.6.15.1-0.FC5.16      core
    cman-kernel-xen0.i686                    2.6.15.1-0.FC5.16      core
    GFS-kernel-xen0.i686                     2.6.15.1-5.FC5.17      core
    kernel-xenU-devel.i686                   2.6.15-1.2054_FC5      core
    kernel.i686                              2.6.15-1.2054_FC5      core
    must be used. In the 2.6 series other device names may be used as
    gnbd-kernel-xenU.i686                    2.6.15-5.FC5.23        core
    kernel.i586                              2.6.15-1.2054_FC5      core
    User space tools for 2.6 kernel auditing.
    the audit subsystem in the Linux 2.6 kernel.
    kernel-devel.i686                        2.6.15-1.2054_FC5      core
    cman-kernel-xenU.i686                    2.6.15.1-0.FC5.16      core
    dlm-kernel-smp.i686                      2.6.15.1-0.FC5.14      core
    kernel-devel.i586                        2.6.15-1.2054_FC5      core
    kernel-kdump-devel.i686                  2.6.15-1.2054_FC5      core
    cman-kernel.i686                         2.6.15.1-0.FC5.16      core
    gnbd-kernel.i686                         2.6.15-5.FC5.23        core
    dlm-kernel.i686                          2.6.15.1-0.FC5.14      core
    kernel-smp-devel.i686                    2.6.15-1.2054_FC5      core
    kernel-kdump.i686                        2.6.15-1.2054_FC5      core
    gnbd-kernheaders.i686                    2.6.15-5.FC5.23        core
    dlm-kernheaders.i686                     2.6.15.1-0.FC5.14      core
    kernel-xen0.i686                         2.6.15-1.2054_FC5      core
    dlm-kernel-xen0.i686                     2.6.15.1-0.FC5.14      core
    gnbd-kernel-smp.i686                     2.6.15-5.FC5.23        core
    GFS-kernel.i686                          2.6.15.1-5.FC5.17      core
    dlm-kernel-xenU.i686                     2.6.15.1-0.FC5.14      core
    version 2.6.21, the kernel no longer has a fixed 1000Hz timer tick. This
    version 2.6.21, the kernel no longer has a fixed 1000Hz timer tick. This
    In the 2.6 series any device node the understands a SCSI command set
    kernel.i686                              2.6.20-1.2316.fc5      installed
    iproute.i386                             2.6.16-1.fc5           installed
    capabilities of the Linux 2.4.x and 2.6.x kernel.
    kernel-smp.i686                          2.6.20-1.2320.fc5      installed
    kernel-smp.i686                          2.6.20-1.2316.fc5      installed
    
     
  5. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
    You're running Fedora 5, which hasn't been supported for a while now I believe. I doubt that there will be any new updates for the kernel, and I wouldn't consider it secure either.

    You might want to look into updating to a distribution that has a longer life cycle, like CentOS.
     
  6. infra001

    infra001 Registered

    Joined:
    Oct 20, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Upgrading the distribution would be a royal pain in the ass, especially at this time of the year.

    Is there any Custom Kernels you could recommend that won't fubar CPanel?
     
  7. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
    You could compile a recent kernel with grsec and use that.
     
  8. StevenC

    StevenC Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    Upgrading the operating system really isn't all that hard or time consuming.

    But if your going to need to compile a kernel from scratch. Be it a vanilla kernel or a kernel with grsecurity added to it.
     
  9. infra001

    infra001 Registered

    Joined:
    Oct 20, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for all your help, I decided I'm just going to attach a KVMoIP and upgrade the kernel remotely. Might think about a OS upgrade after the holidays.
     
Loading...

Share This Page