Free SymLink Protection from KernelCare (Post 5,000 lol)

Operating System & Version
CentOS 7.9 (3.10.0-1160.6.1.el7.x86_64)
cPanel & WHM Version
90.0.17

Kenny M.

Registered
Mar 21, 2017
4
0
1
New York, NY
cPanel Access Level
Root Administrator
Sorry guys I read endless threads about this and think I know the answer but I'm not sure.
This is my first time trying to set this up.

Summary of system:
So running a GoDaddy VPS on CentOS 7.9 (3.10.0-1160.6.1.el7.x86_64) / EasyApache 4 / v90.0.17
uname -r = 3.10.0-1160.6.1.el7.x86_64

Progress
I ran curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash
And now Security Advisor is reporting in the green for: "KernelCare is installed and current running kernel version is up to date: 3.10.0-1160.6.1.el7.x86_64"

However it's still asking me to "Add KernelCare's Free Symlink Protection" which has a link to add it which does absolutely nothing except bring me back to security advisor.

"wget -qq -O - https://kernelcare.com/checker | python" -> Reports COMPATIBLE
"kcarectl --set-patch-type free --update" - > Reports " 'free' patch type is unavailable for your kernel "

Questions
1) My assumption is this just another case of having to wait for an update from them?
I do see the version "3.10.0-1160.6.1.el7" listed on patches.kernelcare.com but only as Oracle and RHEL
For CentOS I see it stop at kernel-3.10.0-1160.2.2.el7


2) To finally turn it on I believe I have to go through this process right? or will that link in WHM actually do something after "the free version is available for my kernel"?
Code:
Create the file /etc/sysconfig/kcare/sysctl.conf:
fs.enforce_symlinksifowner = 1
fs.symlinkown_gid = 48

Execute:
sysctl -w fs.enforce_symlinksifowner=1
sysctl -w fs.symlinkown_gid=99
(BTW it says apache is usually running under the GID 99 on Cpanel servers. How do you confirm that?)

3) Based on the kcarectl message I'm guessing it's not going to work anyway right? So I haven't proceeded with "2"



I tried to simplify the post as best I could while providing all the info I could sorry if I rambled haha :)

Thanks everyone,

Kenny
 
Last edited:

vacancy

Well-Known Member
Sep 20, 2012
409
127
93
Turkey
cPanel Access Level
Root Administrator
Hi

Patches are applied to each kernel specifically. When the new kernel is released, cloudlinux patches it, runs tests and releases the patch for the new kernel. This can usually take up to 1 week.

You will encounter the error you mentioned in kernels that have not been patched yet.

You can find the list of patched kernels at KernelCare Patches.

In addition, you can downgrade the kernel and apply the patch by returning to the patched kernels. But before you downgrade, check whether the kernel is compatible with the operating system version. For Centos 7.9 you can use 3.10.0-1160.xx kernels, for 7.8 you should use 3.10.0-1127.xx kernels.