The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Kernel does not support the prevention of symlink ownership attacks

Discussion in 'Security' started by PCZero, Feb 25, 2017.

Tags:
  1. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    552
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    Earth
    I ran security advisor tonight and it indicated a kernel update was available. As I normally do when I get this notification I SSH to my box and su - to become root, then run yum update. After I did that I ran security advisor and got the error in the title (never got that before after a yum update). So I read about the fix and choose the cPanel hardened kernel route.

    cd /etc/yum.repos.d/
    wget https://securedownloads.cpanel.net/cPkernel/cPkernel.repo
    yum -y update kernel

    When I go back to Security advisor the error/warning remains.
    When I run uname -r the output does NOT include cpanel.

    How do I resolve this?

    • CENTOS 6.8 x86_64 standard – morpheus
    • WHM 62.0 (build 15)
     
    #1 PCZero, Feb 25, 2017
    Last edited by a moderator: Feb 26, 2017
  2. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    69
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
  3. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    552
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    Earth
    I AM the admin (how do you think I was able to log in and gain root access) and I rebooted the server.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,094
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Please post the output from the following commands after you have rebooted the system:

    Code:
    uname -r
    rpm -qa|grep kernel
    Thank you.
     
  5. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    552
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    Earth
    Michael I was away on a cruise so sorry for the delay in responding. I reran the security advisor and was notified the kernel was out of date. Went to the box and ran yum update.

    Results:

    ================================================================================= Package Arch Version Repository Size
    =================================================================================
    Installing:
    kernel x86_64 2.6.32-642.15.1.199.cpanel6 cPkernel 32 M
    Removing:
    kernel x86_64 2.6.32-642.13.2.199.cpanel6 @cPkernel 131 M

    Transaction Summary
    =================================================================================
    Install 1 Package(s)
    Remove 1 Package(s)

    Total download size: 32 M
    Downloading Packages:
    kernel-2.6.32-642.15.1.199.cpanel6.x86_64.rpm | 32 MB 00:03 ...
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction
    Installing : kernel-2.6.32-642.15.1.199.cpanel6.x86_64 1/2
    This server is already configured for symlink protection, skipping sysctl changes
    Cleanup : kernel-2.6.32-642.13.2.199.cpanel6.x86_64 2/2
    warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/weak-updates failed: No such file or directory
    warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/modules.order failed: No such file or directory
    warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/modules.networking failed: No such file or directory
    warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/modules.modesetting failed: No such file or directory
    warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/modules.drm failed: No such file or directory
    warning: erase unlink of /lib/modules/2.6.32-642.13.2.199.cpanel6.x86_64/modules.block failed: No such file or directory
    Verifying : kernel-2.6.32-642.15.1.199.cpanel6.x86_64 1/2
    Verifying : kernel-2.6.32-642.13.2.199.cpanel6.x86_64 2/2

    Removed:
    kernel.x86_64 0:2.6.32-642.13.2.199.cpanel6

    Installed:
    kernel.x86_64 0:2.6.32-642.15.1.199.cpanel6

    Complete!


    Then performed a graceful reboot and the commands you suggested...

    uname -r
    2.6.32-642.15.1.199.cpanel6.x86_64

    rpm -qa|grep kernel

    kernel-2.6.32-642.15.1.el6.x86_64
    libreport-plugin-kerneloops-2.0.9-32.el6.centos.x86_64
    abrt-addon-kerneloops-2.0.8-40.el6.centos.x86_64
    dracut-kernel-004-409.el6_8.2.noarch
    kernel-headers-2.6.32-642.15.1.199.cpanel6.x86_64
    kernel-firmware-2.6.32-642.15.1.199.cpanel6.x86_64
    kernel-2.6.32-642.15.1.199.cpanel6.x86_64


    A rerun of the security advisor returns no errors now.


    I am deducing that the yum update that I performed after earlier following the wget described in my initial post got this resolved. As of now I believe that my server is back in shape. Thank you for your time.
     
    cPanelMichael likes this.
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,094
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm happy to see the issue is now addressed after updating to the recently published cPanel-hardened kernel. Thank you for updating us with the outcome.
     
Loading...

Share This Page