Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Kernel does not support the prevention of symlink ownership attacks.

Discussion in 'Security' started by fwosty, Sep 8, 2017.

  1. fwosty

    fwosty Registered

    Joined:
    Sep 8, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    KSA
    cPanel Access Level:
    Root Administrator
    Hello everyone,

    Note: I'm a beginner level user (forgive me in advance!)

    Security adviser keeps reporting this error.

    I followed the below documentation to the letter, and I've read historical posts of other cPanel users running into this issue. Nothing seems to work for me:

    How to Harden Your cPanel System's Kernel - cPanel Knowledge Base - cPanel Documentation

    Relevant info:

    Running: yum update


    # yum update
    Loaded plugins: fastestmirror, universal-hooks
    Setting up Update Process
    Loading mirror speeds from cached hostfile
    * EA4: 104.219.172.10
    * cpanel-addons-production-feed: 104.219.172.10
    * base: centos-distro.cavecreek.net
    * extras: mirror.lax.hugeserver.com
    * updates: linux.mirrors.es.net
    No Packages marked for Update

    Running: yum update kernel

    #yum -y update kernel
    Loaded plugins: fastestmirror, universal-hooks
    Setting up Update Process
    Loading mirror speeds from cached hostfile
    * EA4: 104.219.172.10
    * cpanel-addons-production-feed: 104.219.172.10
    * base: centos-distro.cavecreek.net
    * extras: mirror.lax.hugeserver.com
    * updates: linux.mirrors.es.net
    Package(s) kernel available, but not installed.
    No Packages marked for Update

    Running: unname -r

    # uname -r
    2.6.32-042stab111.11

    Running: rpm -qa|grep kernel

    # rpm -qa|grep kernel
    kernel-headers-2.6.32-696.299.3.2.cp6.x86_64
     
  2. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    167
    Likes Received:
    36
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    When you did Step 1 of How to Harden Your cPanel System's Kernel and added the cPanel repository, did you get a success message that the cPkernel.repo was saved?

    If so, the line:
    may be the key.

    If your server otherwise meets the criteria to run a custom kernel; i.e., you're not on a containerized VPS, your host may be preventing you from installing a custom kernel. I'd start by contacting them to ask if custom kernels are blocked.
     
  3. fwosty

    fwosty Registered

    Joined:
    Sep 8, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    KSA
    cPanel Access Level:
    Root Administrator
    Thank you for your reply. Apologies, I just figured out I'm on a containerized system. (CENTOS 6.9 virtuozzo - version 66.0.18). Per the documentation "How to Harden Your cPanel System's Kernel", it seems I won't be able to install the update? Is there a way to get rid of the pesky error message from security adviser?

    To answer your question, I got the success message cPkernel.repo was saved.

    Thanks again for your time.
     
  4. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    167
    Likes Received:
    36
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Even if you were on a non-containerized VPS like KVM, your host might not let you run a custom kernel. I ran into that myself. It's frustrating.

    I'm not sure how to get rid of the kernel-related message, I don't think it goes away even if you implement some other kind of symlink-race condition protection. I eventually learned to ignore it after I had another symlink-race condition solution in place.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,127
    Likes Received:
    1,366
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page