SOLVED Kernel does not support the prevention of symlink ownership attacks

Lillike

Well-Known Member
May 29, 2018
46
2
8
Hungary
cPanel Access Level
Root Administrator
The following message can be seen in Sec. Ad.:
Kernel does not support the prevention of symlink ownership attacks.

I try to retrieve the repository from cPanel:

[email protected] [~]# cd /etc/yum/repos.d/
-bash: cd: /etc/yum/repos.d/: No such file or directory
[email protected] [~]# wget https://securedownloads.cpanel.net/cPkernel.repo
--2018-06-20 07:02:20-- https://securedownloads.cpanel.net/cPkernel.repo
Resolving securedownloads.cpanel.net... 208.74.123.12, 208.74.121.38
Connecting to securedownloads.cpanel.net|208.74.123.12|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2018-06-20 07:02:20 ERROR 404: Not Found.

How can i solve this problem.
Please, advice.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,080
657
263
Houston
cPanel Access Level
DataCenter Provider
Hi @Lillike

The directory you're referencing doesn't exist:
Code:
[email protected] [~]# cd /etc/yum/repos.d/
-bash: cd: /etc/yum/repos.d/: No such file or directory
I think you mean to cd to:
Code:
/etc/yum.repos.d/
Also, the cPKernel was deprecated in v68 of cPanel and is not available in v70.
  • We deprecated the cPanel-provided hardened kernel update in cPanel & WHM version 68. We strongly recommend that you remove the hardened kernel and consider KernelCare's symlink protection options. For more information about KernelCare, read the KernelCare documentation.
From: How to Harden Your cPanel System's Kernel - cPanel Knowledge Base - cPanel Documentation
 

Lillike

Well-Known Member
May 29, 2018
46
2
8
Hungary
cPanel Access Level
Root Administrator

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,080
657
263
Houston
cPanel Access Level
DataCenter Provider
If I install v70 of cPanel on the server, there are changes that would result in many server services and websites being reinstalled (is it true?).
can you clarify what you mean by this? I don't understand, the sites and services wouldn't be removed on any server updating.
 

Lillike

Well-Known Member
May 29, 2018
46
2
8
Hungary
cPanel Access Level
Root Administrator
Hi, Lauren,

can you clarify what you mean by this? I don't understand, the sites and services wouldn't be removed on any server updating.

I tried to find the above content, but unfortunately I did not succeed. Once again: v70 of cPanel is secure and therefore there will be no problems (I understand that i may have other problems). After updating, what steps I need to take against the symlink attack. Please, advice.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,080
657
263
Houston
cPanel Access Level
DataCenter Provider
Hi @ronaldst

It may be that you don't have the patcheset installed though you do have kernelcare. You can find out by running the following:
Code:
kcarectl --patch-info
It's also possible that while kernelcare supports your kernel the free patchset does not. Can you show me what kernel you're running:

Code:
uname -r
 

ronaldst

Well-Known Member
Feb 22, 2016
85
16
8
Norway
cPanel Access Level
Root Administrator
--patch-info
Code:
OS: centos7
kernel: kernel-3.10.0-862.9.1.el7
time: 2018-07-18 11:21:55



kpatch-name: 3.10.0/proc-restrict-pagemap-access.patch
kpatch-description: Restrict access to pagemap/kpageflags/kpagecount
kpatch-kernel:
kpatch-cve:
kpatch-cvss:
kpatch-cve-url: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
kpatch-patch-url:

uname: 3.10.0-862.9.1.el7
Kernel
Code:
3.10.0-862.9.1.el7.x86_64
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,080
657
263
Houston
cPanel Access Level
DataCenter Provider
  • Like
Reactions: ronaldst