kernelcare free patch not found

simplysup

Registered
Oct 6, 2007
3
0
51
I have previously enabled KernelCare's Free Patch Set in WHM Security Advisor.

Following an overnight update to 70.0.53 I have started receiving cron emails entitled:

/usr/bin/kcarectl --autoupdate --gradual-rollout=auto
Subject of the message is:

The patch for 'free' type is not found. Please select existing patch type.
When I now run Security Advisor it advises me to install the free patch set; when I try to do so, it shows an error message stating that kernelcare was installed, but the free patch set could not be found.

Please advise.

Nigel
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
Hi @simplysup

Looks like I'm also getting this notification on my server.
Code:
# kcarectl --patch-info
No patches applied, but some are available, run 'kcarectl --update'.
The notification when attempting to install is:

The free symlink protection patch is being enabled. You will be redirected to SecurityAdvisor when this is complete.KernelCare was installed, but could not enable the free patch set.
I believe this is due to the kernel version you're running. If it's the same as mine, this is occurring because kernelcare (the paid version) has updated support for the kernel but the free patch update won't be available until the end of the week.

Can you check the kernel version? Here's mine:
Code:
[[email protected] lauren]# uname -r
3.10.0-862.6.3.el7.centos.plus.x86_64
 

simplysup

Registered
Oct 6, 2007
3
0
51
Hi Lauren, thanks for responding.

Code:
[[email protected] ~]# uname -r
3.10.0-862.6.3.el7.x86_64

The kernel was updated a week or so ago, but I'm only now seeing this issue after the overnight cPanel update. When the kernel was updated I received the usual, and expected, emails telling me the kernel was unknown, but they went away after a couple of days.

If it's just a case of waiting then that's fine, but I want to ensure that nothing in the latest update could have kyboshed the kernelcare patch.

Cheers,

Nigel
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
HI @simplysup

Once kernelcare updates the patch to support this version of the kernel I do believe this issue will rectify itself, no patch is applied because the patch doesn't support the kernel version we're using. They say that they will have the free patchset updated by the end of the week.

I think oddness of the message is related specifically to the fact that they have updated the paid version of KernelCare but not the patches.

Thanks!
 

simplysup

Registered
Oct 6, 2007
3
0
51
Hi again Lauren,

You were correct in your optimism. As of today the patch is working again.

Code:
[email protected] ~]# kcarectl --patch-info
OS: centos7
kernel: kernel-3.10.0-862.6.3.el7
time: 2018-07-18 11:21:55



kpatch-name: 3.10.0/symlink-protection-ge-862.patch
kpatch-description: symlink protection
kpatch-kernel: kernel-3.10.0-514.el7
kpatch-cve: N/A
kpatch-cvss: N/A
kpatch-cve-url: N/A
kpatch-patch-url: https://gerrit.cloudlinux.com/#/admin/projects/lve-kernel-el7
However now there's another kernel update ready to be installed, so it's back onto the merrygoround :)

Nigel
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
Hi @simplysup

You were correct in your optimism. As of today the patch is working again.
It was a glass half full kind of situation ;) Though I'm glad it's working for you once again.

However now there's another kernel update ready to be installed, so it's back onto the merrygoround :)
I agree with you. In this instance, personally, I would keep an eye on their blog for when they introduce support for the newest kernel then update - you can update the kernel now but you will run into a similar situation, unfortunately.