The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Latest Kernel not Hardened?

Discussion in 'Security' started by mikefromnz, Feb 25, 2017.

Tags:
  1. mikefromnz

    mikefromnz Active Member

    Joined:
    Feb 9, 2017
    Messages:
    28
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
    Bit confused as to this, I got an email from the Security Advisor telling me the following

    So I ran YUM UPDATE via SSH, and now running the latest Kernel. Although now when I check Security Advisor, I get the following...

    I already had completed this step awhile ago by installing the cPanel hardened kernel, figuring it must have overwritten this and need update, I tried to perform the steps in the Documentation once more from the below link

    How to Harden Your cPanel System's Kernel - cPanel Knowledge Base - cPanel Documentation

    There appears to be no current hardened kernel, I get the following message

     
  2. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    69
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    Hello,
    Cpanel does not have corresponding kernel version Patch.You are having the latest kernel but its not hardened like cpanel provided kernel.
     
  3. mikefromnz

    mikefromnz Active Member

    Joined:
    Feb 9, 2017
    Messages:
    28
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
    Do you have any idea when the cPanel kernel will be made available, or how I can uninstall this kernel and get the cPanel one running again?
     
  4. Locali

    Locali Registered

    Joined:
    Feb 27, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Las Vegas NV
    cPanel Access Level:
    Root Administrator
    Hello:

    When will this page be updated? [Last modified 2017-02-23 11:34]

    Index of /cpanelsync/repos/CentOS/6/cPkernel/x86_64/Packages

    "cPanel Security Advisor recommends you harden your cPanel system's kernel to implement symlink race condition protection "

    Thank you!


    *********************************************************************

    New Security Advisor notifications with High importance

    Type Module Advice
    High Kernel Current kernel version does not match the kernel version for boot. running kernel: 2.6.32-642.15.1.el6.x86_64, boot kernel: 2.6.32-642.13.1.199.cpanel6.x86_64 Reboot the system in the area. Check the boot configuration in grub.conf if the new kernel is not loaded after a reboot.
     
    #4 Locali, Feb 27, 2017
    Last edited by a moderator: Feb 27, 2017
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,173
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    YUM will automatically detect and install newer kernel versions if you have Operating System Package Updates enabled in "WHM >> Update Preferences". Since the latest cPanel-hardened kernel isn't always released at the same time as the OS-provided kernel, it's possible that YUM will sometimes automatically install the OS-provided kernel. However, your system won't actually boot into the newer kernel unless you manually reboot the system.

    Internal case CPANEL-11581 is open to determine if this behavior is by-design, or if a change to ensure this does not happen is necessary. I'll update this thread with more information on the status of this case as it becomes available.

    In the meantime, you can run the "yum update" command once the latest cPanel-hardened kernel is published to ensure it's installed. I don't have a time frame to offer on the publication of the next cPanel-hardened kernel at this time, but you can monitor the date on the available packages at the following URL to see when it's published:

    Index of /cpanelsync/repos/CentOS/6/cPkernel/x86_64/Packages

    Thank you.
     
    linux4me2 likes this.
  6. mikefromnz

    mikefromnz Active Member

    Joined:
    Feb 9, 2017
    Messages:
    28
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
    Thank you, do you know how I can downgrade back to the cPanel kernel?
     
  7. mikefromnz

    mikefromnz Active Member

    Joined:
    Feb 9, 2017
    Messages:
    28
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
    Ah my friends at cPanel, I love you so. I post asking how to downgrade, and I get notified there is a new hardened Kernel, hehe THANK YOU !
     
    cPanelMichael and Infopro like this.
Loading...

Share This Page