New Security Advisor notifications with High importance

[flashweb]

I get following email

Current kernel version does not match the kernel version for boot. running kernel: 3.10.0-427.36.1.lve1.4.43.el7.x86_64, boot kernel: 3.10.0-427.36.1.lve1.4.39.el7.x86_64 Reboot the system in the "Graceful Server Reboot" area. Check the boot configuration in grub.conf if the new kernel is not loaded after a reboot.

The mail says i am running latest kernel

3.10.0-427.36.1.lve1.4.43.el7.x86_64

But my boot kernel is

3.10.0-427.36.1.lve1.4.39.el7.x86_64

Look like there is some bug in this email as i am using latest kernel, still sent me this mail asking me to reboot.

 

[SysSachin]

Hello,

Please try to update kernel using below command and after that you have to verify the kernel installed on your system.

 yum update

check kernel version.

 uname -r

 

[flashweb]

I am not sure why this happen, maybe some of the cpanel cache problem. I did updated and rebooted, verified it is latest kernel.

Even the the security warning email said i am running latest kernel

#  yum update 
Loaded plugins: fastestmirror, rhnplugin
This system is receiving updates from CLN.
Loading mirror speeds from cached hostfile
 * cloudlinux-x86_64-server-7: xmlrpc.cln.cloudlinux.com
No packages marked for update
#  uname -r 
3.10.0-427.36.1.lve1.4.43.el7.x86_64
# cat /etc/*release
CloudLinux release 7.3 (Yury Malyshev) 
DISTRIB_ID=CentOS
DISTRIB_RELEASE=7
DISTRIB_CODENAME=
DISTRIB_DESCRIPTION=
NAME="CloudLinux"
VERSION="7.3 (Yury Malyshev)"
ID="cloudlinux"
ID_LIKE="rhel fedora centos"
VERSION_ID="7.3"
PRETTY_NAME="CloudLinux 7.3 (Yury Malyshev)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:cloudlinux:cloudlinux:7.3:GA:server"
HOME_URL="https://www.cloudlinux.com/"
BUG_REPORT_URL="https://helpdesk.cloudlinux.com/"

CloudLinux release 7.3 (Yury Malyshev) 
CloudLinux release 7.3 (Yury Malyshev) 
#

 

[cPanelMichael]

Hello,

Could you let us know which version of cPanel is installed on the system, and if a grub2-efi.cfg file exists on the system? EX:

cat /usr/local/cpanel/version
find /|grep grub2-efi.cfg

Thank you.

 

[flashweb]

Here is the result

root@server20 [~]# cat /usr/local/cpanel/version
11.62.0.17
root@server20 [~]# find /|grep grub2-efi.cfg
find: ‘/usr/share/cagefs-skeleton/proc/sys/fs/binfmt_misc’: Too many levels of symbolic links
/etc/grub2-efi.cfg
root@server20 [~]# ls -l /etc | grep grub2
lrwxrwxrwx    1 root  root      22 Nov 21 16:39 grub2.cfg -> ../boot/grub2/grub.cfg
lrwxrwxrwx    1 root  root      31 Nov 21 16:39 grub2-efi.cfg -> ../boot/efi/EFI/centos/grub.cfg
root@server20 [~]# cat /etc/grub2-efi.cfg
cat: /etc/grub2-efi.cfg: No such file or directory
root@server20 [~]#

This is not just one server. I see this problem with multiple server. I just got similar message from another server, screen screenshot.

i.imgur.com/nMkWg0m.jpg

It says server running newer kernal.

running kernel: 3.10.0-427.36.1.lve1.4.43.el7.x86_64
boot kernel: 3.10.0-427.36.1.lve1.4.39.el7.x86_64

 

[cPanelMichael]

lrwxrwxrwx 1 root root 31 Nov 21 16:39 grub2-efi.cfg -> ../boot/efi/EFI/centos/grub.cfg

Hello,

This shows you are using an EFI system and thus the warning message you are receiving is a false positive. Internal case CPANEL-11651 will address an issue where Security Advisor is unable to properly detect the boot kernel on an EFI-based system. The resolution is scheduled for inclusion with cPanel version 66.

Thank you.