The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

out of date kernel warning

Discussion in 'General Discussion' started by dantium, Jul 13, 2016.

  1. dantium

    dantium Member

    Joined:
    Nov 28, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    51
    Am getting the following warning in cpanel:

    This is running on a linode VPS, output from the command line:

    So the thing is it seems to be trying to update to a lower kernel version? What is the best way to proceed with this, I am worried to do a 'yum update' as it suggests.

    Thanks in Advance!
     
  2. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    542
    Likes Received:
    39
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You can update the kernel version using the yum update command and reboot the server.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,958
    Likes Received:
    1,274
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's possible some recent changes to how the kernel version is checked with Security Advisor will address this issue. Could you let us know the version of cPanel installed on the system? You can check this with a command such as:

    Code:
    cat /usr/local/cpanel/version
    Note that instructions on how to use the latest version of SecurityAdvisor for development or testing purposes are located at:

    GitHub - SecurityAdvisor - ReadMe

    Thank you.
     
  4. dantium

    dantium Member

    Joined:
    Nov 28, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    51
    Hi, The cpanel version is:

    So could this just be a bug in the SecurityAdvisor?
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,958
    Likes Received:
    1,274
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Do you mind following the instructions from the "Installation" section on the https://github.com/CpanelInc/addon_securityadvisor/blob/master/README.md page so we can see if the issue persists? The changes are overwritten automatically when cPanel updates so there's no concern of a permanent change.

    Thank you.
     
  6. dantium

    dantium Member

    Joined:
    Nov 28, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    51
    I installed from github as per instructions, when I went back into WHM it's still shows the Kernel warning, do I actually need to restart anything?
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,958
    Likes Received:
    1,274
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Would you mind opening a support ticket using the link in my signature so we can take a closer look and reproduce the issue on your Linode environment? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  8. dantium

    dantium Member

    Joined:
    Nov 28, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    51
    This issue is reoccurring, I have opened a support ticket as suggested: 7757863

    Thanks
     
    #8 dantium, Oct 6, 2016
    Last edited by a moderator: Oct 10, 2016
  9. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    462
    Likes Received:
    52
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    I'm interested in the outcome. Any update? I'm also renting a VPS from Linode and in WHM, it always shows
    You must reboot the server to update the kernel.

    I run CentOS 7 and am running a Linode kernel of version 4.9.15-x86_64-linode81. I don't believe they patch the kernel or anything. I've rebooted multiple times and always get the message. yum info kernel.x86_64 shows that there's three yum provided kernels installed, version 3.10.0, release 514.el7, version 3.10.0, release 514.16.1.el7, and version 3.10.0, release 514.21.1.el7.

    I'm running cPanel version 11.64.0.24. In cPanel, under Server Information, it correctly shows 4.9.15-x86_64-linode81 for the kernel version...

    It's a bit annoying and I wish I could find away to fix this. Linode does some weird stuff that I don't understand to boot the 4.9.15 kernel. For example, it's not physically located on the hard drive, at least not in the /boot directory (where the other three yum provided kernels are located). I'm not sure if this is the same issue the original poster was having or not, but it seems very similar.

    Thanks.
     
  10. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    462
    Likes Received:
    52
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    I think I fixed it. I noticed under Security Advisor that I was getting a message, as well, that was saying the booted kernel isn't the kernel version that's running, which is incorrect. But after looking through some cPanel perl modules, I understand how cPanel detects which kernel was booted. It looks at /boot/grub2/grub.cfg (or /boot/grub/grub.cfg) and /boot/grub2/grubenv.

    I created /etc/grub.d/08_linode and changed it to executable. This is what the contents looks like:
    Code:
    #!/bin/sh -e
    cat << EOF
    menuentry 'CentOS 4.9.15-x86_64-linode81' {
    set root=(hd0)
    linux /boot/vmlinuz-4.9.15-x86_64-linode81 root=/dev/sda console=ttyS0,19200n8
    initrd /boot/initramfs-4.9.15-x86_64-linode81.img
    }
    EOF
    
    The kernel and initrd files don't have to physically exist. Then I edited /boot/grub2/grubenv to show:
    Code:
    saved_entry=CentOS 4.9.15-x86_64-linode81
    
    Then I just rebuilt the grub.cfg file (even though I don't use grub).
    Code:
    grub2-mkconfig -o /boot/grub2/grub.cfg
    
    Now Security Advisor doesn't give me the message and I don't see any messages about me needing to reboot the kernel. I also say some grub2.cfg.rpmnew file that I removed. Maybe that was causing the You need to reboot your server message.

    Maybe a better way for cPanel to try and detect what kernel was booted (and which one is running) would be to check /proc/config.gz if it exists? I dunno if someone was to change to a different kernel version after booting up without restarting the system if the /proc/config.gz would get overwritten with the new kernel version's /proc/config.gz (if the kernel is exporting it, I mean).
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,958
    Likes Received:
    1,274
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The following case in cPanel version 66 should address this issue:

    Fixed case CPANEL-11651: Use grubby for determining default boot kernel.

    Thank you.
     
    Spork Schivago likes this.
  12. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    462
    Likes Received:
    52
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    Thanks! I was looking at grubby and I don't see how you can use it to figure out what kernel was booted, but maybe there's away. With Linode, and using the updated kernel they provide (rather than the one that comes with CentOS 7), the following commands return nothing:

    Code:
    grubby --default-title
    grubby --default-kernel
    
    Just thought I'd share. I'll wait for version 66 to become in the Release tier.
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,958
    Likes Received:
    1,274
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  14. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    462
    Likes Received:
    52
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    Yes, I can even boot into a custom kernel. I am aware of this, I didn't want to use the kernel provided with CentOS because I prefer a bit newer of a kernel. I was planning on running a custom kernel with the GRSecurity patches so I'd have symlink protection at the kernel level, but it seems now GRSecurity costs money. I've contacted them to see how much it'd cost me, but they haven't replied yet.

    I know another option is to upgrade to CloudLinux, but that's another monthly expense. I was hoping with something like GRSecurity, it'd be a one time fee (which I doubt, but eh, maybe I'll get lucky). I wonder if there's any other patches for the kernel that don't cost money to get the symlink protection. I guess that'd be for another thread though.

    Thanks!
     
Loading...

Share This Page