I have installed KernelCare + Extras, but I am still being told by Security Advisor that Symlink protection is not enabled.
However, I still receive this notice:
Thank you for your help!
Anthony
# sysctl -p
fs.enforce_symlinksifowner = 1
fs.symlinkown_gid = 99
# kcarectl --patch-info
OS: centos7
kernel: kernel-3.10.0-693.17.1.el7
time: 2018-01-27 11:54:28
kpatch-name: 3.10.0/CVE-2017-14140-0001-Sanitize-move_pages-permission-checks.patch
kpatch-description: Sanitize 'move_pages()' permission checks
kpatch-kernel: >3.10.0-693.5.2.el7
kpatch-cve: CVE-2017-14140
kpatch-cvss: 3.3
kpatch-cve-url: CVE-2017-14140 - Red Hat Customer Portal
kpatch-patch-url: kernel/git/torvalds/linux.git - Linux kernel source tree
kpatch-name: 3.10.0/dccp-fix-use-after-free.patch
kpatch-description: dccp: fix use-after-free (CVE-2017-8824)
kpatch-kernel: kernel-3.10.0-714.10.2.lve1.4.77.el7
kpatch-cve: CVE-2017-8824
kpatch-cvss: 7.8
kpatch-cve-url: CVE-2017-8824 - Red Hat Customer Portal
kpatch-patch-url: kernel/git/davem/net.git - David Miller's networking tree
kpatch-name: 3.10.0/proc-restrict-pagemap-access.patch
kpatch-description: Restrict access to pagemap/kpageflags/kpagecount
kpatch-kernel:
kpatch-cve:
kpatch-cvss:
kpatch-cve-url: Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges
kpatch-patch-url:
kpatch-name: 3.10.0/symlink-protection-ge-693.patch
kpatch-description: symlink protection
kpatch-kernel: kernel-3.10.0-514.el7
kpatch-cve: N/A
kpatch-cvss: N/A
kpatch-cve-url: N/A
kpatch-patch-url: Gerrit Code Review
kpatch-name: 3.10.0/symlink-protection-ge-693.kpatch-1.patch
kpatch-description: symlink protection (kpatch adaptation)
kpatch-kernel: kernel-3.10.0-514.el7
kpatch-cve: N/A
kpatch-cvss: N/A
kpatch-cve-url: N/A
kpatch-patch-url: Gerrit Code Review
uname: 3.10.0-693.17.1.el7
However, I still receive this notice:
No symlink protection detected
You do not appear to have any symlink protection enabled on this server. You can protect against this in multiple ways. Please review the following documentation to find a solution that is suited to your needs.
Thank you for your help!
Anthony