SOLVED Security Advisor "No symlink protection detected" Message When KernelCare + Extras Is Installed

zeeb0t · Jan 27, 2018

I have installed KernelCare + Extras, but I am still being told by Security Advisor that Symlink protection is not enabled.

# sysctl -p
fs.enforce_symlinksifowner = 1
fs.symlinkown_gid = 99
Click to expand...

# kcarectl --patch-info
OS: centos7
kernel: kernel-3.10.0-693.17.1.el7
time: 2018-01-27 11:54:28

kpatch-name: 3.10.0/CVE-2017-14140-0001-Sanitize-move_pages-permission-checks.patch
kpatch-description: Sanitize 'move_pages()' permission checks
kpatch-kernel: >3.10.0-693.5.2.el7
kpatch-cve: CVE-2017-14140
kpatch-cvss: 3.3
kpatch-cve-url: CVE-2017-14140 - Red Hat Customer Portal
kpatch-patch-url: kernel/git/torvalds/linux.git - Linux kernel source tree

kpatch-name: 3.10.0/dccp-fix-use-after-free.patch
kpatch-description: dccp: fix use-after-free (CVE-2017-8824)
kpatch-kernel: kernel-3.10.0-714.10.2.lve1.4.77.el7
kpatch-cve: CVE-2017-8824
kpatch-cvss: 7.8
kpatch-cve-url: CVE-2017-8824 - Red Hat Customer Portal
kpatch-patch-url: kernel/git/davem/net.git - David Miller's networking tree

kpatch-name: 3.10.0/proc-restrict-pagemap-access.patch
kpatch-description: Restrict access to pagemap/kpageflags/kpagecount
kpatch-kernel:
kpatch-cve:
kpatch-cvss:
kpatch-cve-url: Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges
kpatch-patch-url:

kpatch-name: 3.10.0/symlink-protection-ge-693.patch
kpatch-description: symlink protection
kpatch-kernel: kernel-3.10.0-514.el7
kpatch-cve: N/A
kpatch-cvss: N/A
kpatch-cve-url: N/A
kpatch-patch-url: Gerrit Code Review

kpatch-name: 3.10.0/symlink-protection-ge-693.kpatch-1.patch
kpatch-description: symlink protection (kpatch adaptation)
kpatch-kernel: kernel-3.10.0-514.el7
kpatch-cve: N/A
kpatch-cvss: N/A
kpatch-cve-url: N/A
kpatch-patch-url: Gerrit Code Review

uname: 3.10.0-693.17.1.el7
Click to expand...

However, I still receive this notice:

No symlink protection detected
You do not appear to have any symlink protection enabled on this server. You can protect against this in multiple ways. Please review the following documentation to find a solution that is suited to your needs.
Click to expand...

Thank you for your help!

Anthony

zeeb0t · Jan 27, 2018

Update. I got a reply from cPanel support:

While the kernel care symbolic link protection patch is encouraged, Security Advisor does not yet have the capability to detect that it is in play. Per < 70 Change Log - Change Logs - cPanel Documentation >, for 69.9999.122:

Implemented case CPANEL-17016: Add support for detecting and installing KernelCare's free patch set.

The ability to detect the patch is available in the non-production-recommended version of cPanel.
Click to expand...

cPanelMichael · Jan 30, 2018

Hello,

I'm glad to see our Technical Support team was able to answer your inquiry. Thank you for sharing the outcome.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Security Advisor "No symlink protection detected" Message When KernelCare + Extras Is Installed

zeeb0t Registered

zeeb0t Registered

cPanelMichael Forums Analyst
Staff Member

Kernel symlink protection warning in security advisor

Security Advisor: Symlink Ownership Attack Message with ModRUID2 and Jailed Apache

Security Advisor - Kernel Symlink Protection

New security advisor for symlink ownership attacks

cPanel Security Advisor

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Security Advisor "No symlink protection detected" Message When KernelCare + Extras Is Installed

zeeb0t Registered

zeeb0t Registered

cPanelMichael Forums Analyst Staff Member

Kernel symlink protection warning in security advisor

Security Advisor: Symlink Ownership Attack Message with ModRUID2 and Jailed Apache

Security Advisor - Kernel Symlink Protection

New security advisor for symlink ownership attacks

cPanel Security Advisor

Share This Page

cPanelMichael Forums Analyst
Staff Member