Security advisor strange results

rscalover

Well-Known Member
Dec 16, 2010
63
4
58
cPanel Access Level
Root Administrator
Hello,

The cPanel/Whm "security advisor" feature tells me :

Important
add kernelcare's free symlink protection
Information
Use kernelcare to automate kernel security updates without reboots

I have imunify360 so the last message is strange as kernelcare is included and i did have that symlink patch installed so what is this mess ? according to kercelcare docs Extra Patchset i can just use


kcarectl --set-patch-type extra --update or
kcarectl --set-patch-type extra (no updates)

is that correct ? just worried i screw up and then have to clean the mess
 

Attachments

Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,871
601
273
cPanel Access Level
Root Administrator
Cool - the same as my personal machine :D

I ask because there were reports in the past of the Security Advisor giving bad information if there was a custom kernel running, but that doesn't seem to be the case here.

If you run this, does it give you version info, indicating it's installed and running?

Code:
kcarectl --version
 

rscalover

Well-Known Member
Dec 16, 2010
63
4
58
cPanel Access Level
Root Administrator
Hello,

I just clicked that link in your signature and logged in while filling in the form at "licenced ip" a message was displayed stating i do have a valid cPanel licence but if i submit a ticket to cPanel directly it might cause delays in solving the issue.

Kernelcare is known as not being the fasted in releasing updates (and that is not criticism to them) so i think that patch is not available yet for the kernel i am running.


*edit*

or maybe kernelcare is confused the Symlink Race Condition Protection | cPanel & WHM Documentation says i had the free patch type installed but last week i purchased imunify which includes the full kernelcare service but this command

cat /etc/sysconfig/kcare/kcare.conf does have a "PREV_PATCH_TYPE = free" should i remove that ?.
 
Last edited:

rscalover

Well-Known Member
Dec 16, 2010
63
4
58
cPanel Access Level
Root Administrator
Hello,

The issue is solved the symlink patch for my kernel was not yet available yesterday it has been added by kernelcare i just did

kcarectl --set-patch-type extra --update
'extra' patch type selected
Downloading updates
Patch level 1 applied. Effective kernel version 3.10.0-1160.24.1.el7
Kernel is safe

result in whm's security advisor is attached
 

Attachments

rscalover

Well-Known Member
Dec 16, 2010
63
4
58
cPanel Access Level
Root Administrator
Hello,

I spoke to soon security advisor is showing that again "add kernelcare free symlink protection" and "upgrade to kernelcare to automate kernel security updates without reboots" there is definetely something going wrong somewhere

Code:
cd /usr/local/cpanel/logs
tail error_log
Argument "unknown" isn't numeric in numeric eq (==) at /usr/local/cpanel/Cpanel/Security/Advisor/Assessors/Kernel.pm line 140.
Argument "unknown" isn't numeric in numeric eq (==) at /usr/local/cpanel/Cpanel/KernelCare.pm line 50.
 

rscalover

Well-Known Member
Dec 16, 2010
63
4
58
cPanel Access Level
Root Administrator
Hello,

it seems like i found a "workaround" when you type this command

kcarectl --set-patch-type extra --update
i get

'extra' patch type selected
Updates already downloaded
Patch level 1 applied. Effective kernel version 3.10.0-1160.24.1.el7
Kernel is safe
and that message in whm's security advisor is gone but it comes back after x amount of time this is not normal absolutely not you should type that command once and be protected forever.
 

rscalover

Well-Known Member
Dec 16, 2010
63
4
58
cPanel Access Level
Root Administrator
Hello,

it seems like i found a "workaround" when you type this command



i get



and that message in whm's security advisor is gone but it comes back after x amount of time this is not normal absolutely not you should type that command once and be protected forever.
For some reason it looks like it's getting reset or something

Code:
fs.enforce_symlinksifowner = 1
fs.symlinkown_gid = 99
to verify the gid i use

Code:
ps -ef | egrep '(httpd|apache2|apache)' | grep -v `whoami` | grep -v root | head -n1 | awk '{print $1}'
i don't get this ??
 

rscalover

Well-Known Member
Dec 16, 2010
63
4
58
cPanel Access Level
Root Administrator
Hello,

hmmmm could you believe it ? it looks like the issue is gone just when i reported it and asked to look into it i feel like cursing but i won't .I just leave it as it is but in case support wants information i am in Europe (Belgium) 9.32 pm here right now .