To enable the symlink protection, perform the following steps:
First, install KernelCare client:
yum -y install pyOpenSSL <code>curl -s <a href="https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh">https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh</a> | bash</code>
Enable free patch type, this patch type doesn't require a license
<code>kcarectl --set-patch-type free</code>
The ‘free’ patch will be applied on the next update.
. . .
During the installation, you should see something similar to:
<code> OS: CentOS6
kernel: kernel-2.6.32-696.el6
time: 2017-06-22 16:13:40
uname: 2.6.32-642.15.1.el6
kpatch-name: 2.6.32/symlink-protection.patch
kpatch-description: symlink protection // If you see this patch, it mean that you can enable symlink protection.
kpatch-kernel: kernel-2.6.32-279.2.1.el6
kpatch-cve: N/A
kpatch-cvss: N/A
kpatch-cve-url: N/A
kpatch-patch-url: <a href="https://gerrit.cloudlinux.com/#/c/16508/<br">https://gerrit.cloudlinux.com/#/c/16508/<br</a>>
kpatch-name: 2.6.32/symlink-protection.kpatch-1.patch
kpatch-description: symlink protection (kpatch adaptation)
kpatch-kernel: kernel-2.6.32-279.2.1.el6
kpatch-cve: N/A
kpatch-cvss: N/A
kpatch-cve-url: N/A
kpatch-patch-url: <a href="https://gerrit.cloudlinux.com/#/c/16508/</code">https://gerrit.cloudlinux.com/#/c/16508/</code</a>>
Edit the file /etc/sysconfig/kcare/sysctl.conf add the lines:
fs.enforce_symlinksifowner = 1
Execute:
sysctl -w fs.enforce_symlinksifowner=1
taken from: https://www.cloudlinux.com/kernelcare-blog/entry/symlink-protection-patchset-centos-6-7-kernelcare
|
![]() |