Live Help

Email

Client portal

Symlink protection on kernel

 October 9, 2017     0 Comments

To enable the symlink protection, perform the following steps:

First, install KernelCare client:

yum -y install pyOpenSSL
<code>curl -s <a href="https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh">https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh</a> | bash</code>

Enable free patch type, this patch type doesn't require a license

<code>kcarectl --set-patch-type free</code>

The ‘free’ patch will be applied on the next update.

. . .

During the installation, you should see something similar to:

<code>
OS: CentOS6
kernel: kernel-2.6.32-696.el6
time: 2017-06-22 16:13:40
uname: 2.6.32-642.15.1.el6

kpatch-name: 2.6.32/symlink-protection.patch
kpatch-description: symlink protection // If you see this patch, it mean that you can enable symlink protection.
kpatch-kernel: kernel-2.6.32-279.2.1.el6
kpatch-cve: N/A
kpatch-cvss: N/A
kpatch-cve-url: N/A
kpatch-patch-url: <a href="https://gerrit.cloudlinux.com/#/c/16508/<br">https://gerrit.cloudlinux.com/#/c/16508/<br</a>>
kpatch-name: 2.6.32/symlink-protection.kpatch-1.patch
kpatch-description: symlink protection (kpatch adaptation)
kpatch-kernel: kernel-2.6.32-279.2.1.el6
kpatch-cve: N/A
kpatch-cvss: N/A
kpatch-cve-url: N/A
kpatch-patch-url: <a href="https://gerrit.cloudlinux.com/#/c/16508/</code">https://gerrit.cloudlinux.com/#/c/16508/</code</a>>


Edit the file /etc/sysconfig/kcare/sysctl.conf add the lines:

fs.enforce_symlinksifowner = 1


Execute:

sysctl -w fs.enforce_symlinksifowner=1


taken from: https://www.cloudlinux.com/kernelcare-blog/entry/symlink-protection-patchset-centos-6-7-kernelcare

How helpful was this article to you?

cPanel Partner NOC