In an update to WHM’s Security advisor in version 76, it started checking the kernel version for symlink attacks, which is a vector of attack that various malicious scripts would use to gain access to other files/accounts on the server.
If your server is running Kernel Care then follow the below steps, if it’s not, I would highly recommend you look into getting Kernel Care for your server to apply kernel updates without having to reboot! Or you could purchase Cloud Linux to also apply it’s protection.
To apply the updated patch, you would first have to ssh in to your server as root or at least a user who can run sudo commands as root. Then first you can check to see the symlink protection is not there:
[root@host ~] # kcarectl --patch-info | grep symlink
That should return nothing when you run it. To apply the update, run:
[root@host ~]# kcarectl --set-patch-type extra --update
'extra' patch type selected
Downloading updates
Patch level 2 applied. Effective kernel version 2.6.32-754.6.3.el6
Updates already downloaded
Kernel is safe
Hopefully your results look similar to what is above, if so, try to check for the patch again now:
[root@host ~]# kcarectl --patch-info | grep symlink
kpatch-name: 2.6.32/symlink-protection.patch
kpatch-description: symlink protection
kpatch-name: 2.6.32/symlink-protection.kpatch-1.patch
kpatch-description: symlink protection (kpatch adaptation)
If it returns results similar to those, then it should be all patched! Run the Security Advisor in WHM again (WHM >> Security Center >> Security Advisor) and let it run it’s check and hopefully you should see something like this:
If so, congratulations, you are protected and good to go!
If it doesn’t work, let us know in the comments below.