Install KernelCare extra patchset with a KernelCare License

To enable the symlink protection, perform the following steps:

kcarectl --set-patch-type extra --update

To enable extra patches without update, run

kcarectl --set-patch-type extra

The ‘extra’ patch will be applied on the next automatic update.

. . .

During the installation, you should see something similar to:

OS: CentOS6
kernel: kernel-2.6.32-696.el6
time: 2017-06-22 16:13:40uname: 2.6.32-642.15.1.el6
kpatch-name: 2.6.32/symlink-protection.patch
kpatch-description: symlink protection // If you see this patch, it mean that you can enable symlink protection.
kpatch-kernel: kernel-2.6.32-279.2.1.el6
kpatch-cve: N/A
kpatch-cvss: N/A
kpatch-cve-url: N/A
kpatch-patch-url: https://gerrit.cloudlinux.com/#/c/16508/
kpatch-name: 2.6.32/symlink-protection.kpatch-1.patch
kpatch-description: symlink protection (kpatch adaptation)
kpatch-kernel: kernel-2.6.32-279.2.1.el6kpatch-cve: N/A
kpatch-cvss: N/Akpatch-cve-url: N/A
kpatch-patch-url: https://gerrit.cloudlinux.com/#/c/16508/


Edit the file /etc/sysconfig/kcare/sysctl.conf add the lines:

fs.enforce_symlinksifowner = 1
fs.symlinkown_gid = 99


Execute:

sysctl -w fs.enforce_symlinksifowner=1
sysctl -w fs.symlinkown_gid=99

Make sure to set the correct gid=?  To your particular apache set up

Note: On standard RPM Apache installation, Apache is usually running under GID 48. On cPanel servers, Apache is running under user nobody, GID 99.
Note2: On Directadmin Servers Apache is usually running under GID 499-1003

To find your GID

grep nobody /etc/group
or grep apache /etc/group

Depending on how apache was installed

  • 2 Los Usuarios han Encontrado Esto Útil
¿Fue útil la respuesta?

Artículos Relacionados

New DNS

I Had you set up my nameservers in my new webserver. When I went to my...

I keep getting brute force attack warnings in my email

We have installed a brute force detector & firewall on your server this is a FREE added layer...

Reverse DNS (rDNS) (PTR)

How to Setup Reverse DNS Reverse DNS (rDNS) for your IP address can only be setup by...

TOS/AUP

For our Terns of service  and acceptable use  please see...

Reboots & Hardware Failure

1. Log a Priority ticket & include main Ip Address and check "reboot my server" 2. You may...