This This document describes how to install the cPanel hardened kernel update for the Linux® kernel on CentOS 6 servers.
If you enable both of the
FollowSymLinks configuration settings, Apache becomes vulnerable to a race condition through symlinks. This symlink vulnerability allows a malicious user to serve files from anywhere on a server that strict OS-level permissions do not protect. The cPanel Hardened Kernel update provides Symlink Race Condition Protection.
If you need assistance, contact cPanel Technical Support.
- We deprecated the cPanel-provided hardened kernel update in cPanel & WHM version 68. We strongly recommend that you remove the hardened kernel and consider KernelCare's symlink protection options. For more information about KernelCare, read the KernelCare documentation.
- The cPanel-provided kernel update will not work for OpenVZ®,Virtuozzo®, LXC, or other container-based systems.
- This document only applies to systems installed with CentOS 6 64-bit systems.
- cPanel & WHM does not automatically update the operating system kernel. Unattended system kernel updates may cause unplanned reboots or system failures.
- We strongly suggest that only experienced System Administrators perform this process.
- Do not perform these steps if you use KernelCare™, KernelSplice, or similar technologies.