Are You Using A Patched Kernel

Mar 21, 2008

For everyone out there who have dedicated servers with linux kernel, do you use a kernel patch like GrSecurity for extra security and piece of mind or not and why?

I am using mostly VPS with huge resources for hosting sites because I didn't have the budget for Raid 5, Data Redundancy and managed servers. But now I just leased my first Dedicated running Centos (for better compatibility with CPanel) and I am concerned about the kernel's security issues.

I am using Grsecurity on a labrat (home server) for testing purposes but I dont know if it is the right option for a Production Live server.

View 4 Replies


ADVERTISEMENT

New (Patched) CPanel Vulnerabilitites

May 24, 2007

I keep getting these types of accesses in a few of my servers.

42-1 - 0/0/18 . 0.00 512957 0 0.0 0.00 0.15 86.127.9.63 (unavailable) GET /publisher HTTP/1.043-1 - 0/0/13 . 0.00 512955 0 0.0 0.00 0.40 86.127.9.63 (unavailable) HEAD /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.144-1 - 0/0/14 . 0.00 512960 0 0.0 0.00 0.17 86.127.9.63 (unavailable) GET /cgi-bin/phf HTTP/1.045-1 - 0/0/11 . 0.00 512954 0 0.0 0.00 0.17 86.127.9.63 (unavailable) GET /domcfg.nsf/?open HTTP/1.046-1 - 0/0/14 . 0.00 512951 0 0.0 0.00 0.29 86.127.9.63 (unavailable) GET /null.htw HTTP/1.047-1 - 0/0/12 . 0.00 512959 0 0.0 0.00 0.44 86.127.9.63 (unavailable) GET /orders/orders.txt HTTP/1.048-1 - 0/0/8 . 0.00 512960 0 0.0 0.00 0.17 86.127.9.63 (unavailable) GET /mall_log_files/order.log HTTP/1.049-1 - 0/0/5 . 0.00 512957 0 0.0 0.00 0.20 86.127.9.63 (unavailable) GET /whois_raw.cgi HTTP/1.050-1 - 0/0/2 . 0.00 512960 0 0.0 0.00 0.14 86.127.9.63 (unavailable) GET /cgi-bin/whois_raw.cgi HTTP/1.051-1 - 0/0/3 . 0.00 512954 0 0.0 0.00 0.20 86.127.9.63 (unavailable) GET /cgi-bin/ HTTP/1.052-1 - 0/0/3 . 0.00 512955 0 0.0 0.00 0.19 86.127.9.63 (unavailable) GET /cgi-bin/uptime HTTP/1.053-1 - 0/0/2 . 0.00 512955 0 0.0 0.00 0.00 86.127.9.63 (unavailable) GET /ifx/?LO=../../../etc/passwd HTTP/1.054-1 - 0/0/2 . 0.00 512954 0 0.0 0.00 0.01 86.127.9.63 (unavailable) GET /cgi-bin/webbbs.cgi HTTP/1.055-1 - 0/0/2 . 0.00 512949 0 0.0 0.00 0.02 86.127.9.63 (unavailable) GET /root HTTP/1.056-1 - 0/0/2 . 0.00 512949 0 0.0 0.00 0.08 86.127.9.63 (unavailable) GET /quikstore.cfg HTTP/1.057-1 - 0/0/3 . 0.00 512954 0 0.0 0.00 0.01 86.127.9.63 (unavailable) GET /cgi/ HTTP/1.0

The IP had been globally banned and I think cPanel has already come out with a patch for it so this topic is kind of a "by the way" for some admins.

View 2 Replies View Related

Are Patched Domain Name Server (DNS) Behind N.A.T. Still Vunlerable To DNS Cache Poisoning?

Aug 7, 2008

Upon reading http://www.theregister.co.uk/2008/08...sky_black_hat/ it appears those who use network address translation may be vulnerable to DNS cache poisoning even after patching their DNS servers.

"another 15 per cent are still vulnerable to some extent because they use network address translation gear that prevents the patch from working."

Thoughts?

View 2 Replies View Related

[kernel: Kernel BUG At Mm/rmap.c:479] Any Idea What This Is?

Mar 29, 2007

we have one box in hivelocity.net that has been down so many times this month that we were forced to remove links to siteuptime where we were once so proud of having a 99.7% uptime for 3 years in theplanet.

syslog shows that just before crashing, these entries were made:

kernel: kernel BUG at mm/rmap.c:479
kernel: invalid operand:0000 [#1]

dmesg also shows this:

...
Brought up 2 CPUs
zapping low mappings.
checking if image is initramfs... it is
Freeing initrd memory: 482k freed
NET: Registered protocol family 16
PCI: PCI BIOS revision 2.10 entry at 0xf9f20, last bus=1
PCI: Using configuration type 1
mtrr: v2.0 (20020519)
mtrr: your CPUs had inconsistent fixed MTRR settings
mtrr: probably your BIOS does not setup all CPUs.
mtrr: corrected configuration.
...

i've googled these messages and they point to ram problems.

hivelocity.net claims to have done diagnostics on the box and that there were no problems reported.

they said this is a result of a sys configuration problem made by us.

any ideas?

View 8 Replies View Related

Kernel Headers For Virtuozzo Kernel

May 20, 2009

running centos/virtuozzo 2.6.18-028stab062.3

when i configure vmware it asks at one point for kernel header files. where would i find them to match the current kernel?

i asked at parallels forums but help there is very scarce. i checked openVZ repositories and they dont yet have headers for this version.

what are my options? i have one last windows machine left and want to run it in VMware.

View 0 Replies View Related

Centos + Kernel 2.6.9-34.0.2- How To Upgrade Kernel

Apr 29, 2007

Last year I ordered a new server with Centos 4.3 and it had the kernel kernel 2.6.9-34.0.2ELsmp installed. It runned fine and I didn't update any packages since then.

Today I started getting a problem where both mysqld and kswapd0 uses very high amounts of CPU, spiking up to 100% and my memory usage is at 99% all the time. The problem seems exactly the same as the one mentioned in this thread.

In that thread the exact same kernel is said to be insecure and to cause this problem. I also came across a centOS bug that reports this problem with high cpu, mem usage and mysql & kswapd0 consuming all resources.

In the linked thread the person solved the problem by upgrading to kernel 2.6.9-42 using rpms but others recommended a newer kernel or a custom compiled kernel for CentOS.

Apparently when they used yum it said 34.0.2 was the latest kernel.

What should I do to upgrade the kernel, which version should i upgrade to, and where do I get it from? I won't be able to compile a custom kernel and I've only installed basic rpm packages before.

View 5 Replies View Related

Kernel Source Install Help Needed On Fc6 X64I Am Trying To Install The Kernel Source.

May 13, 2007

I am trying to install the kernel source.
I have downloaded kernel-2.6.20-1.2948.fc6.src.rpm
I am using fedora 6 64bit.
here are my current kernels:

kernel-headers-2.6.20-1.2948.fc6
kernel-devel-2.6.20-1.2944.fc6
yum-kernel-module-1.0.3-1.fc6
kernel-2.6.20-1.2944.fc6
kernel-devel-2.6.20-1.2948.fc6
kernel-2.6.20-1.2948.fc6


here is what I seen when I installed kernel-2.6.20-1.2948.fc6.src.rpm

rpm -ivh kernel-2.6.20-1.2948.fc6.src.rpm
1:kernel warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root
warning: user brewbuilder does not exist - using root
########################################### [100%]
warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root


then when I ran:
rpmbuild -bp --target=$(uname -m) /usr/src/redhat/SPECS/kernel-2.6.spec

I seen this error:
+ Arch=x86_64
+ make ARCH=x86_64 nonint_oldconfig
In file included from /usr/include/sys/socket.h:35,
from /usr/include/netinet/in.h:24,
from /usr/include/arpa/inet.h:23,
from scripts/basic/fixdep.c:117:
/usr/include/bits/socket.h:310:24: error: asm/socket.h: No such file or directory
make[1]: *** [scripts/basic/fixdep] Error 1
make: *** [scripts_basic] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.93770 (%prep)


I need to have this installed to get a app installed etc...
suggestions or ideas?
thanks

View 2 Replies View Related

Xen Kernel

Apr 4, 2009

I have a Xen VPS. I started with a Debian 4 image and have since upgraded to Debian 5. Firstly was this advisable? Secondly what Kernel version should I be running, or rather is it set by my installation or by the Xen server?

View 3 Replies View Related

New Kernel 2.6

Feb 15, 2007

Does it take 2 hours to have a new kernel up and running? The tech is taking forever to finish.

View 11 Replies View Related

Kernel Tuning

Apr 24, 2009

as part of a project I have lately been looking into various aspects of kernel tuning. Most notably lately tuning the TCP stack for more efficient memory usage/throughput.

Thought I would start this thread to mention some of the tools I'd found for doing testing and see what anyone else had to recommend.

So far my favorite of the bunch is nuttcp. Its easy to use and gives a very good idea of how much of your bandwidth you are able to utilize.

A few interesting web pages are as follows for anyone interested in the topic:

[url]- Tuning TCP for High Bandwidth Delay networks

[url]- TCP Tuning Cook book, some interesting information in there as well

[url]...formanceTuning - Performance Tuning TWiki. Has a list of useful tools, flags for existing tools and ways to monitor network performance from a system level, along with some suggestions of things to correct

View 0 Replies View Related

Kernel Drives

Aug 4, 2009

What is the best way to find out which filesystems and harddrive drivers you can remove? Obviously, i need ext2,3 but how do you find which HD you only need?

View 1 Replies View Related

Kernel: Ata1.00

Jun 15, 2009

recently,my dedicated server down frequently,

i can not find any important info from /var/log/messages

but i find some records many time on it,those like
----------------------------------
Jun 15 05:30:40 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:40 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:40 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:40 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:40 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:40 server kernel: ata1: EH complete
Jun 15 05:30:42 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:42 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:42 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:42 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:42 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:42 server kernel: ata1: EH complete
Jun 15 05:30:44 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:51 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:51 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:51 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:51 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:51 server kernel: ata1: EH complete
Jun 15 05:30:51 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:51 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:51 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:51 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:51 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:51 server kernel: ata1: EH complete
Jun 15 05:30:51 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:51 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:51 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:51 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:51 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:52 server kernel: ata1: EH complete

Jun 15 05:31:26 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:31:30 server kernel: sd 0:0:0:0: SCSI error: return code = 0x08000002
Jun 15 05:31:33 server kernel: sda: Current [descriptor]: sense key: Medium Error
Jun 15 05:31:36 server kernel: Add. Sense: Unrecovered read error - auto reallocate failed
Jun 15 05:31:36 server kernel:
Jun 15 05:31:39 server kernel: Descriptor sense data with sense descriptors (in hex):
Jun 15 05:31:46 server kernel: 72 03 11 04 00 00 00 0c 00 0a 80 00 00 00 00 00
Jun 15 05:31:51 server kernel: 2c d2 23 42
Jun 15 05:31:56 server kernel: end_request: I/O error, dev sda, sector 751969090
Jun 15 05:31:57 server kernel: ata1: EH complete
Jun 15 05:31:57 server kernel: SCSI device sda: 976773168 512-byte hdwr sectors (500108 MB)
Jun 15 05:31:58 server kernel: sda: Write Protect is off
Jun 15 05:31:58 server kernel: SCSI device sda: drive cache: write back
Jun 15 05:31:59 server kernel: SCSI device sda: 976773168 512-byte hdwr sectors (500108 MB)
Jun 15 05:32:03 server kernel: sda: Write Protect is off
Jun 15 05:32:04 server kernel: SCSI device sda: drive cache: write back
-------------------

is it safe ? or any hardware error?

View 4 Replies View Related

How Update Kernel

Jul 7, 2009

can i upgrade my kernel?

yum cant find any new update but my kernel version is 2.6.18-128.1.1.el5.028stab062.3PAE

View 9 Replies View Related

Kernel Update With Yum

Jun 13, 2009

I have following error in kernel update with yum:

Downloading Packages:

Running rpm_check_debug

ERROR with rpm_check_debug vs depsolve:

Package kernel conflicts with ecryptfs-utils < 44.

Complete!

So kernel not updated yet.

View 9 Replies View Related

Kernel Compile

Jun 20, 2009

I copied the default config file and renamed it as .config but I get this:

Code:
WARNING: No module dm-mem-cache found for kernel 2.6.27.10-grsec, continuing anyway
WARNING: No module dm-region_hash found for kernel 2.6.27.10-grsec, continuing anyway
WARNING: No module dm-message found for kernel 2.6.27.10-grsec, continuing anyway
WARNING: No module dm-raid45 found for kernel 2.6.27.10-grsec, continuing anyway

View 2 Replies View Related

Which Kernel To Upgrade?

Jul 20, 2009

My current kernel version is "2.6.9-42.0.10.ELsmp #1 SMP Fri Feb 16 17:17:21 EST 2007 i686 athlon i386 GNU/Linux". I want it to be upgraded since it is old. I have been told by our server management company that the latest kernel distributed from yum is kernel.i686 0:2.6.9-78.0.22.E. Can anyone tell me if this version is safe and secure enough? It is a CentOS release 4.7 (Final) server with cPanel installed.

View 2 Replies View Related

Yum Install Kernel-PAE

Aug 1, 2009

i have a dedicated server with Centos 5.2 32bit.

my cpu is 64bit but for some software, datacenter install 32bit for me.

i need more ram and order to datacenter, before my ram was 4 Gig and now my ram is 6 gig . but cpu just use 3 gig of ram.

i install kernel-PAE with "yum install kernel-PAE " command and my ram down to 2.5 Gig. now my server used just 2.5 gig of ram.

i can not reformat server because of i have some vps in this server ( Xen vps )

View 11 Replies View Related

2 Kernel Compile

Jul 12, 2009

when doing 2.6.26+ or w/e it is, how do you enable conntrack, what options do i need to enable under make menuconfig?

net.netfilter.nf_conntrack_acct = 1
net.netfilter.nf_conntrack_generic_timeout = 120
error: "net.netfilter.nf_conntrack_icmp_timeout" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_close" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_time_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_last_ack" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_close_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_established" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_syn_recv" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_syn_sent" is an unknown key
error: "net.netfilter.nf_conntrack_udp_timeout" is an unknown key
error: "net.netfilter.nf_conntrack_udp_timeout_stream" is an unknown key
net.netfilter.nf_conntrack_max = 262144

and how do i know which hardware/devices that i can remove?

View 2 Replies View Related

Troubleshooting Kernel

Jul 24, 2009

I have a FreeBSD server crashing a few times per week sometimes 2 or 3 times in one day, then 3 days fine sometimes each other day...

/var/log/messages shows nothing related to the reboot when looking at the server screen after a crash, it showed kernel panic

any ideas on how to troubleshoot that with the minimum downtime possible? DC already tried swapping memory, but it didn't solve

View 14 Replies View Related

How To Upgrade Kernel

May 12, 2008

I am using centos 4.6 on 2.6.9-67smp kernel

I need to update the kernel to 2.6.25.3

is that possible ?

View 10 Replies View Related

Kernel Compiling

Dec 24, 2008

I've never actually compiled a kernel before, and wanted to know the basics when it comes to compiling for a standard CPanel/Centos 32bit system.

View 10 Replies View Related

Grub And Kernel

Jul 9, 2008

i compiled my kernel and i have problem.. i dont have lilo on my server so i dont know how to change the grub.conf file to boot my new kernel..

View 7 Replies View Related

Kernel Exploit

Jun 28, 2008

How Can i translate An Kernel Exploit to secure my server like that

[url]

how can i now what i do to my server if i see any exploit

View 4 Replies View Related

Compiling RHE 5 Kernel

Apr 26, 2008

I have always used RPM kernels from the RedHat Network, in this time I need to compile an SMP kernel in a server that is used to serve common webhosting traffic (web, ftp, email, etc) with cPanel.

I have compiled kernels from source in desktops stations, but never in remote servers.. do you have any recommendations to do this at a Dual Xeon 3.2 RHE 5 + cPanel server? Oh.. almost forgot.. I will also compile it with GRsecurity.

Should I use a src kernel from RedHat, or a kernel.org latest kernel?

View 4 Replies View Related

Kernel Update

May 8, 2008

I installed CentOS 5 on a server with 2 quad core CPU's and 4GB of RAM. After the installation is done and during boot I see a warning that says "Warning only 3GB will be used".

So, just to check, I installed CentOS 4.4 and it sees all 4GB of RAM.

Are there any memory limitations on the distro? or could it be that the desktop kernels made their way into the iso's from upstream?

View 5 Replies View Related

Recompiling Kernel

Feb 20, 2008

I am recompiling the kernel with the src rpm. I haven't been able to get any kernel to boot properly since i got this server.

I really could use some help, below i posted lspci, lsmod and cat interrupts. What I really need help with is which kernel modules are necessary for my server.

lspci: [url]
lsmod: [url]
interrupts: [url]

I have already tried a kernel with ext3, and sata support compiled in but it never boots.

View 5 Replies View Related

Kernel Panic ...

Nov 1, 2008

I just got 2 'kernel panic' crashes in a row (about 1 hr between them). During that time

I cannot access ssh, I need to contact the datacenter for manual reboot.

I checked logs, and I cannot see anything abnormal. I am also not sure what I should be looking for.

I'm really scarred that this is going to keep hapening.

I actually may have found something in logs:

Nov 1 13:20:43 punky kernel: audit(:0): major=252 name_count=0: freeing multiple contexts (1)
lov 1 13:20:43 punky kernel: audit(:0): major=316 name_count=0: freeing multiple contexts (2)
lov 1 13:20:50 punky pure-ftpd: (shont@84.201.220.8) [INFO] Logout.
Nov 1 13:45:04 punky syslogd 1.4.1: restart.
But I still don't know what this means.

I use CentOS.

View 10 Replies View Related

Kernel Update ..

Jul 6, 2008

I just tried yum update command and now i have bunch of stuff that i need to update

=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
kernel-PAE i686 2.6.18-92.1.6.el5 update 14 M
kernel-PAE-devel i686 2.6.18-92.1.6.el5 update 4.8 M
Updating:
kernel-headers i386 2.6.18-92.1.6.el5 update 846 k
nspr i386 4.7.1-1.el5 update 118 k
nss i386 3.12.0.3-1.el5.centos update 1.1
M
nss-tools i386 3.12.0.3-1.el5.centos update 2.2
M
samba-client i386 3.0.28-1.el5_2.1 update 4.9 M
samba-common i386 3.0.28-1.el5_2.1 update 8.7 M
xulrunner i386 1.9-1.el5 update 10 M
yelp i386 2.16.0-19.el5 update 580 k
Removing:
kernel-PAE-devel i686 2.6.18-53.1.21.el5 installed 14 M

Transaction Summary
=============================================================================
Install 2 Package(s)
Update 8 Package(s)
Remove 1 Package(s)

The big deal is Kernel is the most important update file IMHO. Because last time at another server i tried to update kernel by same method. And it said it failed to find template for Kernel or something like that. As a result my server didn't boot up and i had to request KVM and load older kernel

I am not sure if it will give same error this time but is there anything else that i need to do after kernel is updated except rebooting?

i just run /scripts/upcp and it updated all of the programs except kernel-pae. Now it says

Dependencies Resolved

=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
kernel-PAE i686 2.6.18-92.1.6.el5 update 14 M

Transaction Summary
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

I am still not brave enough to install kernel update

View 6 Replies View Related

What Is Hotplug Kernel

Feb 20, 2008

My server is on a rocky situation right now. Its been nearly a 15hours that the CPU on 97% usage. Even I killed processes and other known processes like httpd just to check if the cpu load goes down or not. Unfortunately it does not go down. I'm also seeing this hotplug? whats this? I see dozen of like these on the top command.

/bin/bash /etc/hotplug.d/default/default.hotplug kernel

View 2 Replies View Related

Kernel Panic

Aug 21, 2007

I have upgraded from kernel 2.6.9 to 2.6.17 and after I completed it is not booting it up, it says Kernel Panic - not syncing: Attempted to kill init!

View 14 Replies View Related

Kernel.shmmax Value

Dec 4, 2008

I would like to install eaccelerator on my server. My current value of kernel.shmmax is 32 MB. Should I increase it?

My server is on a vps with 512 MB ram.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved