The Symlink Protection patchset is available for free for CentOS 6 & 7, even if you are not running KernelCare
A few weeks ago we released the KernelCare “Extra” Patchset with the security fixes and the symlink protection available to all KernelCare customers running CentOS kernels. Today we are pleased to share that you can get the Symlink Protection Patchset for CentOS 6 and 7 at no cost, even if you don’t have licenses of KernelCare.
We’ve been discussing with the cPanel team on how to help with hardening of their customers’ system kernels. This Symlink Protection Patchset will protect CentOS 6 and 7 systems and will help defend shared hosting servers, including the cPanel servers, against symlink attacks.
A symlink race attack is frequently used against shared hosting servers. It allows a malicious user to serve files that belong to other users by creating a symbolic link to those files. It is often used to access config.php files that belong to others. This patchset helps protect against such attacks.
Note that this patchset includes only the symlink protection, and does not include the security fixes (those are available to KernelCare customers) – you will still need to update kernel and REBOOT each time new CentOS kernel is released to keep your kernel secure.
We recommend the installation of this patchset on CentOS 6 and CentOS 7 to make your servers more secure.