Kernel-based symlink protection for all, thanks to CloudLinux

For many years web hosts have fought to provide adequate protection against a vulnerability called a “Symlink Attack”. At cPanel we prefer a kernel-based solution, and have historically provided both Apache based protection, and our Hardened Kernel to help server administrators. Last year we began discussing with CloudLinux the potential for them to offer this protection to server administrators as part of KernelCare.

A few weeks ago the fantastic folks over at CloudLinux announced the KernelCare “Extra” Patchset that provided that symlink protection to all servers using a KernelCare CentOS kernel, with a KernelCare license. Today they have announced that you can get the same protection for CentOS 6 and 7 at no cost, with or without a KernelCare license, as the KernelCare “Free” Patchset.

Head over to their blog for the official announcement and more details on how to install the patches.

benny Vasquez

scripter, crafter, cPanel's Manager of Community Engagement. Facilitating communication between cPanel's amazing development team, and cPanel's amazing community. Find me on twitter: @cpaneldev

One response to “Kernel-based symlink protection for all, thanks to CloudLinux”

  1. cPGuard says:

    With our security suite cPGuard, we provide symlink checks and alert users and remove symlink based on some conditions! Anyway good to see CL team offers it for free which enable users to add another layer of protection against such attacks!

Leave a Reply