How to Manually Remove the cPanel-Provided Hardened Kernel


Overview

This document describes how to manually replace the cPanel-provided hardened kernel with a standard kernel.

Warning:
  • We deprecated the cPanel-provided hardened kernel in cPanel & WHM version 68, and we no longer provide updates to this kernel. We strongly recommend that you remove the hardened kernel and consider KernelCare’s symlink protection options. For more information about KernelCare, read the KernelCare documentation.

  • You will need to reboot your server during this procedure. Plan your downtime accordingly.

Remove the kernel

To manually replace the cPanel-provided hardened kernel with a standard kernel, perform the following steps:

  1. Log in to your server via SSH.
  2. Run the following commands:
    1
    2
    
      rm /etc/yum.repos.d/cPkernel.repo
      yum list --showduplicates kernel

    The system will return a list of available kernels that you can install.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    
      [root@c6 ~]# yum list --showduplicates kernel
      Loaded plugins: fastestmirror
      Loading mirror speeds from cached hostfile
      * base: reflector.westga.edu
      * epel: mirror.compevo.com
      * extras: ftp.osuosl.org
      * updates: dallas.tx.mirror.xygenhosting.com
      Installed Packages
      kernel.x86_64                                                          2.6.32-573.26.1.el6                                                               @updates/6.7
      kernel.x86_64                                                          2.6.32-642.1.1.el6                                                                @updates   
      kernel.x86_64                                                          2.6.32-696.299.10.3.cp6                                                           @cPkernel  
      Available Packages
      kernel.x86_64                                                          2.6.32-696.el6                                                                    base       
      kernel.x86_64                                                          2.6.32-696.1.1.el6                                                                updates    
      kernel.x86_64                                                          2.6.32-696.3.1.el6                                                                updates    
      kernel.x86_64                                                          2.6.32-696.3.2.el6                                                                updates    
      kernel.x86_64                                                          2.6.32-696.6.3.el6                                                                updates    
      kernel.x86_64                                                          2.6.32-696.10.1.el6                                                               updates    
      kernel.x86_64                                                          2.6.32-696.10.2.el6                                                               updates    
      kernel.x86_64                                                          2.6.32-696.10.3.el6                                                               updates    
      kernel.x86_64                                                          2.6.32-696.13.2.el6                                                               updates    
      kernel.x86_64                                                          2.6.32-696.16.1.el6                                                               updates
  3. If you wish to install a specific kernel, run the yum install KERNELNAME command, where KERNELNAME represents the desired kernel. Otherwise, run the yum install kernel-2.6.32 command to install the latest kernel.
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    
      [root@c6 ~]# yum install kernel-2.6.32
      Loaded plugins: fastestmirror
      Setting up Install Process
      Loading mirror speeds from cached hostfile
      * base: reflector.westga.edu
      * epel: mirror.compevo.com
      * extras: ftp.osuosl.org
      * updates: dallas.tx.mirror.xygenhosting.com
      Resolving Dependencies
      --> Running transaction check
      ---> Package kernel.x86_64 0:2.6.32-696.16.1.el6 will be installed
      --> Finished Dependency Resolution
    
      Dependencies Resolved
    
      ===================================================================================================================================================================================
      Package                                Arch                                   Version                                               Repository                               Size
      ===================================================================================================================================================================================
      Installing:
      kernel                                 x86_64                                 2.6.32-696.16.1.el6                                   updates                                  32 M
    
      Transaction Summary
      ===================================================================================================================================================================================
      Install       1 Package(s)
    
      Total download size: 32 M
      Installed size: 131 M
      Is this ok [y/N]: y
      Downloading Packages:
      kernel-2.6.32-696.16.1.el6.x86_64.rpm                                                                                                                       |  32 MB     00:11    
      Running rpm_check_debug
      Running Transaction Test
      Transaction Test Succeeded
      Running Transaction
      Installing : kernel-2.6.32-696.16.1.el6.x86_64                                                                                                                               1/1
      Verifying  : kernel-2.6.32-696.16.1.el6.x86_64                                                                                                                               1/1
    
      Installed:
      kernel.x86_64 0:2.6.32-696.16.1.el6                                                                                                                                             
      Complete!
  4. Run the reboot command to reboot your server.
  5. After the server reboots, log in to your server via SSH again and run the uname -r command. The output should resemble the following:

    2.6.32-696.13.2.el6.x86_64
    

After you replace the hardened kernel, we strongly recommend that you navigate to WHM’s Security Advisor interface (WHM >> Home >> Security Center >> Security Advisor) and install KernelCare’s free symlink protection from CloudLinux.