Author Topic: Possible 'Kernel Side-Channel Attack' - please help!?  (Read 5958 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Possible 'Kernel Side-Channel Attack' - please help!?
« on: January 06, 2018, 12:19:46 PM »
Hi!
I need help.
I am running CWP7pro.
Distro Name: CentOS Linux release 7.4.1708 (Core)
Kernel Version: 3.10.0-693.11.6.el7.x86_64

And I received this message from LFD on my server >>>
System Integrity checking detected a modified system file
Code: [Select]
Time:     Thu Jan  4 13:47:36 2018 +0100

The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:

/usr/bin/cpupower: FAILED
/usr/sbin/intel-microcode2ucode: FAILED
/bin/cpupower: FAILED
/sbin/intel-microcode2ucode: FAILED

---------------------------------------------

and then this >>>
Anacron job 'cron.daily'
Code: [Select]
/etc/cron.daily/cwp:



====================================================
============= CentOS Web Panel Cron ================
====================================================


###########################
Firewall Flush Daily Blocks
###########################


######################
Update Server Packages
######################
TERM environment variable not set.
https://mirrors.rit.edu/fedora/epel/7/x86_64/repodata/90536f11162d701892e76964a68d4cba173dfeebb26cbf121e438062e2829cfc-updateinfo.xml.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

https://access.redhat.com/articles/1320623

If above article doesn't help to resolve this issue please create a bug on https://bugs.centos.org/

Redirecting to /bin/systemctl restart cwpsrv.service
Redirecting to /bin/systemctl restart cwp-phpfpm.service
Redirecting to /bin/systemctl reload cwpsrv.service
Redirecting to /bin/systemctl reload cwp-phpfpm.service

Date which backup script is using: 2018-01-05 02:24:55

cpulimit: no process found
---------------------------------------------

Why did:
  • /usr/bin/cpupower
  • /usr/sbin/intel-microcode2ucode
  • /bin/cpupower
  • /sbin/intel-microcode2ucode
fail?
Does this mean my servers kernel has been corrupted by Kernel Side-Channel Attack?
See: https://access.redhat.com/security/vulnerabilities/speculativeexecution

And why does Update Server Packages get an: [Errno 14] HTTPS Error 404 - Not Found
What can I do??

Thanks for your help!
« Last Edit: January 06, 2018, 12:46:58 PM by zenben »

Offline
*
Re: Possible 'Kernel Side-Channel Attack' - please help!?
« Reply #1 on: January 06, 2018, 12:50:15 PM »
P.S.: I activated Comodo WAF mod_security on wednesday (3rd Jan).
and also recompiled the web server from "Apache & Varnish Cache & Nginx Reverse Proxy" TO "Apache Only".

Offline
*
Re: Possible 'Kernel Side-Channel Attack' - please help!?
« Reply #2 on: January 11, 2018, 10:12:52 AM »
Well …  the OVH Support send me this: https://www.centos.org/forums/viewtopic.php?f=51&t=65617
which told me that my kernel version 3.10.0-693.11.6.el7.x86_64  is safe from Meltdown and Spectre security flaws.  ;D

However … I am not sure what to think of this failed md5sum comparison test and the [Errno 14] HTTPS Error 404 - Not Found.
 :-\