store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Nov 21, 2019 9:48 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Unable to unload kcare kmod 1
Unread postPosted: Fri Jun 23, 2017 1:37 am 
Offline
Forum User
Forum User

Joined: Wed Jul 04, 2012 9:03 pm
Posts: 29
Location: Melbourne
With Kernel Care installed, I should be able to apply kernel patch by executing

`kcarectl --update`

However, it gives this error:

Updates already downloaded
Updates already downloaded
rmmod: ERROR: could not remove 'kcare': Operation not permitted
rmmod: ERROR: could not remove module kcare: Operation not permitted
Unable to unload kcare kmod 1

Below is my kernel configuration from /etc/asl/config, please advise what needs to change to allow `kcarectl` to work.

# Kernel configuration.
ALLOW_kmod_loading="yes"
MAX_USER_WATCHES="16384"
GRKERNSEC_DISABLE_PAX="no"
GRKERNSEC_DETER_BRUTEFORCE="no"
GRKERNSEC_CONSISTENT_SETXID="yes"
ENABLE_TPE="yes"
TPE_GROUP_POLICY="untrusted"
TPE_UNTRUSTED_USERS=""
TPE_TRUSTED_USERS=""
DISABLE_PRIVILEGED_IO="no"
AUDIT_MOUNT="no"
AUDIT_CHDIR="no"
AUDIT_PTRACE="yes"
AUDIT_TEXTREL="no"
CHROOT_CAPS="yes"
CHROOT_DENY_CHMOD="yes"
CHROOT_DENY_CHROOT="yes"
CHROOT_DENY_FCHDIR="yes"
CHROOT_DENY_MKNOD="yes"
CHROOT_DENY_MOUNT="yes"
CHROOT_DENY_PIVOT="yes"
CHROOT_DENY_SHMAT="yes"
CHROOT_DENY_SYSCTL="yes"
CHROOT_DENY_UNIX="yes"
CHROOT_ENFORCE_CHDIR="yes"
CHROOT_EXECLOG="no"
CHROOT_FINDTASK="yes"
CHROOT_RESTRICT_NICE="yes"
EXEC_LOGGING="no"
EXEC_LOG_USERS=""
DMESG="yes"
EXECVE_LIMITING="yes"
FIFO_RESTRICTIONS="yes"
FORKFAIL_LOGGING="yes"
HARDEN_PTRACE="yes"
IP_BLACKHOLE="yes"
LASTACK_RETRIES="4"
LINKING_RESTRICTIONS="yes"
RESOURCE_LOGGING="yes"
ROMOUNT_PROTECT="no"
RWXMAP_LOGGING="yes"
SIGNAL_LOGGING="yes"
SOCKET_ALL="yes"
SOCKET_USERS=""
SOCKET_CLIENT="yes"
SOCKET_CLIENT_USERS=""
SOCKET_SERVER="yes"
SOCKET_SERVER_USERS=""
TIMECHANGE_LOGGING="yes"


Top
 Profile  
Reply with quote  
 Post subject: Re: Unable to unload kcare kmod 1
Unread postPosted: Fri Jun 23, 2017 8:36 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4087
Location: Chantilly, VA
You dont need to use that with the ASL kernel, the ASL kernel is rebootless and does not need third party kernel patching tools. It will automatically patch itself in the very rare case when a patch is necessary.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: Unable to unload kcare kmod 1
Unread postPosted: Thu Jul 06, 2017 1:16 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 661
However, those of us who are using other kernels such as CloudLinux *do* need to do this, which I think is what the OP was asking for.
This is something I could use as well, as I see this on my systems too.

First guess would be that if you change
Quote:
ALLOW_kmod_loading="yes"


that you need to reboot before it lets you actually do it - or does this setting have no effect when using non ASL kernels?


Top
 Profile  
Reply with quote  
 Post subject: Re: Unable to unload kcare kmod 1
Unread postPosted: Tue Jul 11, 2017 12:17 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 661
ping


Top
 Profile  
Reply with quote  
 Post subject: Re: Unable to unload kcare kmod 1
Unread postPosted: Tue Jul 11, 2017 4:50 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4087
Location: Chantilly, VA
That may be what you need to do. I would check with kernelcare, if you're not using our kernel then that setting is just asking whatever kernel you are using lock module loading, and how that works could vary differently and some kernels dont support that capability.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group