Spectre and meltdown support in asl kernel

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
zonathen
Forum User
Forum User
Posts: 56
Joined: Mon Jan 15, 2007 2:03 am

Spectre and meltdown support in asl kernel

Unread post by zonathen »

Hello is there support for the recently patched spectre and meltdown in the latest asl kernel? Specifically for CentOS 6+7? Thanks.
zonathen
Forum User
Forum User
Posts: 56
Joined: Mon Jan 15, 2007 2:03 am

Re: Spectre and meltdown support in asl kernel

Unread post by zonathen »

Thanks for some reason the forum search wouldn't bring up anything. So I gather the answer is yes for the most part :)

Couple more questions:

1) How do we check what the latest kernel version available? Does it always match the asl version?

2) I have a few CentOS 6 systems running ASL v5 that don't seem to be running the latest asl v4/5 kernels even though I see them installed if I list installed kernels with rpm -qa | grep kernels I see some v4 kernels. How do I make yum use the latest asl kernels as default and why isn't it happening automatically with asl updates even though they appear to be installing them with the asl updates?

I also noticed if I run asl -v I see 0 as a kernel version even though in asl config I have updates set to 'all':

Code: Select all

	
Atomic Secured Linux, version 5.0-3245.el6.art: CentOS 6 (SUPPORTED) 
CentOS 6 (SUPPORTED)
Copyright Atomicorp 2017
All Rights Reserved.

Extended Version Information:

	ASL_VERSION                   5.0-3028
	APPINV_VERSION                201701191406
	CLAMAV_VERSION                201801251442
	GEOMAP_VERSION                201801241416
	GRSEC_VERSION                 0
	KERNEL_VERSION                0
	MODSEC_VERSION                201801241417
	OSSEC_VERSION                 201801251509
	WAF_DELAYED_VERSION           0

zonathen
Forum User
Forum User
Posts: 56
Joined: Mon Jan 15, 2007 2:03 am

Re: Spectre and meltdown support in asl kernel

Unread post by zonathen »

I should be specific of what I am faced with. I know how to install a kernel and set it to the default in grub. I have a unique situation here with the cloud hosting provider Digital Ocean. In addition to my wanting the latest kernel for the spectre/meltdown (which I am not sure if the one installed as default is the latest art kernel or not), DO is requesting everyone to upgrade their kernels or it may have boot issues when they upgrade their bootloaders and kernels for their infrastructure in the next days.

Normally that is not an issue for me to upgrade a kernel but they have a few annoying requirements/options that are leading me nowhere...

Option 1: Per their instructions, what appears to be the easiest option is if the default is set to the kernel I want it will just work with their custom "grubloader" bootloader. Hence, why I'm asking how to install the latest kernel as the default. In my case it's booting into the kernel 3.2.68-77.art.x86_64 which I am not sure if it is the latest with the spectre/meltdown fixes or not because I see other options in the /boot directory and running rpm -qa | grep kernel that look newer like kernel-asl-4.4.109-3219.el6.art.x86_64.

Option 2: Instead, if the desired kernel isn't the default and I need to use a specific kernel then with Grub v1 on a centos 6 box I need to remove all the other kernels and leave ONLY the one that is needed. Besides the ridiculousness of this request, unfortunately, I can't remove any kernels because they are used by ASL packages, I get dependency errors when trying to remove them.

Below is the article from DO about how to upgrade the kernel, maybe someone can give me some quick guidance on how I can install and verify the latest asl kernel as default or how to remove all to just the one I need? Much appreciated.

https://www.digitalocean.com/community/ ... r-s-kernel
Post Reply