store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Nov 21, 2019 8:59 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Spectre and meltdown support in asl kernel
Unread postPosted: Sat Jan 27, 2018 2:52 am 
Offline
Forum User
Forum User

Joined: Mon Jan 15, 2007 2:03 am
Posts: 56
Hello is there support for the recently patched spectre and meltdown in the latest asl kernel? Specifically for CentOS 6+7? Thanks.


Top
 Profile  
Reply with quote  
 Post subject: Re: Spectre and meltdown support in asl kernel
Unread postPosted: Sat Jan 27, 2018 1:54 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 321
viewtopic.php?f=13&t=8672

and

viewtopic.php?f=13&t=8674

have some info.


Top
 Profile  
Reply with quote  
 Post subject: Re: Spectre and meltdown support in asl kernel
Unread postPosted: Sun Jan 28, 2018 4:56 pm 
Offline
Forum User
Forum User

Joined: Mon Jan 15, 2007 2:03 am
Posts: 56
Thanks for some reason the forum search wouldn't bring up anything. So I gather the answer is yes for the most part :)

Couple more questions:

1) How do we check what the latest kernel version available? Does it always match the asl version?

2) I have a few CentOS 6 systems running ASL v5 that don't seem to be running the latest asl v4/5 kernels even though I see them installed if I list installed kernels with rpm -qa | grep kernels I see some v4 kernels. How do I make yum use the latest asl kernels as default and why isn't it happening automatically with asl updates even though they appear to be installing them with the asl updates?

I also noticed if I run asl -v I see 0 as a kernel version even though in asl config I have updates set to 'all':
Code:
   
Atomic Secured Linux, version 5.0-3245.el6.art: CentOS 6 (SUPPORTED)
CentOS 6 (SUPPORTED)
Copyright Atomicorp 2017
All Rights Reserved.

Extended Version Information:

   ASL_VERSION                   5.0-3028
   APPINV_VERSION                201701191406
   CLAMAV_VERSION                201801251442
   GEOMAP_VERSION                201801241416
   GRSEC_VERSION                 0
   KERNEL_VERSION                0
   MODSEC_VERSION                201801241417
   OSSEC_VERSION                 201801251509
   WAF_DELAYED_VERSION           0



Top
 Profile  
Reply with quote  
 Post subject: Re: Spectre and meltdown support in asl kernel
Unread postPosted: Mon Jan 29, 2018 12:35 am 
Offline
Forum User
Forum User

Joined: Mon Jan 15, 2007 2:03 am
Posts: 56
I should be specific of what I am faced with. I know how to install a kernel and set it to the default in grub. I have a unique situation here with the cloud hosting provider Digital Ocean. In addition to my wanting the latest kernel for the spectre/meltdown (which I am not sure if the one installed as default is the latest art kernel or not), DO is requesting everyone to upgrade their kernels or it may have boot issues when they upgrade their bootloaders and kernels for their infrastructure in the next days.

Normally that is not an issue for me to upgrade a kernel but they have a few annoying requirements/options that are leading me nowhere...

Option 1: Per their instructions, what appears to be the easiest option is if the default is set to the kernel I want it will just work with their custom "grubloader" bootloader. Hence, why I'm asking how to install the latest kernel as the default. In my case it's booting into the kernel 3.2.68-77.art.x86_64 which I am not sure if it is the latest with the spectre/meltdown fixes or not because I see other options in the /boot directory and running rpm -qa | grep kernel that look newer like kernel-asl-4.4.109-3219.el6.art.x86_64.

Option 2: Instead, if the desired kernel isn't the default and I need to use a specific kernel then with Grub v1 on a centos 6 box I need to remove all the other kernels and leave ONLY the one that is needed. Besides the ridiculousness of this request, unfortunately, I can't remove any kernels because they are used by ASL packages, I get dependency errors when trying to remove them.

Below is the article from DO about how to upgrade the kernel, maybe someone can give me some quick guidance on how I can install and verify the latest asl kernel as default or how to remove all to just the one I need? Much appreciated.

https://www.digitalocean.com/community/ ... r-s-kernel


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group