Spectre and meltdown support in asl kernel
Spectre and meltdown support in asl kernel
Hello is there support for the recently patched spectre and meltdown in the latest asl kernel? Specifically for CentOS 6+7? Thanks.
Re: Spectre and meltdown support in asl kernel
Thanks for some reason the forum search wouldn't bring up anything. So I gather the answer is yes for the most part
Couple more questions:
1) How do we check what the latest kernel version available? Does it always match the asl version?
2) I have a few CentOS 6 systems running ASL v5 that don't seem to be running the latest asl v4/5 kernels even though I see them installed if I list installed kernels with rpm -qa | grep kernels I see some v4 kernels. How do I make yum use the latest asl kernels as default and why isn't it happening automatically with asl updates even though they appear to be installing them with the asl updates?
I also noticed if I run asl -v I see 0 as a kernel version even though in asl config I have updates set to 'all':
Couple more questions:
1) How do we check what the latest kernel version available? Does it always match the asl version?
2) I have a few CentOS 6 systems running ASL v5 that don't seem to be running the latest asl v4/5 kernels even though I see them installed if I list installed kernels with rpm -qa | grep kernels I see some v4 kernels. How do I make yum use the latest asl kernels as default and why isn't it happening automatically with asl updates even though they appear to be installing them with the asl updates?
I also noticed if I run asl -v I see 0 as a kernel version even though in asl config I have updates set to 'all':
Code: Select all
Atomic Secured Linux, version 5.0-3245.el6.art: CentOS 6 (SUPPORTED)
CentOS 6 (SUPPORTED)
Copyright Atomicorp 2017
All Rights Reserved.
Extended Version Information:
ASL_VERSION 5.0-3028
APPINV_VERSION 201701191406
CLAMAV_VERSION 201801251442
GEOMAP_VERSION 201801241416
GRSEC_VERSION 0
KERNEL_VERSION 0
MODSEC_VERSION 201801241417
OSSEC_VERSION 201801251509
WAF_DELAYED_VERSION 0
Re: Spectre and meltdown support in asl kernel
I should be specific of what I am faced with. I know how to install a kernel and set it to the default in grub. I have a unique situation here with the cloud hosting provider Digital Ocean. In addition to my wanting the latest kernel for the spectre/meltdown (which I am not sure if the one installed as default is the latest art kernel or not), DO is requesting everyone to upgrade their kernels or it may have boot issues when they upgrade their bootloaders and kernels for their infrastructure in the next days.
Normally that is not an issue for me to upgrade a kernel but they have a few annoying requirements/options that are leading me nowhere...
Option 1: Per their instructions, what appears to be the easiest option is if the default is set to the kernel I want it will just work with their custom "grubloader" bootloader. Hence, why I'm asking how to install the latest kernel as the default. In my case it's booting into the kernel 3.2.68-77.art.x86_64 which I am not sure if it is the latest with the spectre/meltdown fixes or not because I see other options in the /boot directory and running rpm -qa | grep kernel that look newer like kernel-asl-4.4.109-3219.el6.art.x86_64.
Option 2: Instead, if the desired kernel isn't the default and I need to use a specific kernel then with Grub v1 on a centos 6 box I need to remove all the other kernels and leave ONLY the one that is needed. Besides the ridiculousness of this request, unfortunately, I can't remove any kernels because they are used by ASL packages, I get dependency errors when trying to remove them.
Below is the article from DO about how to upgrade the kernel, maybe someone can give me some quick guidance on how I can install and verify the latest asl kernel as default or how to remove all to just the one I need? Much appreciated.
https://www.digitalocean.com/community/ ... r-s-kernel
Normally that is not an issue for me to upgrade a kernel but they have a few annoying requirements/options that are leading me nowhere...
Option 1: Per their instructions, what appears to be the easiest option is if the default is set to the kernel I want it will just work with their custom "grubloader" bootloader. Hence, why I'm asking how to install the latest kernel as the default. In my case it's booting into the kernel 3.2.68-77.art.x86_64 which I am not sure if it is the latest with the spectre/meltdown fixes or not because I see other options in the /boot directory and running rpm -qa | grep kernel that look newer like kernel-asl-4.4.109-3219.el6.art.x86_64.
Option 2: Instead, if the desired kernel isn't the default and I need to use a specific kernel then with Grub v1 on a centos 6 box I need to remove all the other kernels and leave ONLY the one that is needed. Besides the ridiculousness of this request, unfortunately, I can't remove any kernels because they are used by ASL packages, I get dependency errors when trying to remove them.
Below is the article from DO about how to upgrade the kernel, maybe someone can give me some quick guidance on how I can install and verify the latest asl kernel as default or how to remove all to just the one I need? Much appreciated.
https://www.digitalocean.com/community/ ... r-s-kernel