Cloud Insidr

Cybersecurity in the Age of the Machine

  • Subscribe!
  • Privacy Policy
  • Legal
  • Contact Us

Join us on Twitter: @CloudInsidr

  • news & alerts
    • events
    • industry analysis
    • industry gossip
    • people
  • cloud, edge & co.
    • AWS
    • administration & orchestration
      • web servers in the cloud
      • mail servers
      • databases
  • cybersec & warfare
    • encryption
  • blockchain
Home cybersecurity and cyber warfare A fix for Spectre & Meltdown: update your Linux kernel in place (running CentOS/RHEL 7 or above), and live happily ever after
A fix for Spectre & Meltdown: update your Linux kernel in place (running CentOS/RHEL 7 or above), and live happily ever after

Cloud Insidr 2018-04-04 13 Comments

A fix for Spectre & Meltdown: update your Linux kernel in place (running CentOS/RHEL 7 or above), and live happily ever after

If you launch an instance from the official CentOS or RHEL 7.x AMI on AWS, you will be running kernel 3.1 as of this writing. That’s not a good idea. You can easily take advantage of improved security features of newer kernels that are already available in a stable release. The renowned Linux kernel maintainer Greg Kroah-Hartman released the Linux Kernel 4.14.15, which includes important fixes for Spectre & Meltdown. Here is how to update your Linux kernel from 3.1 to 4.16.11 in place.

Step 1. Import the repo key

First, import the GPG key for the repository:

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

Step 2. Install the repository

Install the repository that holds your new kernel:

yum install http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

Before you enable the new repo, you can peek inside its configuration file to see what it will be doing:

nano /etc/yum.repos.d/elrepo.repo

Step 3. Enable the repository

Enable the repository with this command:

yum --enablerepo=elrepo-kernel install kernel-ml

Step 4. Install the RPM of your new kernel

To install your new kernel for CentOS/RHEL 7.03, run this command:

yum install http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

Step 5. List all available kernels

List all kernels that are available to the grub bootloader on your system:

awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg

Step 6. Select the new kernel

From the list of available kernels, select the new kernel:

grub2-set-default 0

The number 0 denotes the first kernel in the list.

Step 7. Save the new configuration and reboot

Save your new configuration:

grub2-mkconfig -o /boot/grub2/grub.cfg

Reboot.

Filed Under: cybersecurity and cyber warfare, Linux Tagged With: AWS, grub, kernel, Linux

Comments

  1. minecraft says

    2019-04-24 at 1:19 am

    Does your blog have a contact page? I’m having a tough time locating it but, I’d like to send you an e-mail.
    I’ve got some suggestions for your blog you might
    be interested in hearing. Either way, great blog and I look forward to seeing it grow over time.

    Reply
    • Cloud Insidr says

      2019-04-24 at 1:21 am

      https://www.cloudinsidr.com/content/contact-us/

      Reply
  2. Dario Porterfield says

    2019-04-15 at 8:04 pm

    Excellent article. I’m facing a few of these issues as well..

    Reply
  3. minecraft says

    2019-04-13 at 6:53 pm

    I love your blog.. very nice colors & theme. Did you design this
    website yourself or did you hire someone to do it
    for you? Plz reply as I’m looking to design my own blog and would like to know where u got this from.
    thanks a lot

    Reply
    • Cloud Insidr says

      2019-04-13 at 7:54 pm

      You can join Cloud Insidrs and we will soon publish a way to to run your own website fast, secure & cool!
      Stay tuned cameronsherrod@googlemail.com !

      Reply
  4. Gopinath Taget says

    2017-04-13 at 12:40 pm

    Do we have to restart the machine after step 7? I could not see the updated kernel with `uname -r` until I rebooted. Is there a way to update the kernel without reboot?

    Reply
    • Cloud Insidr says

      2017-04-15 at 8:28 am

      Yes, you are right! You need a reboot… otherwise uname -a won’t reflect the changes…

      Reply
  5. De Alba says

    2016-08-29 at 1:15 am

    This is very fascinating, You are a very skilled blogger. I’ve joined your feed and look ahead to in the hunt for extra of your magnificent post. Additionally, I’ve shared your website in my social networks.

    Reply
    • Cloud Insidr says

      2016-09-13 at 5:54 am

      Thanks, De Alba, it’s appreciated.

      Reply
  6. Katharina Dimond says

    2016-04-27 at 2:01 am

    You have made some really good points there.
    I checked on the web to learn more about the issue and found most individuals will
    go along with your views on this site.

    Reply
  7. Donnie Schroll says

    2016-04-18 at 6:52 pm

    Hello there and thank you for your information – I’ve definitely picked up something new from right here!

    Reply
  8. Stan Shumway says

    2016-04-05 at 1:23 am

    Hi there just wanted to give you a quick heads up. The words in your
    article seem to be running off the screen in Safari.
    I’m not sure if this is a formatting issue or something to do
    with web browser compatibility but I thought I’d post to let you know.

    The style and design look great though! Hope you get the problem solved
    soon. Many thanks

    Reply
    • Cloud Insidr says

      2016-04-05 at 6:38 am

      Thanks for your feedback! :-)
      Did you try to update to the latest Apple operating system? (OS X El Capitan)
      Or just use the latest Google Chrome or Mozilla Firefox…
      I hope this helps!

      Webmaster of http://www.cloudinsidr.com

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Join Cloud Insidrs!

Symantec Code Signing (200x200)

Tag Cloud

automation AWS Azure Azure Active Directory Azure Arc Azure Lighthouse Azure Resource Manager certbot certificate clickjacking cron CSRF cyber security DD-WRT DNS over HTTPS DoH domain firmware Gemalto HPKP HSTS IAM letsencrypt log logs MFA MITM Netgear network router SELinux time stamp tip Whois WiFi x509 XSS
Secure Site with EV (160x600)

Pearson Education (InformIT)

Pearson Education (Peachpit)

Thawte Code Signing (200x200)

  • Content purchasing and syndication