If you launch an instance from the official CentOS or RHEL 7.x AMI on AWS, you will be running kernel 3.1 as of this writing. That’s not a good idea. You can easily take advantage of improved security features of newer kernels that are already available in a stable release. The renowned Linux kernel maintainer Greg Kroah-Hartman released the Linux Kernel 4.14.15, which includes important fixes for Spectre & Meltdown. Here is how to update your Linux kernel from 3.1 to 4.16.11 in place.
Step 1. Import the repo key
First, import the GPG key for the repository:
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
Step 2. Install the repository
Install the repository that holds your new kernel:
yum install http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
Before you enable the new repo, you can peek inside its configuration file to see what it will be doing:
nano /etc/yum.repos.d/elrepo.repo
Step 3. Enable the repository
Enable the repository with this command:
yum --enablerepo=elrepo-kernel install kernel-ml
Step 4. Install the RPM of your new kernel
To install your new kernel for CentOS/RHEL 7.03, run this command:
yum install http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
Step 5. List all available kernels
List all kernels that are available to the grub bootloader on your system:
awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg
Step 6. Select the new kernel
From the list of available kernels, select the new kernel:
grub2-set-default 0
The number 0 denotes the first kernel in the list.
Step 7. Save the new configuration and reboot
Save your new configuration:
grub2-mkconfig -o /boot/grub2/grub.cfg
Reboot.
Your article is slightly misleadingly.
Hi Paul:
ZombieLoad, is a side-channel attack targeting Intel chips, allows hackers to take advantage of yet another exploit design flaws. This time it’s not so much about about injecting malicious code. Although this might be possible if you take advantage of the latest bugs. According to Intel, ZombieLoad consists of 4 bugs, which were discovered by three researchers from the Graz University of Technology (Michael Schwarz, Moritz Lipp, and Daniel Gruss) and also by one researcher at imec-DistriNet, KU Leuven (Jo Van Bulck). They reported it to the chip maker about a month ago:
https://zombieloadattack.com/
Well, it’s seems Meltdown and Spectre and similar bugs are here to stay!
> Your article is slightly misleadingly.
Which Linux do you use? Linus said that updating the Kernel would somewhat help… of course that was a year ago. With the new bugs it remains to be seen how to fix them.
I hope it helps. Feel free to ask further questions…
By the way, upgrading CentOS 7.x/RedHat 7.x to the latest Kernel 5.1.x is a good idea. :-)
The researchers of ZombieLoad Attack agree:
“Make sure to get the latest updates for your operating system!”
Obviously, if you are stuck on CentOS 6.x/RedHat 6.x it’s indeed impossible to upgrade… :-(
However, I agree with you, the nasty bugs need to be first and foremost fixed by Intel… and sadly, that could take many years.
P.S: Please, Feel free to let me know if it was helpful for you. What’s your website domain?
Does your blog have a contact page? I’m having a tough time locating it but, I’d like to send you an e-mail.
I’ve got some suggestions for your blog you might
be interested in hearing. Either way, great blog and I look forward to seeing it grow over time.
https://www.cloudinsidr.com/content/contact-us/
Excellent article. I’m facing a few of these issues as well..
I love your blog.. very nice colors & theme. Did you design this
website yourself or did you hire someone to do it
for you? Plz reply as I’m looking to design my own blog and would like to know where u got this from.
thanks a lot
You can join Cloud Insidrs and we will soon publish a way to to run your own website fast, secure & cool!
Stay tuned cameronsherrod@googlemail.com !
Do we have to restart the machine after step 7? I could not see the updated kernel with `uname -r` until I rebooted. Is there a way to update the kernel without reboot?
Yes, you are right! You need a reboot… otherwise uname -a won’t reflect the changes…
This is very fascinating, You are a very skilled blogger. I’ve joined your feed and look ahead to in the hunt for extra of your magnificent post. Additionally, I’ve shared your website in my social networks.
Thanks, De Alba, it’s appreciated.
You have made some really good points there.
I checked on the web to learn more about the issue and found most individuals will
go along with your views on this site.
Hello there and thank you for your information – I’ve definitely picked up something new from right here!
Hi there just wanted to give you a quick heads up. The words in your
article seem to be running off the screen in Safari.
I’m not sure if this is a formatting issue or something to do
with web browser compatibility but I thought I’d post to let you know.
The style and design look great though! Hope you get the problem solved
soon. Many thanks
Thanks for your feedback! :-)
Did you try to update to the latest Apple operating system? (OS X El Capitan)
Or just use the latest Google Chrome or Mozilla Firefox…
I hope this helps!
Webmaster of http://www.cloudinsidr.com