For many years web hosts have fought to provide adequate protection against a vulnerability called a “Symlink Attack”. At cPanel we prefer a kernel-based solution, and have historically provided both Apache based protection, and our Hardened Kernel to help server administrators. Last year we began discussing with CloudLinux the potential for them to offer this protection to server administrators as part of KernelCare.
A few weeks ago the fantastic folks over at CloudLinux announced the KernelCare “Extra” Patchset that provided that symlink protection to all servers using a KernelCare CentOS kernel, with a KernelCare license. Today they have announced that you can get the same protection for CentOS 6 and 7 at no cost, with or without a KernelCare license, as the KernelCare “Free” Patchset.
Head over to their blog for the official announcement and more details on how to install the patches.