Today, I had to execute a security scan against some of mine Red Hat hosts and surprisingly (at least to me) the results were not what I have expected ……. Not to mentioned that the side effect was my AD account being “
LOCKED OUT ON THIS DOMAIN CONTROLLER” preventing me from log-in to over one hundred of hosts. Looking at the report documenting the offenses, I recognize that it is not that “my” hosts are at fault but it is the “scanner” fault, of course!
Apparently, McAfee “looks” not just for the running but all LINUX kernels present on a host. So even if I did
yum -y upgrade and immediately followed it with another scanner run the process will flag this host as a “failure” because of the presence of the older kernels. It comes back to me now. Years ago, when I worked with the Interactive UNIX (the origin of SUN and AIX) I had to deal with multiple kernels – once or twice I had to remove some to gain back storage capacity on a host.
You may already know the question of today but if you don’t do not worry too much – here it comes: “how to list the kernels and how to remove them from a RedHat machine?”
To list kernels on a RedHat host, execute:
# rpm -qa kernel kernel-2.6.32-279.19.1.el6.x86_64 kernel-2.6.32-279.14.1.el6.x86_64 kernel-2.6.32-279.11.1.el6.x86_64
To list your current kernel (the short version):
# uname -r 2.6.32-279.19.1.el6.x86_64
To list your current kernel (the long version):
# uname -mrs Linux 2.6.32-279.19.1.el6.x86_64 x86_64
The last two entries tell us that the running
2.6.32-279.19.1.el6.x86_64 kernel (active) is the most up to date one. So to remove the other (non active) kernels, I have to execute these two steps:
# rpm -e kernel-2.6.32-279.11.1.el6.x86_64 # rpm -e kernel-2.6.32-279.14.1.el6.x86_64
To verify that there is just one kernel left – the one I wanted to keep:
# # rpm -qa kernel kernel-2.6.32-279.19.1.el6.x86_64
Is there a way to switch kernels on a live RedHat hosts so when it boots next time it uses a different kernel? I know that a kernel selection can be made at boot time. Do you know about any other way? If so please let us all know too, thanks!
I feel, this post would not be complete without this message:
To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.