digital ocean kexec blah
joeyh at
Want to know if running kernel is present in /boot (or / I suppose). Seems hard somehow.
Evan Prodromou likes this.
Well, I did some horrible uname -r vs file(1) comparing.
So, my Digital Ocean VM won't be left running an insecure kernel provided by Digital Ocean for a month after a cold boot (initiated by Digital Ocean); propellor now detects that misconfiguration and kexecs into a security-supported distro kernel.
Hmm.. Across all my VMs and hosting providers, not a single one of them can run a distro kernel anymore without some form of hacking. It's .. almost like hosting providers don't want you to, or their users don't care.
Jakukyo Friel, Greg Grossmeier likes this.
Confirmation that there is no sane way to do this: https://github.com/bzed/pkg-nagios-plugins-contrib/blob/master/dsa/checks/dsa-check-running-kernel
Jakukyo Friel likes this.