After performing the Fix operation on a server that uses the Ubuntu kernel, the latest kernel is not used when the system is restarted. This is because kernel selection order is modified. During the Fix operation, the system will ask you whether you want to keep the existing modifications on the GRUB menu when installing the latest kernel. You must use the silent installation in which the latest kernel is prioritized during startup.

Problem description

When you fix Linux kernel vulnerabilities in the Security Center console, the vulnerabilities are successfully fixed only after the system is restarted. When the system or ECS instance is restarted, the system will not automatically create a boot menu for the latest kernel if your GRUB boot menu has been modified. The system or instance will still be in the Handled (To Be Restarted) state even after restart. In this case, you cannot verify whether vulnerabilities are fixed successfully.

Solution

If you choose the default settings of the latest kernel over original GRUB menu configurations, you can set the following environment variable before executing the vulnerability fix command to make the installation system automatically select the default settings.

export DEBIAN_FRONTEND=noninteractive

If you do not use the default settings of the latest kernel, you can modify the GRUB boot sequence. For more information, see ECS Linux CentOS Kernel Boot Sequence Modification.