Problem description
After you fix Linux kernel vulnerabilities in the security center console, you must restart the system to fix the vulnerabilities. System reboot or restart the ECS instances, cloud security center console still prompts repair success to be restarted. In this case, you cannot verify whether vulnerabilities are fixed successfully.
Cause
After performing the fix operation on a server that uses the Ubuntu kernel, the latest kernel is not used when the system is restarted. This is because the kernel selection order of the GRUB boot menu has been modified. In this case, the system requires you to choose whether to keep the modified GRUB Menu when installing the kernel. In this case, you need to use the latest kernel as the first startup sequence for Silent installation.
Solution
The following are solutions for kernel settings in different scenarios:
- If you choose the default settings of the latest kernel over original GRUB menu configurations, you can set the following environment variable before executing the vulnerability fix command to make the installation system automatically select the default settings.
export DEBIAN_FRONTEND=noninteractive
- If you do not use the default settings of the latest kernel, you can modify the GRUB boot sequence. For more information, see how to modify the boot sequence of a Linux kernel.
Application scope
- Security Center