All Products
Search
Document Center

After fixing Linux kernel vulnerabilities, restarting the system console still prompts that the fix is successful and must be restarted

Last Updated: Dec 18, 2020

Problem description

After you fix Linux kernel vulnerabilities in the security center console, you must restart the system to fix the vulnerabilities. System reboot or restart the ECS instances, cloud security center console still prompts repair success to be restarted. In this case, you cannot verify whether vulnerabilities are fixed successfully.

Cause

After performing the fix operation on a server that uses the Ubuntu kernel, the latest kernel is not used when the system is restarted. This is because the kernel selection order of the GRUB boot menu has been modified. In this case, the system requires you to choose whether to keep the modified GRUB Menu when installing the kernel. In this case, you need to use the latest kernel as the first startup sequence for Silent installation.

Solution

The following are solutions for kernel settings in different scenarios:

  • If you choose the default settings of the latest kernel over original GRUB menu configurations, you can set the following environment variable before executing the vulnerability fix command to make the installation system automatically select the default settings.
    export DEBIAN_FRONTEND=noninteractive
  • If you do not use the default settings of the latest kernel, you can modify the GRUB boot sequence. For more information, see how to modify the boot sequence of a Linux kernel.

Application scope

  • Security Center