I have my RHEL 5&6 servers set to keep 1 old kernel after updates, I do this in case I need to recover the system for any number of reasons. My question is related to security of the system when running with the most current kernel but still having a copy of the old kernel installed. When I scan them with Retina I always get hits for the old kernel, but the system is running with the most current. I guess Retina is just checking for presence of the kernel on the system and not determining whether it is the current running kernel. My question is does the mere presence of the old kernel on the system constitute a security issue? Any thoughts?
Asked
Active
Viewed 292 times
1 Answers
6
No, it does not. If it's not running, it's merely a file in the file system. If an attacker manages to restart your system with this kernel, he has already full control over the system anyway.
Sven
- 98,649
- 14
- 180
- 226
-
Thanks, I have always justified keeping one old kernel but recently had an inspector tell me to prove that I can safely keep a kernel. I asked the question with Red Hat but got a non-helpful answer. – user1548815 Apr 14 '14 at 18:57