Kernel does not appear to recognise NX CPU flag

Support for security such as Firewalls and securing linux
Post Reply
Ghepardo
Posts: 1
Joined: 2020/10/16 15:27:52

Kernel does not appear to recognise NX CPU flag

Post by Ghepardo » 2020/10/16 15:40:49

I am trying to harden a CentOS 7.6 VM. The kernel does not appear to recognise the NX CPU flag.

The system: Running on a VMware host with Intel Xeon CPUs. The VM is configured to 'Expose the NX/XD flag to guest'. I do indeed see it on the guest CPUs: /proc/cpuinfo shows 'nx' amongst the flags.

The issue: I understand that the dmesg output should show a line containing "NX (Execute Disable) protection: active". There is no such line. I have also checked /var/log/messages and 'journalctl -b'. I have also checked for "XD" and "protection". All fail to show anything. And /proc/cmdline does not contain a "noexec" setting.

From Googling, I understand that there is no longer a kernel parameter to control this, but that support for NX is enabled by default if the CPU supports it. What am I doing wrong here, in failing to find it in dmesg?

BShT
Posts: 329
Joined: 2019/10/09 12:31:40

Re: Kernel does not appear to recognise NX CPU flag

Post by BShT » 2020/10/16 17:50:44

look at BIOS

and update your Centos

User avatar
TrevorH
Forum Moderator
Posts: 29719
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel does not appear to recognise NX CPU flag

Post by TrevorH » 2020/10/16 18:38:35

It'll also be listed in /proc/cpuinfo in the flags line which should contain " nx " if it's supported. If it does not list it then I would think this is a VMWare problem not passing it through to the guest. Did you do a virtual power cycle of the VM after changing the VMWare settings to enable it?

And CentOS 7.6 is 2 whole point release behind the current version, soon to be 3 as 7.9 is being built and tested as I type. Your system is out of date, has several high severity security vulnerabilities and needs to be updated using yum update as your system is currently more than 2 years out of date.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - Security Support”