Do I need the kernel files in /boot/?
I'm running Lynis (https://github.com/CISOfy/lynis) on my Ubuntu 16.04 servers, and it is always reporting that "Reboot of system is most likely needed [KRNL-5830]", even when I just rebooted the server.
I've discovered that this is because Lynis checks for the kernel version on the server and compares to the running kernel. However, on Linode, the boot kernel is not stored on the server, so Lynis is finding some old kernel files in /boot/vmlinuz-4.4.0-36-generic and thinks that since that's not the same version as the active kernel (5.4.10-x86_64-linode132), we must be due for a reboot.
The reason this is an issue, is that Lynis' also checks for reboot-required.pkgs to see if any packages are requesting a reboot, which is a very helpful check, but because of the kernel discrepancy, the reboot check is not a reliable way to determine if a reboot is actually required.
Besides that, I really just want to get my lynis score higher ;)
** TL;DR: Can I remove /boot/vmlinuz-4.4.0-36-generic from my server? **
1 Reply
When a new kernel is installed old kernels are not automatically deleted. This is a simple safety net in case you want to reboot from an older kernel in an emergency situation such as hardware/software problems.
For this reason it's always best to be careful about what kernels are being deleted. However if it is an older kernel and there is no need to boot to it then deleting it should not be a problem.
Here is some some information on how to remove older kernels.