≡ Menu

package management

Red Hat / CentOS: Chroot Apache 2 Web Server

A chroot on Red Hat / CentOS / Fedora Linux operating changes the apparent disk root directory for the Apache process and its children. Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache. You should never ever run a web server without jail. There should be privilege separation between web server and rest of the system.

In this exclusive series, you will learn more about:

  • Securing an Apache 2 web server under Red Hat Enterprise Linux / CentOS Linux using mod_chroot
  • Virtual hosting configuration under chrooted jail.
  • Troubleshooting Chrooted Apache jail problem.

[click to continue…]

Download of The Day: Ubuntu Linux 8.10 RC (BETA) Intrepid Ibex

Ubuntu Linux 8.10 release candidate beta version has been released and available for download from mirrors. The final stable version will be released on October 30th, 2008. But, if you would like to test latest version try out Intrepid Ibex RC beta version.

Upgrading from Ubuntu 8.04 To 8.10 beta

To upgrade from Ubuntu 8.04, press Alt+F2 and type in "update-manager -d" (without the quotes) into the command box. Update Manager should open up and tell you: New distribution release '8.10' is available.

Fig.01: Ubuntu Upgrade in action - new distribution release 8.10 is available

Fig.01: Ubuntu Upgrade in action - new distribution release 8.10 is available

Click Upgrade and follow the on-screen instructions.

Wikipedia Moving 400 Servers To Ubuntu Linux From Red Hat Linux

Wikipedia is ditching out a mix of Red Hat and Fedora for Ubuntu Linux. Wikipedia has 10 million articles in 250 languages and it is one of the 10 most visited websites in the world.

One of the reasons for this switch was that they did not want to pay Red Hat for support on their provided software solutions. Ubuntu Linux get updated frequently and nothing can beat apt package manger.

According to Vibber, CTO of the Wikimedia Foundation:

We had a mix of things: some Red Hat 9, some Fedora -- several different versions. The group used a custom-scripted installation procedure, but found that having a multitude of versions was more difficult to maintain for its small five-person IT staff around the world. The move to all-Ubuntu was primarily done with the goal of "making our own administration and maintenance simpler. We decided that we want to standardize on something.

How to View Internet Explorer inside Firefox

This is an user contributed article.

I'm a devoted Firefox user like most of you. However, at work I use Internet Explorer for couple of web applications that works only on IE. Wouldn't it be nice to embed Internet Explorer inside Firefox as a tab to browse the websites that works only on IE? This is exactly what Firefox add-on IE Tab does as explained below.

This is a great tool for web developers, since you can easily see how your web page displayed in IE with just one click and then switch back to Firefox.

Update: This is Windows specific tool. See how to install IE under Linux using IEs4Linux.
[click to continue…]

Critical Red Hat Enterprise Linux Kernel Update

Red Hat issued an update version of Linux operating system core called kernel that plugs various security holes for RHEL 5.x. This update has been rated as having important security impact. All users are advised to upgrade kernel package.

Security fixes:

a) A missing capability check was found in the Linux kernel do_change_type routine. This could allow a local unprivileged user to gain privileged access or cause a denial of service. (CVE-2008-2931, Important)

b) A flaw was found in the Linux kernel Direct-IO implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important)

c) Tobias Klein reported a missing check in the Linux kernel Open Sound System (OSS) implementation. This deficiency could lead to a possible information leak. (CVE-2008-3272, Moderate)

d) a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)

e) A flaw was found in the Linux kernel tmpfs implementation. This could allow a local unprivileged user to read sensitive information from the kernel. (CVE-2007-6417, Moderate)

Bug fix

a) A kernel crash may have occurred on heavily-used Samba servers after 24 to 48 hours of use.

b) On certain systems, if multiple InfiniBand queue pairs simultaneously fell into an error state, an overrun may have occurred, stopping traffic.

c) With bridging, when forward delay was set to zero, setting an interface to the forwarding state was delayed by one or possibly two timers, depending on whether STP was enabled. This may have caused long delays in moving an interface to the forwarding state. This issue caused packet loss when migrating virtual machines, preventing them from being migrated without interrupting applications.

How do I update my kernel?

Login as root and type:
# uname -mrs
# yum update
# reboot
# uname -mrs

Red Hat / CentOS Linux 5.x: Perl Performance Bug Fix Available

Perl version supplied with RHEL has bug, which will result code running at least 100 times slower than expected speed. Now, Red Hat updated perl packages that fix a performance issue. Earlier only solution was installing your own perl under /usr/local or other location. This fix will now take care of performance penalty.

Perl is a high-level programming language commonly used for system administration utilities and Web programming.

These updated packages fix a large performance degradation. This issue was most noticeable when using "bless" and "overload" combinations, as well as when using the Perl DBI modules.

Users of perl are advised to upgrade to these updated packages, which resolve this issue.

How do I update perl under RHEL / CentOS Linux?

Type the following command
# yum update

Security Alert: Debian OpenSSH packages Fix Denial of Service

Debian Linux project released the OpenSSH security updates for computers powered by its Debian Linux operating systems. The Openssh package has remote unsafe signal handler DoS Vulnerability. It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability.

Systems affected by this issue suffer from lots of zombie sshd processes. Processes stuck with a "[net]" process title have also been observed. Over time, a sufficient number of processes may accumulate such that further login attempts are impossible. Presence of these processes does not indicate active exploitation of this vulnerability.

Package        : openssh
Vulnerability  : remote
Problem type   : unsafe signal handler
Debian-specific: no
CVE Id(s)      : CVE-2008-4109
Debian Bug     : 498678

How do I fix this problem?

Login as root and type the following commands to update the internal database, followed by corrected packages installation:
# apt-get update
# apt-get upgrade