≡ Menu

rhel

Perl version supplied with RHEL has bug, which will result code running at least 100 times slower than expected speed. Now, Red Hat updated perl packages that fix a performance issue. Earlier only solution was installing your own perl under /usr/local or other location. This fix will now take care of performance penalty.

Perl is a high-level programming language commonly used for system administration utilities and Web programming.

These updated packages fix a large performance degradation. This issue was most noticeable when using "bless" and "overload" combinations, as well as when using the Perl DBI modules.

Users of perl are advised to upgrade to these updated packages, which resolve this issue.

How do I update perl under RHEL / CentOS Linux?

Type the following command
# yum update

RHEL5: Linux Kernel kexec-tools bug fix update

An updated kexec-tools package that fixes a bug is now available for RHEL systems. The kexec-tools package provides tools that facilitate a new kernel to boot using the Linux kernel kexec feature, either on a normal or a panic reboot. Users of kexec-tools are advised to upgrade to this updated package, which resolves the following issue:

bt: unwind: failed to locate return link
makedumpfile corrupts vmcore on ia64: crash's bt fails to unwind

How do I fix this issue?

Type the following command as root user:
# yum update

There was random number generator vulnerability in Debian OpenSSL package and similar packages in derived distributions such as Ubuntu / others. Many of our regular readers would like to know:

Can bug present in the Debian OpenSSL packages affect Red Hat / FreeBSD / CentOS Linux workstation / server users?

Short answer, yes.

All keys generated using Debian OpenSSL package must be replaced on other system including FreeBSD / CentOS / RHEL etc as all keys considered as compromized. OpenSSL, OpenSSH and OpenVPN are badly effected. For example, if you use OpenSSH key to get into other Linux / UNIX servers and if key-pair is generated with a vulnerable OpenSSL library, you are at the risk as the key can be reproduced easily.

Bottom, line you need to update keys on other boxes too.

Linux udev tip: Assign Static SCSI Device Name

So how do you assign static names for SCSI device using udev under Linux? Simply use the scsi_id and other udev tools such as :

[a] scsi_id - retrieve and generate a unique SCSI identifier.
[b] udev_start - script to initialize /dev by using udev
[c] udevtest - simulate a udev run and print the action to the console.

What the hell is udev?

udev is the device manager for the Linux 2.6 kernel series. Its primary function is managing device nodes in /dev. Old UNIX system creates device in the /dev with static files. udev dynamically provides only the nodes for the devices actually present on a system.

Note following configuration is only tested on Gentoo / RHEL 5.x / CentOS 5.x Linux server systems but it should work with other distros with udev support.

Step # 1: Get WWID of the SCSI device

To get the WWID of /dev/sdd, type:
# scsi_id -g -u -s /block/sdd
Where,

  • -g : Treat the device as white listed
  • -u : Reformat the output
  • -s /bock/sdd : Generate an id for the /block/sdd (/dev/sdd). The mount point must not be included. For example, use /block/sdd, not /sys/block/sdd.

Step # 2: Create /etc/udev/rules.d/25-names.rules file

Open /etc/udev/rules.d/25-names.rules and append following text (replace WWID with actual id obtained from above command):

KERNEL=="sd*", BUS=="scsi", PROGRAM=="/sbin/scsi_id -g -u -s %p", RESULT=="WWID", SYMLINK+="scsiharddisk%n"

Above rule will create /dev/scsiharddisk (a symlink - select any other meaningful name as per your proecjet ) for the SCSI device with a given WWID. Please note that partitions on this device will be assigned the device names like /dev/scsiharddisk1, /dev/scsiharddisk2 and so on. Next, verify that everything is correct order, enter:
# udevtest
Start initialize /dev for new devices:
# start_udev
Verify symbolic links are created, enter:
# ls -l /dev/scsiharddisk*

Read the man pages for more information:
man scsi_id
man udevtest
man 7 udev

Red hat issued important security update for freetype package that that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.

How do I fix this issue?

Simply type the following command at a shell promot:
# yum update
Sample output:

Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.2 kB    00:00
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package freetype.i386 0:2.2.1-20.el5_2 set to be updated
---> Package freetype.x86_64 0:2.2.1-20.el5_2 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 freetype                i386       2.2.1-20.el5_2   rhel-x86_64-server-5  313 k
 freetype                x86_64     2.2.1-20.el5_2   rhel-x86_64-server-5  311 k
Transaction Summary
=============================================================================
Install      0 Package(s)
Update       2 Package(s)
Remove       0 Package(s)
Total download size: 624 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): freetype-2.2.1-20. 100% |=========================| 311 kB    00:00
(2/2): freetype-2.2.1-20. 100% |=========================| 313 kB    00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : freetype                     ######################### [1/4]
  Updating  : freetype                     ######################### [2/4]
  Cleanup   : freetype                     ######################### [3/4]
  Cleanup   : freetype                     ######################### [4/4]
Updated: freetype.i386 0:2.2.1-20.el5_2 freetype.x86_64 0:2.2.1-20.el5_2

If you ever worked for Government or Defense organization, you may come across a request for Department of Defense (DoD) compliant disk wipe program to remove files / disk securely. There are many programs exists for doing the same job. One of my favorite program is scrub, which writes patterns on special files (i.e. raw disk devices) or regular files to make retrieving the data more difficult. Scrub implements user-selectable pattern algorithms that are compliant with DoD 5520.22-M or NNSA NAP-14.x. The dod scrub sequence is compliant with the DoD 5220.22-M procedure for sanitizing removeable and non-removeable rigid disks which requires overwriting all address able locations with a character, its complement, then a random character, and verify.

Download scrub

You can download scrub here. The package is available in both source and binary releases for
=> Redhat Enterprise Linux (RHEL 4 / 5)
=> Debian / Ubuntu Linux
=> HP-UX UNIX
=> Mac OS etc

How do I use scrub?

Scrub operates in one of three modes:

  1. The special file corresponding to an entire disk is scrubbed and all data on it is destroyed. This mode is selected if file is a character or block special file. This is the most effective method.
  2. A regular file is scrubbed and only the data in the file (and optionally its name in the directory entry) is destroyed. The file size is rounded up to fill out the last file system block. This mode is selected if file is a regular file.
  3. file is created, expanded until the file system is full, then scrubbed as in 2). This mode is selected with the -X option.

Examples

Scrub mysensitive.file.txt file, enter:
$ scrub mysensitive.file.txt
Output:

scrub: using NNSA NAP-14.x patterns
scrub: padding mysensitive.file.txt with 3998 bytes to fill last fs block
scrub: scrubbing mysensitive.file.txt 4096 bytes (~4KB)
scrub: random  |................................................|
scrub: random  |................................................|
scrub: 0x0     |................................................|
scrub: verify  |................................................|

To use patterns compliant with DoD 5220.22-M, enter:
$ scrub -p dod mysensitive.file.txt
Output:

scrub: using DoD 5220.22-M patterns
scrub: padding mysensitive.file.txt with 3998 bytes to fill last fs block
scrub: scrubbing mysensitive.file.txt 4096 bytes (~4KB)
scrub: 0x0     |................................................|
scrub: 0xff    |................................................|
scrub: random  |................................................|
scrub: 0x0     |................................................|
scrub: verify  |................................................|

Erase /dev/sda1 - the special file corresponding to an entire disk is scrubbed and all data on it is destroyed, enter:
# scrub /dev/sda1

Related recommended program

Please note that following programs are not compliant with DoD 5220.22-M or certified, but sufficient for home users.
=> wipe, shred and srm utilities.

See also:

Currently Dell only offers Red Hat Enterprise Linux (RHEL) and Suse Novell on Dell Server. Canonical, the company that supports Ubuntu Linux, is trying to work out a deal with hardware vendors such as Dell to make Ubuntu available preinstalled on servers.

Ubuntu Desktop from Dell was the first preinstalled mainstream distro for end users. It's been hard to tell how popular the Ubuntu desktop has been for Dell, which started selling the OS in May on two desktop PCs and the Inspiron E1505n notebook. Asked how well those PCs have sold, Canonical referred the questions to Dell. A Dell spokeswoman said the figures are confidential. I'm quite sure there will be a good demand for server product too.

=> Canonical chases deals to ship Ubuntu Server preinstalled