≡ Menu


Ksplice: Upgrade / Patch Your Linux Kernel Without Reboots

Generally, all Linux distributions needs a scheduled reboot once to stay up to date with important kernel security updates. RHN (or other distro vendors) provides Linux kernel security updates. You can apply kernel updates using yum command or apt-get command line options. After each upgrade you need to reboot the server. Ksplice service allows you to skip reboot step and apply hotfixes to kernel without rebooting the server. In this post I will cover a quick installation of Ksplice for RHEL 5.x and try to find out if service is worth every penny.
[click to continue…]

VMWare ESX4 and ESX3.5: SCSI timeout For Linux Guest

Recently, I noticed that the timeout values differ on CentOS v5.x and RHEL Linux 5.x guests on VMWare ESX4 and ESX3.5. I've notices that older ESX 3.5 set a 60 secs timeout and ESX4.x set to 180 secs. Luckly you can fix it easily:
Edit /etc/udev/rules.d/99-vmware-scsi-udev.rules,
# vi /etc/udev/rules.d/99-vmware-scsi-udev.rules
Sample config:

RUN+="/bin/sh -c 'echo 180 >/sys$DEVPATH/device/timeout'"

Find timeout value (180) and change it as per your requirements. Make sure you install the vmware-tools RPM.

Security Alert: Red hat / CentOS Linux Freetype Various Security Issues

Red hat issued important security update for freetype package that that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.

How do I fix this issue?

Simply type the following command at a shell promot:
# yum update
Sample output:

Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.2 kB    00:00
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package freetype.i386 0:2.2.1-20.el5_2 set to be updated
---> Package freetype.x86_64 0:2.2.1-20.el5_2 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
 Package                 Arch       Version          Repository        Size
 freetype                i386       2.2.1-20.el5_2   rhel-x86_64-server-5  313 k
 freetype                x86_64     2.2.1-20.el5_2   rhel-x86_64-server-5  311 k
Transaction Summary
Install      0 Package(s)
Update       2 Package(s)
Remove       0 Package(s)
Total download size: 624 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): freetype-2.2.1-20. 100% |=========================| 311 kB    00:00
(2/2): freetype-2.2.1-20. 100% |=========================| 313 kB    00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : freetype                     ######################### [1/4]
  Updating  : freetype                     ######################### [2/4]
  Cleanup   : freetype                     ######################### [3/4]
  Cleanup   : freetype                     ######################### [4/4]
Updated: freetype.i386 0:2.2.1-20.el5_2 freetype.x86_64 0:2.2.1-20.el5_2

Most Emailed Linux FAQ in 2007

The following information indicates the FAQ people are reading and e-mailing to their friends from our FAQ section. Data is collected via a plugin (Email plugin) placed on every page. Please note that no personally identifiable information is stored by the system or disclosed here.

=> I forgot my root password, how can I get into my system?

=> How to install or upgrade an RPM package AND How to install or update .deb package.

=> Install and turn on Telnet server

=> How to create ext3 file system? How do I format new hard disk?

=> How do I burn CD / DVDs under Linux?

=> How do I configure Linux to open maximum number of files?

=> How do I change the speed, duplex for my Ethernet card?

=> How do I configure cron tasks?

=> MySQL change root password

=> How to find out my DNS Server Address

Find the changelog / security log of a Linux rpm package

Here is a little known secret that allows you to view the change log of a package. Using --changelog option you can find out if particular security bug is fixed or not. This is extremely useful option for production boxes.

For example CVE-2007-1864 documents that php has serious buffer overflow in the bundled libxmlrpc library in PHP before v4.4.7, and 5.x before 5.2.2. It has unknown impact and remote attack vectors. Now how do you know if this bug is fixed or not in your installed php version? Simply type the following command:
rpm -q --changelog php
Better use piped out output using less:
rpm -q --changelog php | less

* Wed Apr 04 2007 Joe Orton  5.1.6-12.el5
- add security fix for CVE-2007-1864, SOAP redirect handling issue,
  FTP CRLF injection issue (#235016)
* Wed Apr 04 2007 Joe Orton  5.1.6-11.el5
- add security fix for CVE-2007-1718 (#235016)
* Tue Apr 03 2007 Joe Orton  5.1.6-9.el5
- add security fix for CVE-2007-1583 (#235016)
- add security fixes for CVE-2007-0455, CVE-2007-1001 (#235036)
* Fri Mar 09 2007 Joe Orton  5.1.6-7.el5
- add security fix for CVE-2007-1285 (#231597)
* Fri Feb 16 2007 Joe Orton  5.1.6-6.el5
- add security fixes for: CVE-2007-0906, CVE-2007-0907,
  CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#229013)
* Tue Dec 19 2006 Joe Orton  5.1.6-5.el5
- fix version for php-zend-abi (#218758)
* Thu Nov 23 2006 Joe Orton  5.1.6-4.el5
- php-xml provides php-domxml (#215656)
- fix php-pdo-abi provide (#214281)
- provide php-zend-abi (#212804)
- don't Obsolete mod_php
- fix PDO sqlite TEXT extraction truncate-by-one (#217033)
- package php{ize,-config} man pages in -devel (#199382)
- change module subpackages to require php-common not php (#177821)
- add security fix for CVE-2006-5465 (#216114)

Following command look at the kernel package changelog:
rpm -q --changelog kernel|less

This option allows you to view change log w/o visiting vendors / distributions website. The --changelog option only works with rpm based package and distro such as RHEL / CentOS / Fedora / Suse etc. RPM is a very powerful utility and I hope this small tip will save lot of time. For more information read rpm command man page.

Fix corrupted RPM database on CentOS 5 / Redhat enterprise Linux 5 / Fedora 7

If rpm / yum command hangs during operations or you see error messages - it means your rpm database corrupted. /var/lib/rpm/ stores rpm database just delete the same and rebuild rpm database:

Command to rebuild rpm database

rm -f /var/lib/rpm/__db*
rpm --rebuilddb

Read rpm / yum man pages for more information

Howto: Add a new yum repository to install software under CentOS / Redhat Linux

CentOS / Fedora Core / RHEL 5 uses yum for software management. Yum allows you to add a new repository as a source to install binary software.

Understanding yum repository

yum repository configured using /etc/yum.conf file. Additional configuration files are also read from the directories set by the reposdir option (default is /etc/yum.repos.d and /etc/yum/repos.d.

RPMforge repository

Usually repository carries extra and useful packages. RPMforge is one of such repository. You can easily configure RPMforge repository for RHEL5 just by running following single RPM command:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
For 64 bit RHEL 5 Linux, enter:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Now you can install software from RPMforge.

How do I install 3rd party repository manually?

Let us say you would like to install 3rd party repository from foo.nixcraft.com. Create a file called foo:
# cd /etc/yum.repos.d
# vi foo

Append following code:
name=Foo for RHEL/ CentOS $releasever - $basearch

Save and close the file.


  • [foo] : Repository name i.e. The [main] section must exist for yum to do anything.
  • name=Foo for RHEL/ CentOS $releasever - $basearch : A human readable string describing the repository name
  • baseurl=http://foo.nixcraft.com/centos/$releasever/$basearch/ : Must be a URL to the directory where the yum repository’s ‘repodata’ directory lives
  • enabled=1 : Enabled or disabled repo. To disable the repository temporarily, set the enabled to 0
  • gpgcheck=1 : Security feature, use GPG key
  • gpgkey=http://foo.nixcraft.com/RPM-GPG-KEY.txt : GPL file location

Also you need to import the gpg key for the repository as follows:
# rpm --import http://foo.nixcraft.com/RPM-GPG-KEY.txt

Now you are ready to install software from foo repository. For further information refer to yum.conf man page:
$ man yum.conf
$ man yum

Hope this tip will help you to configure repository as and when required.

See also:

Howto Setup yum repositories to update or install package from ISO CDROM Image