≡ Menu

yum command

Red Hat today issued software updates to fix at least 5-6 security vulnerabilities in various versions of its Linux distribution. These update has been rated as having important security impact. It is recommended that you upgrade (patch) your system using yum command.

A flaw was found in Perl's regular expression engine. A specially crafted regular expression with Unicode characters could trigger a buffer overflow, causing Perl to crash, or possibly execute arbitrary code with the privileges of the user running Perl.

An input validation flaw was discovered in X.org's Security and Record extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server.

How do I patch my RHEL system?

Simply, type the following command:
# yum update

How do I patch my Debian Linux system?

Debian also updated many of its package to address these vulnerabilities in the X Window system. You can upgrade your system by typing following commands:
# apt-get update
# apt-get upgrade

I'm sure other distros will also release updates.

An updated autofs package that fixes a bug is now available. The autofs utility controls the operation of the automount daemon, which automatically mounts, and then unmounts file systems after a period of inactivity. File systems can include network file systems, CD-ROMs, diskettes, and other media.

How do I update my autofs package?

Simply type the following command:
# yum update

I've received a couple of email about setting up iSCSI under CentOS 4 or RHEL ES 4 server. Previously, I wrote about iSCSI under CentOS 5 / RHEL 5 server.

Requirements

[a] Following instructions tested on RHEL ES 4 and CentOS 4 only. (See RHEL 5/ CentOS 5 / Debian/ Ubuntu Linux specific instructions here).
[b] You need following information
[c] ISCSI Username
[d] ISCSI Password
[e] ISCSI Server IP / hostname

CentOS Linux v4.x - Install iscsi-initiator-utils

Type the following command:
# yum install iscsi-initiator-utils

Redhat ES Linux v4.x - Install iscsi-initiator-utils

Type the following command:
# up2date iscsi-initiator-utils

Configure iSCSI

Open /etc/iscsi.conf file, enter:
# vi /etc/iscsi.conf
Setup it as follows:

DiscoveryAddress=ISCSI_TARGET_HOST_OR_IP
 OutgoingUserName=ISCSI_USER_NAME
 OutgoingPassword=ISCSI_PASSWORD
 LoginTimeout=15

Save and close the file.

Start the iscsi service

Type the following command to start iscsi service so that you can see block device:
# chkconfig iscsi on
# /etc/init.d/iscsi start

Run any one of the following to find out new block device name:
# fdisk -l
# tail -f /var/log/messages
# find /sys/devices/platform/host* -name "block*"

Format iSCSI device

Use fdisk and mkfs.ext3 commands. First, create a partition (assuming that /dev/sdc is a new block device assigned to iscsi) :
# fdisk /dev/sdc
# mkfs.ext3 /dev/sdc1

Create /mnt/iscsi directory:
# mkdir -p /mnt/iscsi
Open /etc/fstab file and append config directive:
/dev/sdc1 /mnt/iscsi ext3 _netdev 0 0
Save and close the file. Mount the parition /dev/sdc1:
# mount -a
# df -H

RHEL / CentOS Support 4GB or more RAM ( memory )

If you have 4 GB or more RAM use the Linux kernel compiled for PAE capable machines. Your machine may not show up total 4GB ram. All you have to do is install PAE kernel package.

This package includes a version of the Linux kernel with support for up to 64GB of high memory. It requires a CPU with Physical Address Extensions (PAE).
The non-PAE kernel can only address up to 4GB of memory. Install the kernel-PAE package if your machine has more than 4GB of memory (>=4GB).

How Do I Install PAE kernel?

To install PAE kernel, use yum command:
# yum install kernel-PAE
Output:

Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for kernel-PAE to pack into transaction set.
kernel-PAE-2.6.18-8.1.15. 100% |=========================| 207 kB    00:00
---> Package kernel-PAE.i686 0:2.6.18-8.1.15.el5 set to be installed
--> Running transaction check
Dependencies Resolved
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 kernel-PAE              i686       2.6.18-8.1.15.el5  updates            12 M
Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)
Total download size: 12 M
Is this ok [y/N]: y
Downloading Packages:
(1/1): kernel-PAE-2.6.18- 100% |=========================|  12 MB    00:12
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: kernel-PAE                   ######################### [1/1]
Installed: kernel-PAE.i686 0:2.6.18-8.1.15.el5
Complete!

Just reboot the server and make sure you boot with PAE kernel i.e. 2.6.18-8.1.15.el5PAE:
# reboot

RHEL 5.1 has been released. Redhat announced the availability of Red Hat Enterprise Linux 5.1, with integrated virtualization. This release provides the most compelling platform for customers and software developers ever, with its industry-leading virtualization capabilities complementing Red Hat's newly announced Linux Automation strategy. It offers the industry’s broadest deployment ecosystem, covering standalone systems, virtualized systems, appliances and web-scale "cloud" computing environments.

Besides supporting Linux virtual machines, RHEL 5.1 will also support Windows XP, Windows 2000, Windows Server 2003 and the forthcoming Windows 2008, Crenshaw said. RHEL 5.1 uses Xen for its virtualization.

How do I upgrade to RHEL 5.1?

Login as the root user and simply type the command to fetch all updates via RHN:
# yum update
Depend upon your network condition and software configuration it may take anywhere between 5-20 minutes. Once completed, just reboot the server:
# reboot
Verify that everything is working fine:
# netstat -tulpn
# netstat -nat
# tail -f /var/log/messages
# egrep -i 'error|warn' /var/log/messages
# egrep -i 'error|warn' /path/to/apps/log

Community driven enterprise CentOS Linux users should expect update soon too. You can apply above commends to upgrade your CentOS box.

Many people asked me to write about setting up Lighttpd under CentOS or RHEL 5 Linux using chroot() call. The instructions are almost same but you need to make little modification as compare to Debian / Ubuntu Linux instructions.

For example purpose we will build jail at /webroot location.
=> Default document root : /home/lighttpd/default/
=> Port : 80
=> IP: Your Public IP address
=> Virtual domain1: /home/lighttpd/vdomain1.com/
=> Virtual domain1 access log file: /var/log/lighttpd/vomain1.com/
=> Default access log file:/var/log/lighttpd/access.log
=> Default error log file:/var/log/lighttpd/error.log
=> Default php error log file: /var/log/lighttpd/php.log

Assumptions

These installation instructions assume you have:

  • Linux distribution
  • Required RPMs (see below for installation instructions)
    • php, php-pear, php-common, php-pdo, php-ldap, php-gd, php-cli, php-mysql
    • mysql, mysql-server etc
    • lighttpd, lighttpd-fastcgi (rpm available here)
  • Installations were tested on Red Hat Enterprise Linux v4/5 or CentOS v4/5 or Fedora Linux 7

Step # 1: Install required packages

Install php and related packages:
# yum install php php-pear php-common php-pdo php-ldap php-gd php-cli php-mysql
Install mysql and related packages:
# yum install mysql mysql-server
Install lighttpd and mod_fastcgi for lighttpd:
# rpm -ivh http://dag.wieers.com/rpm/packages/lighttpd/lighttpd-1.4.18-1.el5.rf.i386.rpm
# rpm -ivh http://dag.wieers.com/rpm/packages/lighttpd/lighttpd-fastcgi-1.4.18-1.el5.rf.i386.rpm

Step # 2: Create /webroot and related directories

# mkdir /webroot
# cd /webroot
# mkdir etc
# mkdir tmp
# chmod 1777 tmp/
# mkdir -p usr/bin
# mkdir -p home/lighttpd/default
# mkdir -p var/run/lighttpd
# mkdir -p var/log/lighttpd
# chown lighttpd:lighttpd var/run/lighttpd/
# chown lighttpd:lighttpd var/log/lighttpd/
# chown -R lighttpd:lighttpd home/

Step # 3: Install chroot script

You need to download and install my script that will help you to build lighttpd in jail:
# cd /sbin/
# wget http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
# mv l2chroot.txt l2chroot
# chmod +x l2chroot

Step # 4: Install php in jail

Now copy php-cgi binary and related shared libraries using l2chroot script:
# cd /webroot/usr/bin
# cp /usr/bin/php-cgi .
# l2chroot php-cgi

Step # 5: Copy required files to /etc

Now you must copy php.ini and related all files to /etc/
# cd /webroot/etc
# cp /etc/passwd .
# cp /etc/group .
# cp /etc/hosts .
# cp /etc/nsswitch.conf .
# cp /etc/resolv.conf .
# cp /etc/php.ini .
# cp -avr /etc/php.d/ .
# cp -avr /etc/ld* .

Update (Oct-1-2008, 1:52pm) : You need to copy entire /etc/ and /usr/share/zoneinfo files to work with latest php version:
# cd /webroot/etc
# /bin/cp -avr /etc/* .

Copy all files from /usr/share/zoneinfo/:
# mkdir -p /webroot/usr/share/
# cd /webroot/usr/share/
# cp -avr /usr/share/zoneinfo/ .

Open group and passwd file and only keep entries for root and lighttpd user:
# vi /webroot/etc/group
Make sure file look as follows:
root:x:0:root
lighttpd:x:101:

Also open passwd file inside jail:
# vi /webroot/etc/passwd
Make sure file look as follows:
root:x:0:0:root:/root:/bin/bash
lighttpd:x:100:101:lighttpd web server:/srv/www/lighttpd:/sbin/nologin

Step # 5: Copy php modules

Now copy php mysql support, php gd and other all modules:
# cd /webroot/usr/lib/
# cp -avr /usr/lib/php/ .
# cd php/modules
# for l in *.so; do l2chroot $l; done

Step # 6: Configure lighttpd chroot call

Open /etc/lighttpd/lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Setup default document root and chroot directory:
server.document-root = "/home/lighttpd/default/"
server.chroot="/webroot"

Save and close the file.

Step # 7: Restart lighttpd

Type the following command:
# /etc/init.d/lighttpd restart

Jail size

# du -ch /webroot/
Output:

12K     /webroot/var/log/lighttpd
16K     /webroot/var/log
4.0K    /webroot/var/run/lighttpd
8.0K    /webroot/var/run
28K     /webroot/var
8.0K    /webroot/etc/ld.so.conf.d
36K     /webroot/etc/php.d
160K    /webroot/etc
8.0K    /webroot/home/lighttpd/default
12K     /webroot/home/lighttpd
16K     /webroot/home
5.3M    /webroot/lib
4.0K    /webroot/tmp
872K    /webroot/usr/lib/sse2
1.4M    /webroot/usr/lib/mysql
676K    /webroot/usr/lib/php/modules
4.0K    /webroot/usr/lib/php/pear
684K    /webroot/usr/lib/php
9.9M    /webroot/usr/lib
2.9M    /webroot/usr/bin
13M     /webroot/usr
19M     /webroot/
19M     total

Troubleshooting

Always go thought /var/log/messages and server log files:
# tail -f /var/log/messages

Download mysql testing script

Copy and test php mysql connectivity with this script.

Upgrading lighttpd is a piece of cake. There are two methods:

a) Use yum or apt-get or FreeBSD ports / command to update binary lighttpd package

b) Just download latest lighttpd tar ball from official web site and install the same.

Let us see how to upgrade lighttpd using source code (tar ball).

# 1 : Download lighttpd

Use wget or lftp command line http / ftp accelerator tools:
$ cd /opt
$ wget http://www.lighttpd.net/download/lighttpd-1.4.17.tar.gz

# 2 : Verify lighttpd

Use sha1sum or md5sum hash to verify lighttpd tar ball integrity:
$ md5sum lighttpd-1.4.17.tar.gz

# 3: Configure lighttpd

Now configure and compile lighttpd web server:
$ ./configure
$ make

# 4: Stop lighttpd

First stop currently running lighttpd web server:
# /etc/init.d/lighttpd stop
Make sure you are in installation directory, use the following command to uninstall old version:
# make uninstall

# 5: Install lighttpd

Just enter the following command:
# make install
Start lighttpd:
# /etc/init.d/lighttpd start
Watch out for lighttpd log files for any problems:
# tail -f /var/log/messages
# tail -f /var/log/lighttpd/error.log
# tail -f /var/log/lighttpd/scripts.log
# tail -f /var/log/lighttpd/access.log

A note about binary package upgrade method

You can download rpm file or use yum / apt-get command:
apt-get update lighttpd
yum update lighttpd