How to: Upgrade Red Hat Enterprise Linux (RHEL) to latest Releases 5.1

Posted on in Categories CentOS, Howto, Linux distribution, Linux Virtualization, RedHat/Fedora Linux, Sys admin, Tips last updated November 8, 2007

RHEL 5.1 has been released. Redhat announced the availability of Red Hat Enterprise Linux 5.1, with integrated virtualization. This release provides the most compelling platform for customers and software developers ever, with its industry-leading virtualization capabilities complementing Red Hat’s newly announced Linux Automation strategy. It offers the industry’s broadest deployment ecosystem, covering standalone systems, virtualized systems, appliances and web-scale “cloud” computing environments.

Besides supporting Linux virtual machines, RHEL 5.1 will also support Windows XP, Windows 2000, Windows Server 2003 and the forthcoming Windows 2008, Crenshaw said. RHEL 5.1 uses Xen for its virtualization.

How do I upgrade to RHEL 5.1?

Login as the root user and simply type the command to fetch all updates via RHN:
# yum update
Depend upon your network condition and software configuration it may take anywhere between 5-20 minutes. Once completed, just reboot the server:
# reboot
Verify that everything is working fine:
# netstat -tulpn
# netstat -nat
# tail -f /var/log/messages
# egrep -i 'error|warn' /var/log/messages
# egrep -i 'error|warn' /path/to/apps/log

Community driven enterprise CentOS Linux users should expect update soon too. You can apply above commends to upgrade your CentOS box.

Troubleshooting tip: stap ~ systemtap script translator / driver command not working under CentOS Linux

Posted on in Categories CentOS, Linux, Sys admin, Troubleshooting last updated September 25, 2007

The stap program is the front-end to the Systemtap tool. It accepts probing instructions (written in a simple scripting language), translates those instructions into C code, compiles this C code, and loads the resulting kernel module into a running Linux kernel to perform the requested system trace/probe functions.

SystemTap provides free software (GPL) infrastructure to simplify the gathering of information about the running Linux system. This assists diagnosis of a performance or functional problem. SystemTap eliminates the need for the developer to go through the tedious and disruptive instrument, recompile, install, and reboot sequence that may be otherwise required to collect data.

We have several developers who use stap. Usually it works out of box. For example following program prints hello world on screen if SystemTap and related packages are installed:

stap -e 'probe begin { log ("hello world") }'

However under CentOS Linux version 5 (RHEL 5), you will get an error as follows:

semantic error: libdwfl failure (dwfl_linux_kernel_report_offline): No such file or directory while resolving probe point kernel.function("sys_*")

Install kernel-debuginfo package

To get rid of this problem, you have to simply install kernel-debuginfo package:
# yum install kernel-debuginfo
Please note that the installed kernel-debuginfo package must be for the same kernel release level and processor, so you may have to enter the following command:
# yum install kernel-debuginfo-KERNEL-VERSION-NUMBER

Hope this troubleshooting tip will help you out while working with systemtap (stap) scripts.

Install Squid Proxy Server on CentOS / Redhat enterprise Linux 5

Posted on in Categories CentOS, Linux, RedHat/Fedora Linux, Squid caching server, Suse Linux, Sys admin, Tips last updated August 30, 2007

I’ve already wrote about setting up a Linux transparent squid proxy system. However I’m getting lots of questions about Squid basic installation and configuration:

How do I install Squid Proxy server on CentOS 5 Liinux server?

Sure Squid server is a popular open source GPLd proxy and web cache. It has a variety of uses, from speeding up a web server by caching repeated requests, to caching web, name server query , and other network lookups for a group of people sharing network resources. It is primarily designed to run on Linux / Unix-like systems. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Install Squid on CentOS / RHEL 5

Use yum command as follows:
# yum install squid
Output:

Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 squid                   i386       7:2.6.STABLE6-4.el5  updates           1.2 M

Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: squid                        ######################### [1/1]

Installed: squid.i386 7:2.6.STABLE6-4.el5
Complete!

Squid Basic Configuration

Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor:
# vi /etc/squid/squid.conf
At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128. Following example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24. Make sure you adapt to list your internal IP networks from where browsing should be allowed:
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks

Save and close the file. Start squid proxy server:
# chkconfig squid on
# /etc/init.d/squid start

Output:

init_cache_dir /var/spool/squid... Starting squid: .       [  OK  ]

Verify port 3128 is open:
# netstat -tulpn | grep 3128
Output:

tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LISTEN      20653/(squid)

Open TCP port 3128

Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables
Append configuration:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
Restart iptables based firewall:
# /etc/init.d/iptables restart
Output:

Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]

Client configuration

Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.

See also

You may find our previous squid tips useful:

Squid Security and blocking content Related Tips

Squid Authentication Related Tips

Squid Other Tips

Howto: Redhat Enterprise Linux SELinux policy guide

Posted on in Categories CentOS, Howto, Linux, Linux distribution, RedHat/Fedora Linux, Security, Sys admin, Troubleshooting, Tuning last updated August 22, 2007

Security-Enhanced Linux (SELinux) is a Linux mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. SELinux is enabled by default in RHEL 5 / CentOS 5 / Fedora etc. But many admin disabled it due to troubles and hard configuration options. So if you are afraid of SELinux, try new GUI tools to customizing your system’s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process:

A lot of people think that building a new SELinux policy is magic, but magic tricks never seem quite as difficult once you know how they’re done. This article explains how I build a policy module and gives you the step-by-step process for using the tools to build your own.

=> A step-by-step guide to building a new SELinux policy module

Howto: Add a new yum repository to install software under CentOS / Redhat Linux

Posted on in Categories CentOS, Howto, Linux distribution, RedHat/Fedora Linux, Sys admin, Tips last updated July 18, 2007

CentOS / Fedora Core / RHEL 5 uses yum for software management. Yum allows you to add a new repository as a source to install binary software.

Understanding yum repository

yum repository configured using /etc/yum.conf file. Additional configuration files are also read from the directories set by the reposdir option (default is /etc/yum.repos.d and /etc/yum/repos.d.

RPMforge repository

Usually repository carries extra and useful packages. RPMforge is one of such repository. You can easily configure RPMforge repository for RHEL5 just by running following single RPM command:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
For 64 bit RHEL 5 Linux, enter:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Now you can install software from RPMforge.

How do I install 3rd party repository manually?

Let us say you would like to install 3rd party repository from foo.nixcraft.com. Create a file called foo:
# cd /etc/yum.repos.d
# vi foo

Append following code:
[foo]
name=Foo for RHEL/ CentOS $releasever - $basearch
baseurl=http://foo.nixcraft.com/centos/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://foo.nixcraft.com/RPM-GPG-KEY.txt

Save and close the file.

Where,

  • [foo] : Repository name i.e. The [main] section must exist for yum to do anything.
  • name=Foo for RHEL/ CentOS $releasever – $basearch : A human readable string describing the repository name
  • baseurl=http://foo.nixcraft.com/centos/$releasever/$basearch/ : Must be a URL to the directory where the yum repository’s ‘repodata’ directory lives
  • enabled=1 : Enabled or disabled repo. To disable the repository temporarily, set the enabled to 0
  • gpgcheck=1 : Security feature, use GPG key
  • gpgkey=http://foo.nixcraft.com/RPM-GPG-KEY.txt : GPL file location

Also you need to import the gpg key for the repository as follows:
# rpm --import http://foo.nixcraft.com/RPM-GPG-KEY.txt

Now you are ready to install software from foo repository. For further information refer to yum.conf man page:
$ man yum.conf
$ man yum

Hope this tip will help you to configure repository as and when required.

See also:

Howto Setup yum repositories to update or install package from ISO CDROM Image

Installing VMWARE server on CentOS 5 or Red hat enterprise Linux 64 bit version

Posted on in Categories CentOS, Howto, Linux, RedHat/Fedora Linux, Tips, Troubleshooting last updated July 9, 2007

VMware virtualization software is an excllent choice for x86-compatible computers. They have both commercial and free version. I received few email regarding VMWARE on 64 bit Linux. Installing VMWARE server on CentOS 5 or Red hat enterprise Linux 64 bit version is a tricky business. In this small howto I will explain vmware installation on 64 bit Linux server without facing any dependencies problem.

Following instructions are tested on both RHEL 5 and CentOS 5 running 64 bit Intel / AMD hardware and software. My kernel:
$ uname -mrs
Output:

Linux 2.6.18-8.1.6.el5 x86_64

My RHEL 5 release (same kernel for CentOS):
$ cat /etc/redhat-release
Output:

Red Hat Enterprise Linux Server release 5 (Tikanga)

Make sure you have following software installed:

  • Full gcc compiler and development environment
  • Kernel headers and devel packages for current kernel (i.e. kernel-headers and kernel-devel)

Continue reading “Installing VMWARE server on CentOS 5 or Red hat enterprise Linux 64 bit version”