Ksplice: Upgrade / Patch Your Linux Kernel Without Reboots

Posted on in Categories Linux last updated November 9, 2016

Generally, all Linux distributions needs a scheduled reboot once to stay up to date with important kernel security updates. RHN (or other distro vendors) provides Linux kernel security updates. You can apply kernel updates using yum command or apt-get command line options. After each upgrade you need to reboot the server. Ksplice service allows you to skip reboot step and apply hotfixes to kernel without rebooting the server. In this post, I will cover a quick installation of Ksplice for RHEL 5.x and try to find out if service is worth every penny.

Most Emailed Linux FAQ in 2007

Posted on in Categories FAQ, Linux last updated December 24, 2007

The following information indicates the FAQ people are reading and e-mailing to their friends from our FAQ section. Data is collected via a plugin (Email plugin) placed on every page. Please note that no personally identifiable information is stored by the system or disclosed here.

=> I forgot my root password, how can I get into my system?

=> How to install or upgrade an RPM package AND How to install or update .deb package.

=> Install and turn on Telnet server

=> How to create ext3 file system? How do I format new hard disk?

=> How do I burn CD / DVDs under Linux?

=> How do I configure Linux to open maximum number of files?

=> How do I change the speed, duplex for my Ethernet card?

=> How do I configure cron tasks?

=> MySQL change root password

=> How to find out my DNS Server Address

Find the changelog / security log of a Linux rpm package

Posted on in Categories CentOS, Howto, Linux, RedHat/Fedora Linux, Security, Suse Linux, Sys admin, Tips last updated September 13, 2007

Here is a little known secret that allows you to view the change log of a package. Using –changelog option you can find out if particular security bug is fixed or not. This is extremely useful option for production boxes.

For example CVE-2007-1864 documents that php has serious buffer overflow in the bundled libxmlrpc library in PHP before v4.4.7, and 5.x before 5.2.2. It has unknown impact and remote attack vectors. Now how do you know if this bug is fixed or not in your installed php version? Simply type the following command:
rpm -q --changelog php
Better use piped out output using less:
rpm -q --changelog php | less
Output:

* Wed Apr 04 2007 Joe Orton <[email protected]> 5.1.6-12.el5
- add security fix for CVE-2007-1864, SOAP redirect handling issue,
  FTP CRLF injection issue (#235016)

* Wed Apr 04 2007 Joe Orton <[email protected]> 5.1.6-11.el5
- add security fix for CVE-2007-1718 (#235016)

* Tue Apr 03 2007 Joe Orton <[email protected]> 5.1.6-9.el5
- add security fix for CVE-2007-1583 (#235016)
- add security fixes for CVE-2007-0455, CVE-2007-1001 (#235036)

* Fri Mar 09 2007 Joe Orton <[email protected]> 5.1.6-7.el5
- add security fix for CVE-2007-1285 (#231597)

* Fri Feb 16 2007 Joe Orton <[email protected]> 5.1.6-6.el5
- add security fixes for: CVE-2007-0906, CVE-2007-0907, 
  CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#229013)

* Tue Dec 19 2006 Joe Orton <[email protected]> 5.1.6-5.el5
- fix version for php-zend-abi (#218758)

* Thu Nov 23 2006 Joe Orton <[email protected]> 5.1.6-4.el5
- php-xml provides php-domxml (#215656)
- fix php-pdo-abi provide (#214281)
- provide php-zend-abi (#212804)
- don't Obsolete mod_php
- fix PDO sqlite TEXT extraction truncate-by-one (#217033)
- package php{ize,-config} man pages in -devel (#199382)
- change module subpackages to require php-common not php (#177821)
- add security fix for CVE-2006-5465 (#216114)
......
...
.....

Following command look at the kernel package changelog:
rpm -q --changelog kernel|less

This option allows you to view change log w/o visiting vendors / distributions website. The –changelog option only works with rpm based package and distro such as RHEL / CentOS / Fedora / Suse etc. RPM is a very powerful utility and I hope this small tip will save lot of time. For more information read rpm command man page.

Fix corrupted RPM database on CentOS 5 / Redhat enterprise Linux 5 / Fedora 7

Posted on in Categories CentOS, Linux, Linux distribution, RedHat/Fedora Linux, Tip of the day last updated July 25, 2007

If rpm / yum command hangs during operations or you see error messages – it means your rpm database corrupted. /var/lib/rpm/ stores rpm database just delete the same and rebuild rpm database:

Command to rebuild rpm database

rm -f /var/lib/rpm/__db*
rpm --rebuilddb

Read rpm / yum man pages for more information

Howto: Add a new yum repository to install software under CentOS / Redhat Linux

Posted on in Categories CentOS, Howto, Linux distribution, RedHat/Fedora Linux, Sys admin, Tips last updated July 18, 2007

CentOS / Fedora Core / RHEL 5 uses yum for software management. Yum allows you to add a new repository as a source to install binary software.

Understanding yum repository

yum repository configured using /etc/yum.conf file. Additional configuration files are also read from the directories set by the reposdir option (default is /etc/yum.repos.d and /etc/yum/repos.d.

RPMforge repository

Usually repository carries extra and useful packages. RPMforge is one of such repository. You can easily configure RPMforge repository for RHEL5 just by running following single RPM command:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
For 64 bit RHEL 5 Linux, enter:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Now you can install software from RPMforge.

How do I install 3rd party repository manually?

Let us say you would like to install 3rd party repository from foo.nixcraft.com. Create a file called foo:
# cd /etc/yum.repos.d
# vi foo

Append following code:
[foo]
name=Foo for RHEL/ CentOS $releasever - $basearch
baseurl=http://foo.nixcraft.com/centos/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://foo.nixcraft.com/RPM-GPG-KEY.txt

Save and close the file.

Where,

  • [foo] : Repository name i.e. The [main] section must exist for yum to do anything.
  • name=Foo for RHEL/ CentOS $releasever – $basearch : A human readable string describing the repository name
  • baseurl=http://foo.nixcraft.com/centos/$releasever/$basearch/ : Must be a URL to the directory where the yum repository’s ‘repodata’ directory lives
  • enabled=1 : Enabled or disabled repo. To disable the repository temporarily, set the enabled to 0
  • gpgcheck=1 : Security feature, use GPG key
  • gpgkey=http://foo.nixcraft.com/RPM-GPG-KEY.txt : GPL file location

Also you need to import the gpg key for the repository as follows:
# rpm --import http://foo.nixcraft.com/RPM-GPG-KEY.txt

Now you are ready to install software from foo repository. For further information refer to yum.conf man page:
$ man yum.conf
$ man yum

Hope this tip will help you to configure repository as and when required.

See also:

Howto Setup yum repositories to update or install package from ISO CDROM Image