yum command: Update / Install Packages Under Redhat Enterprise / CentOS Linux Version 5.x

H

ow do I use yum command to update and patch my Red hat Enterprise Linux / CentOS Linux version 5.x server via RHN / Internet? Can I use up2date command under RHEL 5?

Up2date command was part of RHEL v4.x or older version. You need to use yum command to update and patch the system using RHN or Internet. Use yum command to install critical and non-critical security updates as well as binary packages. Login as the root user to install and update the system.

Task: Register my system with RHN

To register your system with RHN type the following command and just follow on screen instructions (CentOS user skip to next step):

[root@system1 ~]# rhn_register       

Task: Display list of updated software (security fix)

Type the following command at shell prompt:

# yum list updates

Task: Patch up system by applying all updates

To download and install all updates type the following command:

# yum update

Task: List all installed packages

List all installed packages, enter:

# rpm -qa

# yum list installed

Find out if httpd package installed or not, enter:

# rpm -qa | grep httpd*

# yum list installed httpd

Task: Check for and update specified packages

# yum update {package-name-1}

To check for and update httpd package, enter:

# yum update httpd

Task: Search for packages by name

Search httpd and all matching perl packages, enter:

# yum list {package-name}

# yum list {regex}

# yum list httpd

# yum list perl*

Sample output:

Loading "installonlyn" plugin

Loading "security" plugin

Setting up repositories

Reading repository metadata in from local files

Installed Packages

perl.i386                                4:5.8.8-10.el5_0.2     installed

perl-Archive-Tar.noarch                  1.30-1.fc6             installed

perl-BSD-Resource.i386                   1.28-1.fc6.1           installed

perl-Compress-Zlib.i386                  1.42-1.fc6             installed

perl-DBD-MySQL.i386                      3.0007-1.fc6           installed

perl-DBI.i386                            1.52-1.fc6             installed

perl-Digest-HMAC.noarch                  1.01-15                installed

perl-Digest-SHA1.i386                    2.11-1.2.1             installed

perl-HTML-Parser.i386                    3.55-1.fc6             installed

.....

.......

..

perl-libxml-perl.noarch                  0.08-1.2.1             base

perl-suidperl.i386                       4:5.8.8-10.el5_0.2     updates 

Task: Install the specified packages [ RPM(s) ]

Install package called httpd:

# yum install {package-name-1} {package-name-2}

# yum install httpd

Task: Remove / Uninstall the specified packages [ RPM(s) ]

Remove package called httpd, enter:

# yum remove {package-name-1} {package-name-2}

# yum remove httpd

Task: Display the list of available packages

# yum list all

Task: Display list of group software

Type the following command:

# yum grouplist

Output:

Installed Groups:

   Engineering and Scientific

   MySQL Database

   Editors

   System Tools

   Text-based Internet

   Legacy Network Server

   DNS Name Server

   Dialup Networking Support

   FTP Server

   Network Servers

   Legacy Software Development

   Legacy Software Support

   Development Libraries

   Graphics

   Web Server

   Ruby

   Printing Support

   Mail Server

   Server Configuration Tools

   PostgreSQL Database

Available Groups:

   Office/Productivity

   Administration Tools

   Beagle

   Development Tools

   GNOME Software Development

   X Software Development

   Virtualization

   GNOME Desktop Environment

   Authoring and Publishing

   Mono

   Games and Entertainment

   XFCE-4.4

   Tomboy

   Java

   Java Development

   Emacs

   X Window System

   Windows File Server

   KDE Software Development

   KDE (K Desktop Environment)

   Horde

   Sound and Video

   FreeNX and NX

   News Server

   Yum Utilities

   Graphical Internet

Done

Task: Install all the default packages by group

Install all 'Development Tools' group packages, enter:

# yum groupinstall "Development Tools"

Task: Update all the default packages by group

Update all 'Development Tools' group packages, enter:

# yum groupupdate "Development Tools"

Task: Remove all packages in a group

Remove all 'Development Tools' group packages, enter:

# yum groupremove "Development Tools"

Task: Install particular architecture package

If you are using 64 bit RHEL version it is possible to install 32 packages:

# yum install {package-name}.{architecture}

# yum install mysql.i386

Task: Display packages not installed via official RHN subscribed repos

Show all packages not available via subscribed channels or repositories i.e show packages installed via other repos:

# yum list extras

Sample output:

Loading "installonlyn" plugin

Loading "security" plugin

Setting up repositories

Reading repository metadata in from local files

Extra Packages

DenyHosts.noarch                         2.6-python2.4          installed

VMwareTools.i386                         6532-44356             installed

john.i386                                1.7.0.2-3.el5.rf       installed

kernel.i686                              2.6.18-8.1.15.el5      installed

kernel-devel.i686                        2.6.18-8.1.15.el5      installed

lighttpd.i386                            1.4.18-1.el5.rf        installed

lighttpd-fastcgi.i386                    1.4.18-1.el5.rf        installed

psad.i386                                2.1-1                  installed

rssh.i386                                2.3.2-1.2.el5.rf       installed

Task: Display what package provides the file

You can easily find out what RPM package provides the file. For example find out what provides the /etc/passwd file:

# yum whatprovides /etc/passwd

Sample output:

Loading "installonlyn" plugin

Loading "security" plugin

Setting up repositories

Reading repository metadata in from local files

setup.noarch                             2.5.58-1.el5           base

Matched from:

/etc/passwd

setup.noarch                             2.5.58-1.el5           installed

Matched from:

/etc/passwd

You can use same command to list packages that satisfy dependencies:

# yum whatprovides {dependency-1} {dependency-2}

Refer yum command man page for more information:

# man yum

Posted by Unknown 0 comments

Read More

NFS Server and Client Configuration in RHEL / CENTOS / Fedora (Basic)

Server Side

NFS Package Installation

[root@system1 ~]# yum install nfs*

Create a shared directory with appropriate permission to access

[root@system1 ~]# cd /

[root@system1 /]# mkdir redhat

[root@system1 /]# ls

bin   dev  home  lost+found  misc  net  proc    root  selinux  sys  usr

boot  etc  lib   media       mnt   opt  redhat  sbin  srv      tmp  var

[root@system1 /]# cd redhat

Create sample files in to that

[root@system1 redhat]#  touch  ma ba ca

Check the service status

[root@system1 /]# service nfs status

rpc.mountd is stopped

nfsd is stopped

rpc.rquotad is stopped

Put a share entry in vim /etc/exports

[root@system1 /]# vim etc/exports

/redhat         192.168.0.100(rw)

~                                                                               

~                                                                               

~                                                                               

~                                                                               

~                                                                               

~                                                                               

"etc/exports" 1L, 27C

Start the service

[root@system1 /]# service nfs start

Starting NFS services:                                     [  OK  ]

Starting NFS quotas:                                       [  OK  ]

Starting NFS daemon:                                       [  OK  ]

Starting NFS mountd:                                       [  OK  ]

[root@system1 /]# chkconfig nfs on

Output verification

[root@system1 /]# exportfs

/redhat         192.168.0.100

Client Side

In client side create a directory to mount the NFS sharing what you made in server side.

[root@system2 /]# mkdir /data

Commands used at the client end to verify the sharing availability:-

[root@system2 /]# showmount -e <nfs server ip_address> ( or )

[root@system2 /]# showmount -e <nfs server hostname>   ( or )

[root@system2 /]# showmount -e <nfs server FQDN>

Mounting of NFS sharing

There are two types of mounting is possible, that is temporary mount and other is permanent mount by put an entry in /etc/fstab

[root@system2 /]# mount -t nfs 192.168.0.100:/redhat /data

Check this by type ls command and see the file content is present or not

Entry in vim /etc/fstab

[root@system2 /]# vim /etc/fstab

#

# /etc/fstab

# Created by anaconda on Mon Aug 13 21:49:03 2012

#

# Accessible filesystems, by reference, are maintained under '/dev/disk'

# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info

#

sysfs                     /sys     sysfs  defaults  0 0

proc                      /proc    proc   defaults  0 0

192.168.0.100:/redhat     /data    nfs    defaults  0 0

[root@system2 /]# mount -a

Now we have a permanent mount path for NFS file sharing in client machine.

That’s it….

Posted by Unknown 0 comments

Read More

Rescue Linux Installation in RHEL / CENTOS / Fedora

Rescuing a Linux system is an easier task. There are several aspects of rescuing a Linux system.

Here we are going to see how to rescue an installed Linux system when the GRUB is deleted.

Suppose you are having a Linux system. Recently you installed a Windows OS into a new partition unchanging the Linux partitions. Once after you have installed Windows, the Linux no longer boots. This is because the windows install will overwrite the MBR thereby deleting / removing the GRUB boot loader.

In this case you are having the Linux partitions. Only thing is that it is not booting. Fixing this problem is very simple. Just install GRUB. That’s all to do.

Step 1: Boot from the install CD / DVD (net-install also)
Step 2: Select the “Rescue Installed System” in GUI

Or type in “linux rescue” command in the “boot: “

Now the system is booting the rescue image. Choose your language.

Select Keyboard type

The networking setup. We dont want the networking interfaces during the rescue process. So prefer opt the “No” option to not start the networking interfaces.

This step will now attempt to find your Linux installation and mount it under the directory /mnt/sysimage. So to continue select “Continue“.

Searching…
10-> 20-> 30-> 40-> 50-> 60-> 70-> 80-> 90-> 100

If the rescue environment was unable to find your Linux installation you will be getting a message like this.

And if the rescue environment was able to find the Linux installation, it will get mounted under the /mnt/sysimage directory.

Now Supply the following commands

sh-3.2# chroot /mnt/sysimage

sh-3.2# grub-install /dev/sda

Installation finished. No error reported.

This is the contents of the device map /boot/grub/device.map.

Check if this is correct or not. If any of the lines is incorrect,

fix it and re-run the script 'grub-install'.

# this device map was generated by anaconda

(hd0)     /dev/sda

/dev/sda is the name of you hdd. check it carefully.

Now reboot.

sh-3.2# reboot

Or

init 6 to reboot.

Now see your Linux OS in the OS chooser menu.

Posted by Unknown 0 comments

Read More

Authentication / Password Protection in Apache

There are many ways you can password protect directories under Apache web server. This is important to keep your file privates from both unauthorized users and search engines (when you do not want to get your data indexed). Here you will see the basics of password protecting a directory on your server. You can use any one of the following method:

1. Putting authentication directives in a <Directory> section, in your main server configuration httpd.conf file, is the preferred way to implement this kind of authentication.

2. If you do not have access to Apache httpd.conf file (for example shared hosting) then with the help of file called .htaccess you can create password protect directories. .htaccess file provide a way to make configuration changes on a per-directory basis.

In order to create apache password protected directories you need:

Ø         a password file

Ø         and Directory name which you would like to password protect (/var/www/html/private)

Step 1: Make sure Apache is configured to use .htaccess file

You need to have AllowOverride AuthConfig directive in httpd.conf file in order for these directives to have any effect. Look for DocumentRoot Directory entry. In this example, our DocumentRoot directory is set to /var/www/html/private. Therefore, my entry in httpd.conf looks like as follows:

Options Indexes Includes FollowSymLinks MultiViews

AllowOverride AuthConfig

Order allow,deny

Allow from all

Save the file and restart Apache

# service httpd restart

Step 2: Create a password file with htpasswd

htpasswd command is used to create and update the flat-files (text file) used to store usernames and password for basic authentication of Apache users. General syntax:

# htpasswd -c password-file username

Where,

• -c: Create the password-file. If password-file already exists, it is rewritten and truncated.
• Username: The username to create or update in password-file. If username does not exist in this file, an entry is added. If it does exist, the password is changed.

Create directory outside apache document root, so that only Apache can access password file. The password-file should be placed somewhere not accessible from the web. This is so that people cannot download the password file:

# mkdir -p /home/password/

Add new user called marshal

# htpasswd -c /home/password/.htpasswd marshal

Make sure “/home/password/.htpasswd” file is readable by Apache web server. If Apache cannot read your password file, it will not authenticate you. You need to setup a correct permission using chown command.

Now allow apache user apache to read our password file:

# chown apache:apache /home/password/.htpasswd # chmod 0660 

/home/password/.htpasswd

Create a directory /var/www/html/private if it does not exist:

# mkdir -p /var/www/html/private

Create .htaccess file using text editor:

# cd /var/www/html/private # vi .htaccess

Add following text:

AuthType Basic

AuthName "Restricted Access"

AuthUserFile /home/password/.htpasswd

Require user marshal

Save file and exit to shell prompt.

Step 3: Test your configuration

Fire your browser type url http://yourdomain.com/private or http://localhost/private or http://ip-address/private

When prompted for username and password please supply username marshal and password. You can add following lines to any file <Directory> entry in httpd.conf file:

AuthType Basic

AuthName "Restricted Access"

AuthUserFile /home/password/.htpasswd

Require user marshal

To change or setup new user use htpasswd command again.

Posted by Unknown 0 comments

Read More

Securing Apache Web Server with Encryption

In this blog we are going to discuss about encrypting communications to web server using TLS/SSL.

Step 1:  Install mod_ssl and httpd

# yum -y install mod_ssl httpd

Step 2: Perform the things required for web server by editing the “/etc/httpd/conf/httpd.conf” and also the creation of web pages in the directories described in the configuration file.

Steps 3: Edit the ssl configuration file

# vim /etc/httpd/conf.d/ssl.conf

Check line number 88

SSLEngine on    ------>>> remove comments if exists

We are using the default certificate and it’s key

Line number 105 pointing to certificate file

SSLCertificateFile /etc/pki/tls/certs/localhost.crt

line nu 112 pointing to certificate key file

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Thats all editing the ssl configuration file.

Step 4: Restart httpd service

# service httpd restart

Step 5: Check it out

Open Browser and type the URL in the address bar

http://server.example.com

Now an error message is displayed saying that “this page can only be viewed using the URL “https://server.example.com”. Type the URL

https://server.example.com

When Browser presents a warning,> click the “I understand the Risks” link > click the “Add Exceptions… ” button, > click “View…” when it becomes active. > click “Close”… > click “Confirm security exception”…

Above we used the default certificate / key pair. We too can use a custom self signed certificate using crypto-utils.

Install crypto-utils

# yum -y install crypto-utils

Generate self signed certificate/key pair using “genkey” tool

You should be root to generate a key.

First, use the “cd” command to change to the ”/etc/httpd/conf/” directory. Remove the fake key and certificate that were generated during the installation with the following commands:

# rm ssl.key/server.key rm ssl.crt/server.crt

# genkey www.example.com

 Click next >>

Click next >>

On generating your key, you will be prompted to send a Certificate Request (CSR) to a Certificate Authority (CA).

Click no >>

Click next >>

If you choose to encrypt, you should set a pass phrase to decrypt the key. And also selecting “encrypt the private key”, always you will be asked for the pass phrase whenever restarting the httpd service.

enter the pass phrase and click next >>

Click close.

Now configure the server to use the new certificate and key.

Check whether you have the new certificate and key.

# ls /etc/pki/tls/certs/

ca-bundle.crt  ca-bundle.trust.crt  localhost.crt  make-dummy-cert  

Makefile  server.csr    server.crt    www.example.com.crt

# ls /etc/pki/tls/private/

server.key     www.example.com.key

Edit “/etc/httpd/conf.d/ssl.conf”. Change the SSLCertificateFile and SSLCertificateKey lines to be.

SSLCertificateFile /etc/pki/tls/certs/www.example.com.crt

SSLCertificateKeyFile /etc/pki/tls/private/www.example.com.key

Now restart the httpd service

# service httpd restart

Posted by Unknown 0 comments

Read More