Customizing linux

advertisement
COSC 4750
Customizing and maintenance
Installing software
• Redhat/Fedora (and linux in general) has a
package installer, called rpm
• Many programs will come in an rpm format,
so all would would have to do is
– rpm –Ivh packagename.rpm
Installing software (2)
• Adding more software from the Install disks
• From X-windows
– “start” menu, system settings, Add/Remove
Applications
– Allows you selection packages and/or groups, same as
when you installed the system.
• To upgrade existing software
– rpm –Fvh packagename.rpm
• “freshing” an installed package, only if older version
is found
– or rpm –Uvh packagename.rpm
• “freshing an installed package, or install package if
it is not installed.
Finding updates
• Redhat Ent version do.
– rhnsd deamon
• Redhat network system daemon, similar to windows update. Application
name is up2date, but it is just middle ware for yum.
– Redhat/CentOS/Scientific all use YUM.
• http://www.redhat.com/apps/support/errata
– select version, it will list fixes and updates
•
•
•
•
security advisories
bug fixes
package enhancements
It will tell you which rpm’s to download, what to fix or update, what
it is for and why the fix/update is needed.
Updating with Yum
• The new standard method to get updates is with
yum (Yellowdog Updater Modifier)
• Part of the standard install
• Already configured to correct update sites
• Use
– yum update Will go out and find any updates, then ask
if you would to install
– yum install <package name> will install that package
– yum groupinstall “package” will install all the
compents of the package
• Example: yum groupinstall "MySQL Database"'
Updating with Yum (2)
• Removing packages
– yum remove <package name>
– yum groupremove “package”
• yum –y
– answer yes to any questions
• See the man pages on yum for more options
• Many “other software Repositories” use
yum can be added to the yum configurations
Adding Repo’s to yum
• You can add more repositories for yum to use.
– New versions just add files to /etc/yum.repos.d/
– Or edit /etc/yum.conf and add the same info
– Example: the dag archive
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$bas
earch/dag
gpgcheck=1
enabled=1
gpgkey=http://dag.wieers.com/packages/RPM-GPGKEY.dag.txt
• Many sites now just have a rpm you can install
– And updated as needed.
Updating with Yum (3)
• For automatic updates
– systemctl enable yum.service
– systemctl start yum.service
• Now it will update “nightly” with the
updates.
Turning off and off deamons
• systmctl list-unit-files
– Remember this for the “current target”
• Example output
–
–
–
–
–
–
–
–
–
timemaster.service
tog-pegasus.service
tomcat.service
tomcat@.service
tuned.service
udisks2.service
unbound-anchor.service
upower.service
usbmuxd.service
disabled
disabled
disabled
disabled
enabled
static
static
disabled
static
Turning off and off deamons (2)
• systemctl enable httpd.service
– Remember this doesn’t start the service, it’s for
the next boot
• You will need to start/stop them manually,
the first time
– systemctl start httpd.service
– systemctl stop httpd.service
• Configuring a daemon
– most have .conf files in the /etc directory
– example ntp (Network Time Protocol)
– /etc/ntp.conf
• add to the file: server time.uwyo.edu prefer
• and comment out the other server and fudge lines
GUI configurators
• Under the System menu:
– System tools and System Settings menus
• Contain dozens are GUI configurators
– Most work pretty well.
– Sometimes you may be then manually edit the configure files,
but it getting pretty rare.
• To configure printers use printconf-gui or printtool
(same program, different names)
– Allows you to install local printers, remote printers,
including windows printers (with samba).
Configuring grub.conf
• /etc/grub.conf is a file, which you can configure
the way your computer boots and which O/S it
boots to.
• A couple of general config’s
– timeout=10 (you get 10 seconds before grub boots to
the default O/S)
– prompt (when listed, ask which O/S to boot to until
timeout)
– default=0 (the default is first O/S entry)
– password (an encrypted password, need to change the
boot)
O/S entries
• Look like the following
title Red Hat Linux (2.4.18-10)
root (hd0,0)
kernel /vmlinuz-2.4.18-10 ro root=/dev/sda2
initrd /initrd-2.4.18-10.img
• The root (hd0,0) is hard drive to boot from
• use the kernel located at /boot/kernel… , and root
partition is located on scsi drive 0 at partition 2
• initrd is the ramdisk image.
• For dual-booting you may have an O/S like this
title Windows XP
rootnoverify (hd0,0)
chainloader +1
• Where rootnoverify means don’t mount the
partition
• chainloader +1, turn control over to another boot
loader (in this windows bootloader), where the
first sector is used by that boot loader.
• You can now test your changes or new
entries by rebooting.
– Make sure to kept a known working boot
option, in case there is a problem.
Temp changes to the boot loader
• If you need to boot to the Single user mode,
to fix problems, you can make changes at
boot screen
• press e, then edit the options
• Normally at linux 1 to the end of the kernel
entry, then type b to boot.
– You can actually test verify kernels here by
changing all the options
Installing a new kernel
• With yum and updates, installing a new
kernel is very easy.
– yum install kernel-version you want.
– Likely will install new versions, with the
nightly updates.
• Compiling and install a new kernel is nontrivial.
– There are several good HowTos out there.
– The source code for installed kernels is
installed with the kernel-devel...rpm package.
Mounting a “other drives”
• During the install Fedora will add entries into the
fstab file for cdrom, dvd, zip, etc.
• mount /media/cdrom will mount a cdrom into the
file system.
• USB pin drives and devices added after the install
may have to mounted “manually”
– Check the dmesg to see what the device name
– mount /dev/hdc4 /media/zip should mount the zip disk.
– mount /dev/sda1 /media/usb should mount a usb device
Security issues with Redhat
• Older versions of Redhat allowed non-root
users to use the shutdown command.
– chmod 700 /usr/bin/shutdown
• By default anyone can shutdown the machine
• So check the privileges on important
commands like shutdown and reboot
– only root should be able to launch these.
Documentation
• Redhat/fedora/CentOS/Scientific linux
maintains a fair amount of on-line
documentation.
–
–
–
–
http://www.centos.com
http://www.redhat.com
http://fedora.redhat.com
http://scientificlinux.org/
Lastly
• Keep up to date with patches
• Always shutdown all unneeded services.
– It’s harder for someone to break into your
system that way.
– Use the firewall included. Iptables can help to
prevent someone from breaking in.
• Security is a process, not a product
• While a firewall can not guarantee security, it is the
first and sometimes the last line of defence against
network based attacks.
Q&A
Download