COSC 4750 Customizing and maintenance Installing software • Redhat/Fedora (and linux in general) has a package installer, called rpm • Many programs will come in an rpm format, so all would would have to do is – rpm –Ivh packagename.rpm Installing software (2) • Adding more software from the Install disks • From X-windows – “start” menu, system settings, Add/Remove Applications – Allows you selection packages and/or groups, same as when you installed the system. • To upgrade existing software – rpm –Fvh packagename.rpm • “freshing” an installed package, only if older version is found – or rpm –Uvh packagename.rpm • “freshing an installed package, or install package if it is not installed. Finding updates • Redhat Ent version do. – rhnsd deamon • Redhat network system daemon, similar to windows update. Application name is up2date, but it is just middle ware for yum. – Redhat/CentOS/Scientific all use YUM. • http://www.redhat.com/apps/support/errata – select version, it will list fixes and updates • • • • security advisories bug fixes package enhancements It will tell you which rpm’s to download, what to fix or update, what it is for and why the fix/update is needed. Updating with Yum • The new standard method to get updates is with yum (Yellowdog Updater Modifier) • Part of the standard install • Already configured to correct update sites • Use – yum update Will go out and find any updates, then ask if you would to install – yum install <package name> will install that package – yum groupinstall “package” will install all the compents of the package • Example: yum groupinstall "MySQL Database"' Updating with Yum (2) • Removing packages – yum remove <package name> – yum groupremove “package” • yum –y – answer yes to any questions • See the man pages on yum for more options • Many “other software Repositories” use yum can be added to the yum configurations Adding Repo’s to yum • You can add more repositories for yum to use. – New versions just add files to /etc/yum.repos.d/ – Or edit /etc/yum.conf and add the same info – Example: the dag archive [dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el$releasever/en/$bas earch/dag gpgcheck=1 enabled=1 gpgkey=http://dag.wieers.com/packages/RPM-GPGKEY.dag.txt • Many sites now just have a rpm you can install – And updated as needed. Updating with Yum (3) • For automatic updates – systemctl enable yum.service – systemctl start yum.service • Now it will update “nightly” with the updates. Turning off and off deamons • systmctl list-unit-files – Remember this for the “current target” • Example output – – – – – – – – – timemaster.service tog-pegasus.service tomcat.service tomcat@.service tuned.service udisks2.service unbound-anchor.service upower.service usbmuxd.service disabled disabled disabled disabled enabled static static disabled static Turning off and off deamons (2) • systemctl enable httpd.service – Remember this doesn’t start the service, it’s for the next boot • You will need to start/stop them manually, the first time – systemctl start httpd.service – systemctl stop httpd.service • Configuring a daemon – most have .conf files in the /etc directory – example ntp (Network Time Protocol) – /etc/ntp.conf • add to the file: server time.uwyo.edu prefer • and comment out the other server and fudge lines GUI configurators • Under the System menu: – System tools and System Settings menus • Contain dozens are GUI configurators – Most work pretty well. – Sometimes you may be then manually edit the configure files, but it getting pretty rare. • To configure printers use printconf-gui or printtool (same program, different names) – Allows you to install local printers, remote printers, including windows printers (with samba). Configuring grub.conf • /etc/grub.conf is a file, which you can configure the way your computer boots and which O/S it boots to. • A couple of general config’s – timeout=10 (you get 10 seconds before grub boots to the default O/S) – prompt (when listed, ask which O/S to boot to until timeout) – default=0 (the default is first O/S entry) – password (an encrypted password, need to change the boot) O/S entries • Look like the following title Red Hat Linux (2.4.18-10) root (hd0,0) kernel /vmlinuz-2.4.18-10 ro root=/dev/sda2 initrd /initrd-2.4.18-10.img • The root (hd0,0) is hard drive to boot from • use the kernel located at /boot/kernel… , and root partition is located on scsi drive 0 at partition 2 • initrd is the ramdisk image. • For dual-booting you may have an O/S like this title Windows XP rootnoverify (hd0,0) chainloader +1 • Where rootnoverify means don’t mount the partition • chainloader +1, turn control over to another boot loader (in this windows bootloader), where the first sector is used by that boot loader. • You can now test your changes or new entries by rebooting. – Make sure to kept a known working boot option, in case there is a problem. Temp changes to the boot loader • If you need to boot to the Single user mode, to fix problems, you can make changes at boot screen • press e, then edit the options • Normally at linux 1 to the end of the kernel entry, then type b to boot. – You can actually test verify kernels here by changing all the options Installing a new kernel • With yum and updates, installing a new kernel is very easy. – yum install kernel-version you want. – Likely will install new versions, with the nightly updates. • Compiling and install a new kernel is nontrivial. – There are several good HowTos out there. – The source code for installed kernels is installed with the kernel-devel...rpm package. Mounting a “other drives” • During the install Fedora will add entries into the fstab file for cdrom, dvd, zip, etc. • mount /media/cdrom will mount a cdrom into the file system. • USB pin drives and devices added after the install may have to mounted “manually” – Check the dmesg to see what the device name – mount /dev/hdc4 /media/zip should mount the zip disk. – mount /dev/sda1 /media/usb should mount a usb device Security issues with Redhat • Older versions of Redhat allowed non-root users to use the shutdown command. – chmod 700 /usr/bin/shutdown • By default anyone can shutdown the machine • So check the privileges on important commands like shutdown and reboot – only root should be able to launch these. Documentation • Redhat/fedora/CentOS/Scientific linux maintains a fair amount of on-line documentation. – – – – http://www.centos.com http://www.redhat.com http://fedora.redhat.com http://scientificlinux.org/ Lastly • Keep up to date with patches • Always shutdown all unneeded services. – It’s harder for someone to break into your system that way. – Use the firewall included. Iptables can help to prevent someone from breaking in. • Security is a process, not a product • While a firewall can not guarantee security, it is the first and sometimes the last line of defence against network based attacks. Q&A