COSC 4750

Customizing and maintenance

Installing software

• Redhat/Fedora (and linux in general) has a package installer, called rpm

• Many programs will come in an rpm format, so all would would have to do is– rpm –Ivh packagename.rpm

Installing software (2)

• Adding more software from the Install disks• From X-windows

– “start” menu, system settings, Add/Remove Applications

– Allows you selection packages and/or groups, same as when you installed the system.

• To upgrade existing software– rpm –Fvh packagename.rpm

• “freshing” an installed package, only if older version is found

– or rpm –Uvh packagename.rpm• “freshing an installed package, or install package if

it is not installed.

Finding updates

• Redhat Ent version do.– rhnsd deamon

• Redhat network system daemon, similar to windows update. Application name is up2date, but it is just middle ware for yum.

– Redhat/CentOS/Scientific all use YUM.

• http://www.redhat.com/apps/support/errata– select version, it will list fixes and updates

• security advisories• bug fixes• package enhancements• It will tell you which rpm’s to download, what to fix or update, what

it is for and why the fix/update is needed.

Updating with Yum

• The new standard method to get updates is with yum (Yellowdog Updater Modifier)

• Part of the standard install• Already configured to correct update sites• Use

– yum update Will go out and find any updates, then ask if you would to install

– yum install <package name> will install that package– yum groupinstall “package” will install all the

compents of the package• Example: yum groupinstall "MySQL Database"'

Updating with Yum (2)

• Removing packages– yum remove <package name>– yum groupremove “package”

• yum –y – answer yes to any questions

• See the man pages on yum for more options• Many “other software Repositories” use

yum can be added to the yum configurations

Adding Repo’s to yum• You can add more repositories for yum to use.

– New versions just add files to /etc/yum.repos.d/– Or edit /etc/yum.conf and add the same info– Example: the dag archive[dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag

gpgcheck=1 enabled=1gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt

• Many sites now just have a rpm you can install– And updated as needed.

Updating with Yum (3)

• For automatic updates– chkconfig yum on– /etc/init.d/yum start

• Now it will update “nightly” with the updates.

Turning off and off deamons

• chkconfig is used to determine which run-level is started or stopped in.

• /sbin/chkconfig --list – lists all daemons

rwhod 0:off 1:off 2:off 3:off 4:off 5:off 6:off

smb 0:off 1:off 2:off 3:on 4:on 5:on 6:off

sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off

• /sbin/chkconfig --level 2345 httpd off– turns off httpd daemon in run-level 2,3,4,5

• /sbin/chkconfig httpd off– turns off httpd daemon in run-level 3,4,5

• /sbin/chkconfig --level 3 httpd on– turns on httpd in run-level 3, without changing

it status in any other run level

• chkconfig does not start or stop any daemons, only enables them to run a in the giving level.

• You will need to start/stop them manually, the first time– /etc/init.d/httpd start– /etc/init.d/httpd stop

• Configuring a daemon– most have .conf files in the /etc directory– example ntp (Network Time Protocol)– /etc/ntp.conf

• add to the file: server time.uwyo.edu prefer

• and comment out the other server and fudge lines

GUI configurators

• Under the System menu:– System tools and System Settings menus

• Contain dozens are GUI configurators– Most work pretty well.

– Sometimes you may be then manually edit the configure files, but it getting pretty rare.

• To configure printers use printconf-gui or printtool (same program, different names)– Allows you to install local printers, remote printers,

including windows printers (with samba).

Configuring grub.conf

• /etc/grub.conf is a file, which you can configure the way your computer boots and which O/S it boots to.

• A couple of general config’s– timeout=10 (you get 10 seconds before grub boots to

the default O/S)– prompt (when listed, ask which O/S to boot to until

timeout)– default=0 (the default is first O/S entry)– password (an encrypted password, need to change the

boot)

O/S entries

• Look like the followingtitle Red Hat Linux (2.4.18-10)

root (hd0,0)

kernel /vmlinuz-2.4.18-10 ro root=/dev/sda2

initrd /initrd-2.4.18-10.img

• The root (hd0,0) is hard drive to boot from• use the kernel located at /boot/kernel… , and root

partition is located on scsi drive 0 at partition 2• initrd is the ramdisk image.

• For dual-booting you may have an O/S like thistitle Windows XP

rootnoverify (hd0,0)chainloader +1

• Where rootnoverify means don’t mount the partition

• chainloader +1, turn control over to another boot loader (in this windows bootloader), where the first sector is used by that boot loader.

• You can now test your changes or new entries by rebooting.– Make sure to kept a known working boot

option, in case there is a problem.

Temp changes to the boot loader

• If you need to boot to the Single user mode, to fix problems, you can make changes at boot screen

• press e, then edit the options• Normally at linux 1 to the end of the kernel

entry, then type b to boot.– You can actually test verify kernels here by

changing all the options

Installing a new kernel

• With yum and updates, installing a new kernel is very easy.– yum install kernel-version you want.– Likely will install new versions, with the

nightly updates.• Compiling and install a new kernel is non-

trivial.– There are several good HowTos out there. – The source code for installed kernels is

installed with the kernel-devel...rpm package.

Mounting a “other drives”

• During the install Fedora will add entries into the fstab file for cdrom, dvd, zip, etc.

• mount /media/cdrom will mount a cdrom into the file system.

• USB pin drives and devices added after the install may have to mounted “manually”– Check the dmesg to see what the device name– mount /dev/hdc4 /media/zip should mount the zip disk.– mount /dev/sda1 /media/usb should mount a usb device

Security issues with Redhat

• Older versions of Redhat allowed non-root users to use the shutdown command.– chmod 700 /usr/bin/shutdown

• By default anyone can shutdown the machine

• So check the privileges on important commands like shutdown and reboot– only root should be able to launch these.

Documentation

• Redhat/fedora/CentOS/Scientific linux maintains a fair amount of on-line documentation.– http://www.centos.com– http://www.redhat.com– http://fedora.redhat.com– http://scientificlinux.org/

Lastly

• Keep up to date with patches• Always shutdown all unneeded services.

– It’s harder for someone to break into your system that way.

– Use the firewall included. Iptables can help to prevent someone from breaking in.

• Security is a process, not a product• While a firewall can not guarantee security, it is the

first and sometimes the last line of defence against network based attacks.

QA&