2.6 APPLYING UPDATES AND PATCHES

Previous page
Table of content
Next page

2.6 APPLYING UPDATES AND PATCHES

It is highly recommended that you configure the system to automatically check for availability of updated RPM packages. This will increase the likelihood that you will be able to patch the system and close any security holes that have been discovered before someone with malicious intent can use them to compromise the integrity of your system or data.

2.6.1 Up2date (http://www.redhat.com/docs/ manuals/RHNetwork/ref-guide/)

For Red Hat 7.3, automatic checking for security updates is controlled by the Red Hat Network Daemon rhnsd . By default, the daemon will attempt to connect to a Red Hat server every 120 minutes to check for available package updates, download and install any updates for packages that are properly signed and are already installed on the system (except those whose name starts with the string "kernel"), then email the root user with results. Note that the use of the up2date service that exceeds one user with one system requires payment of a subscription fee.

2.6.1.1 Register the System with the Red Hat Network

The following command starts the Red Hat Network registration client and initiates the process of creating a system profile for the up2date service. The client prompts the user to create an account (i.e., username and password combination), then probes the system for the Red Hat version, hostname, IP address, CPU information, RAM, PCI devices, disk sizes, and mount points. 

 [root@localhost]# /usr/sbin/rhn_register

2.6.1.2 Verify Set-up by Manually Checking for Updates

Once the system is registered and the profile has been created, run the following commands: 

 [root@localhost]# /usr/sbin/up2date --nox -p     [root@localhost]# /usr/sbin/up2date --nox --u

The first command will update the packages associated with the system profile on the Red Hat Network, and the second will download and install the package updates for the system.

2.6.1.3 Ensure That the rhnsd Is Configured to Start When the System Boots 

 [root@localhost]# /sbin/chkconfig rhnsd on     [root@localhost]# /etc/init.d/rhnsd start

2.6.2 autorpm (http://www. autorpm.org/)

Autorpm is a viable , free alternative to up2date. It is written in PERL and can be run in interactive mode, passed command-line options, or called directly from a script. The default installation will check a Red Hat mirror site daily, download any rpm that is an updated version of one that is on the system (ignoring packages starting with the string "kernel-"), check the package signature, and email the root user with results. Although autorpm can be configured to automatically install rpm updates, by default none will be installed without user interaction.

2.6.2.1 Download and Install the Latest Stable Binary RPM

The latest stable rpm package for autorpm (2.9.3 at the time of this writing) can be downloaded from http://www.autorpm.org/tabs/download/. Once the package has been downloaded, install it using the following command: 

 [root@localhost]# /bin/rpm -i autorpm-2.9.3-1.noarch.rpm

2.6.2.2 Modify the /etc/autorpm.d/redhat-updates.conf file

By default, rpm packages that fail the signature check will be placed in the interactive queue. To prevent these suspect rpm packages from getting accidentally installed later, add the following line to the action(updated) stanza after the line PGP_Require(Yes);: 

 PGP_Fail_Install(No);

By default, any updates for rpm packages that are on the mirror site, but do not have a corresponding earlier version already installed on the system will be added to the interactive queue. To prevent this from happening, find the action(new) stanza and change the line Install(Interactive); to Install(No); .

2.6.2.3 Verify Set-up by Manually Checking for Updates

Run the autorpm command with no arguments. The first time you run the command you will be offered a chance to see an explanation of how autorpm works and encouraged to download TermReadlineGnu. Accept the download. The package will be installed and autorpm will exit. Check for updates by issuing the command: 

  [  root@localhost]# autorpm auto

You should see messages showing FTP connection attempts to a mirror site, and most likely, a list of package names for updates that are available. Updated packages (ones that have an earlier version already installed on the system) will be downloaded and their PGP signatures will be checked. When the prompt returns, issue the following command to install the packages: 

 [root@localhost]# autorpm "install all"

You should see messages indicating that the rpm packages are being installed, and if the installation is successful, that they are being deleted from the disk.

An entry in the /etc/cron.daily directory is added by default to enable daily checking for updates.



Previous page
Table of content
Next page
Securing Linux. A Survival Guide for Linux Security
Securing Linux: A Survival Guide for Linux Security (Version 2.0)
ISBN: 0974372773
EAN: 2147483647
Year: 2002
Pages: 39
Authors: David Koconis, Jim Murray, Jos Purvis, Darrin Wassom
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
Developing Tablet PC Applications (Charles River Media Programming)
Twisted Network Programming Essentials
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Programming .Net Windows Applications
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy