Friday, November 27, 2009

yum rollback feature / rpm rollback feature

Doing some upgrades this week on a production system and don't want anything to break...So, I looked into this.

One of the least-known secrets about rpm is that it can rollback (undo) package changes. It can take a fair bit of storage space to track the information necessary for rollback, but since storage is cheap, it’s worthwhile enabling this feature on most systems.
Here are cut-to-the-chase directions on using this feature:
  1. To configure yum to save rollback information, add the line tsflags=repackage to /etc/yum.conf.
  2. To configure command-line rpm to do the same thing, add the line %_repackage_all_erasures 1 to /etc/rpm/macros.
  3. Install, erase, and update packages to your heart’s content, using pup, pirut, yumex, yum, rpm, and the yum automatic update service.
If/when you want to rollback to a previous state, perform an rpm update with the –rollback option followed by a date/time specification. Some examples: rpm -Uhv –rollback ‘9:00 am’, rpm -Uhv –rollback ‘4 hours ago’, rpm -Uhv –rollback ‘december 25′.
Posted by William Nix at 10:21 AM 0 comments

Friday, November 13, 2009

php5 / suhosin extension (not patch) on CentOS or RHEL

Red Hat / CentOS Linux Install Suhosin PHP 5 Protection Security Patch


Q. Wordpress and many other open source application developers asks users to protect PHP apps using Suhosin patch to get protection from the full exploit. Suhosin is an advanced protection system for PHP installations. It was designed to protect your servers from various attacks. How do I install Suhosin under RHEL / CentOS / Fedora Linux?

A. Suhosin was designed to protect your servers against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within these applications or the PHP core itself including wordpress and many other open source php based apps.

Install Suhosin as extension

Download latest version of Suhosin, enter:
# cd /opt
# wget http://download.suhosin.org/suhosin-0.9.27.tgz
Make sure you have php-devel installed:
# yum install php-devel

Compile Suhosin under PHP 5 and RHEL / CentOS Linux

Type the following commands:
# cd suhosin-0.9.27
# phpize
#./configure
# make
# make install

Configure Suhosin

Type the following command to create Suhosin configuration file:
# echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini

Restart web server

Type the following command to restart httpd:
# service httpd restart
If you are using lighttpd, enter:
# service lighttpd restart

Verify Suhosin installation

Type the following command:
$ php -v
Sample output:
PHP 5.1.6 (cli) (built: Jun 12 2008 05:02:36)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
    with XCache v1.2.2, Copyright (c) 2005-2007, by mOo
    with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH
You can find more information by running phpinfo():

phpinfo();
?>
Sample output:

Fig.01: Suhosin information and settings displayed by phpinfo().
Fig.01: Suhosin information and settings displayed by phpinfo()

Click here to find out more!
Tagged as: , , , , , , , , ,
Posted by William Nix at 4:22 PM 0 comments

Tuesday, November 3, 2009

setup bridging br0 eth0 on Centos or RHEL for KVM virtual machines

There were several places online I could've visited to help me get bridging going on my system...They all seemed to be written for a home user though.

I recently setup a new CentOS 5.4 workstation on a machine here at work, and have been planning on moving everything over to that from my Mac Management station. Currently using a Macbook Pro as a management station but I'd like to free it up to do other things...

Also I wanted to do some KVM virtualizing because thats how RedHat does it, and thats our vendor...so...

For starters, I needed to let any VM's I created have bridged access to the network... This was probably the most difficult part, because it was just a mixed-bag when it came to how other people had done it. Here's how I did it, and it works for me.

The interface is an Intel gigabit card (wasn't supported until 5.3 out of the box!), so 1 physical interface formerly known as eth0.

`yum install bridge-utils` will install the proper utilities to enable bridging, and should also enable the kernel module on most distros.

I guess the tricky thing is, when you use bridging, you're actually kind of saying "ok bye eth0, we're going to replace you with br0 and then let br0 hand out access to any other interfaces" - This is hard for some people to grasp...

So goto /etc/sysconfig/network-scripts and `cp ifcfg-eth0 ifcfg-br0`

Then edit ifcfg-br0 to contain the following information:
DEVICE=br0
BOOTPROTO=static
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=x.x.x.x
GATEWAY= x.x.x.1
TYPE=Bridge
USERCTL=no
IPV6INIT=no
PEERDNS=yes



Then edit ifcfg-eth0, it should just have
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0

-
You should then reboot. your main interface will have become br0, and eth0 will just be sitting there...waiting...for something.

Anyway,
You can use brctl show to show the current bridges on your system, and it gets more complicated from there on out.

You can then assign eth0 to virtual machines in the Virt Manager and the vm will use that as its bridge access. ;)
Posted by William Nix at 1:34 PM 0 comments

Monday, November 2, 2009

pidgin, otr, and random number generation

on a new centos plus workstation (5.4) i was trying to IM with pidgin and otr with my friends. we use OTR for private communication.

the key generation was failing, hanging actually, strace showed some problem with timeouts and /dev/urandom.

On the advice of someone who ran into the same problem, I used rngd to feed /dev/urandom into /dev/random

rngd -o /dev/urandom -r /dev/random

This worked and key generation completed successfully. Joy.
Posted by William Nix at 3:49 PM 0 comments
Subscribe to: Posts (Atom)