Posts Tagged yum

Checking the checksum of installed packages

Posted by on Thursday, 15 October, 2009

Occasionally you just want a bit of piece of mind about your server or Linux install. You may suspect there is somebody who has hacked your computer or even something changed by a package install that shouldnt have been.

Heres a couple of ideas on how to do a quick ‘health’ check on he md5sum of binary packages.

Debian based people should install dlocate and use that

apt-get install dlocate
dlocate -md5check openssh-server

To force a fail try something like this

mv /usr/share/man/man5/sshd_config.5.gz /usr/share/man/man5/sshd_config.5.gz-old
echo Boo > /usr/share/man/man5/sshd_config.5.gz
dlocate -md5check openssh-server

For Redhat/Centos etc based servers you can use yum

 rpm -qvV openssh

Again you can force a fail by changing a file

mv /usr/share/doc/openssh-4.3p2/CREDITS /usr/share/doc/openssh-4.3p2/CREDITS-old
echo Boo >/usr/share/doc/openssh-4.3p2/CREDITS
rpm -qvV openssh

For less verbosity just drop the lower case v (so its rpm -qV )


Centos 5 – Adding extra sources for bleeding edge

Posted by on Wednesday, 6 May, 2009

So you got yourself say a Centos VPS or Server. Some guy comes along and develops you a website made in the latest and greated PHP version and yours isnt running it!.

Easily fixed. First of all to know, is Centos 5 is basicly RHEL 5 only free, you can use the same sources lists and rpms between the two.

So adding the first source would be the DAG/RPMForge lists. The FAQ is up here http://dag.wieers.com/rpm/FAQ.php which is pretty generic and basic.

Red Hat Enterprise Linux 5 / i386:

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Remembering that Centos 5 is the same as el5 (Red Hat Enterprise Linux … RHEL) this works nicely. You may find that you get the following error when using apt to update

E: Dynamic MMap ran out of room
E: Dynamic MMap ran out of room
E: Error occured while processing packagename
E: Problem with MergeList
/var/state/apt/lists/listname
E: msync
E: The package lists or status file could not be parsed or opened.

This can be fixed by putting the following line into the bottom of /etc/apt/apt.conf

APT::Cache-Limit 50000000;

At Rimuhosting where i work we usually default to Centos 5.3 which is pretty much the latest release. I found the DAG/RPMForge lists not quiet as up to date as the Remi lists at http://blog.famillecollet.com/pages/Config-en

The easy way to get these ones going is as follows

wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm

By default the remi lists are not enabled, you can use them indevidually with yum –enablerepo remi install packagename . Or you can edit the /etc/yum.repos.d/remi.repo and change the enabled=0 to enabled=1

Now you can yum update and yum upgrade nicely!

Let me know any other mirrors you found handy.