Red Hat Enterprise Linux 5 ships yum as a replacement for the utility 'up2date' which was used in previous versions of Red Hat Enterprise Linux.
Note: The http proxy must support byte-range addressing for successful use
In order to use yum through an http proxy please follow these steps:
1. Open /etc/sysconfig/rhn/up2date for editing
2. Change the following:
enableProxy=0
To the following:
enableProxy=1
3. Enter the user's password for the http proxy where it states the following:
proxyPassword=
4. Enter the user's username for the http proxy where it states the following:
proxyUser=
5. Enter the URL for the proxy server, in host:port format, in the following line:
httpProxy=
6. Save the file.
Thursday, March 12, 2009
Wednesday, March 11, 2009
How do I check the software integrity on my RHEL5
There is an integrity checking software called AIDE shipped by Red Hat Enterprise Linux 5. AIDE provides some general strategy for implementing integrity checking to detect the intrusions when they have occurred.
To install AIDE, using following command:
# yum install aide
To configure AIDE, customize the /etc/aide.conf to meet the requirements of the system. For more detailed information about the AIDE configuration file, please refer the man page of aide.conf.
To generate a new database and install it on AIDE system:
# aide --init
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
By default, the program will create a new file aide.db.new.gz in the /var/lib/aide/ directory. This must be installed on the system manually by using the copy command. Typically, system administrator should create an AIDE database on a new system before the system is connected to any network.
To check the inconsistencies between the current system and the AIDE database, running following command:
# aide --check
or
# aide
If the check produces any unexpected output, investigate and fix it as soon as possible.
The aide command can also be run as a crontab job to do periodic integrity checking.
To install AIDE, using following command:
# yum install aide
To configure AIDE, customize the /etc/aide.conf to meet the requirements of the system. For more detailed information about the AIDE configuration file, please refer the man page of aide.conf.
To generate a new database and install it on AIDE system:
# aide --init
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
By default, the program will create a new file aide.db.new.gz in the /var/lib/aide/ directory. This must be installed on the system manually by using the copy command. Typically, system administrator should create an AIDE database on a new system before the system is connected to any network.
To check the inconsistencies between the current system and the AIDE database, running following command:
# aide --check
or
# aide
If the check produces any unexpected output, investigate and fix it as soon as possible.
The aide command can also be run as a crontab job to do periodic integrity checking.
Saturday, March 7, 2009
How do I improve mouse tracking in a virtual machine?
The mouse cursor in virtual machines under Red Hat Enterprise Linux 5 does not track well with the actual mouse movements. This is because mouse drivers expect relative motion deltas. For example, the mouse moved up and right one centimeter, but the virtual machine console sends absolute coordinates. The conversion from absolute coordinates to relative deltas is an approximation. As errors in the approximations accumulate, the virtual cursor drifts farther and farther from the host cursor.
One solution to this problem is to switch from a virtual mouse to a virtual tablet. A tablet sends absolute coordinates instead of relative motion deltas, so no conversion is necessary. See the instructions below to enable a virtual tablet.
Another solution is to switch from a VNC console to an SDL console, however, the SDL console has its own set of problems: it does not work with the Virtual Machine Manager (virt-manager), and if you close the SDL console, it immediately kills the virtual machine, possibly resulting in data loss.
Enabling a Virtual Tablet
1. Launch the Virtual Machine Manager (virt-manager).
2. If the virtual machine is running, turn it off.
3. Select the virtual machine, then click Details. In the Hardware tab, click Add. For Hardware type, choose Input Device and click Forward. For Type, select the "EvTouch USB Graphics Tablet", click Forward, and click Finish. Alternately, on the host (dom0) system, open the /etc/xen/virtual-machine-name file with your favorite text editor and add the following line at the bottom of the file:
usbdevice = 'tablet'
4. Turn on the virtual machine.
5. If necessary, switch to a text console: using the Virtual Machine Manager console, go to the Send Key menu and click CTRL-ALT-F1.
6. Log in to the virtual machine as root.
7. Switch to run level 3 (to disable X Windows) by running init 3:
[root@hostname ~]# init 3
8. Run the following command to find the name of the event for the tablet:
[root@hostname ~]# egrep 'Name|Handlers' /proc/bus/input/devices | grep -i -A 1 tablet
N: Name="QEMU 0.8.2 QEMU USB Tablet"
H: Handlers=mouse1 event2 js0
9 . Open /etc/X11/xorg.conf with your favorite text editor. If necessary, add the following InputDevice line to the ServerLayout section:
Section "ServerLayout"
...
...
InputDevice "Mouse0" "CorePointer"
EndSection
Then, create a new InputDevice section:
Section "InputDevice"
Identifier "Mouse0"
Driver "evdev"
Option "Device" "/dev/input/event2"
Option "Name" "QEMU 0.8.2 QEMU USB Tablet"
Option "Mode" "Absolute"
EndSection
For the Device and Name values, use the eventX value ("event2" in this case) and name found in the previous step.
10. Restart X Windows and exit the root shell by running
[root@hostname ~]# init 5; exit
The mouse tracking should be much more accurate now.
One solution to this problem is to switch from a virtual mouse to a virtual tablet. A tablet sends absolute coordinates instead of relative motion deltas, so no conversion is necessary. See the instructions below to enable a virtual tablet.
Another solution is to switch from a VNC console to an SDL console, however, the SDL console has its own set of problems: it does not work with the Virtual Machine Manager (virt-manager), and if you close the SDL console, it immediately kills the virtual machine, possibly resulting in data loss.
Enabling a Virtual Tablet
1. Launch the Virtual Machine Manager (virt-manager).
2. If the virtual machine is running, turn it off.
3. Select the virtual machine, then click Details. In the Hardware tab, click Add. For Hardware type, choose Input Device and click Forward. For Type, select the "EvTouch USB Graphics Tablet", click Forward, and click Finish. Alternately, on the host (dom0) system, open the /etc/xen/virtual-machine-name file with your favorite text editor and add the following line at the bottom of the file:
usbdevice = 'tablet'
4. Turn on the virtual machine.
5. If necessary, switch to a text console: using the Virtual Machine Manager console, go to the Send Key menu and click CTRL-ALT-F1.
6. Log in to the virtual machine as root.
7. Switch to run level 3 (to disable X Windows) by running init 3:
[root@hostname ~]# init 3
8. Run the following command to find the name of the event for the tablet:
[root@hostname ~]# egrep 'Name|Handlers' /proc/bus/input/devices | grep -i -A 1 tablet
N: Name="QEMU 0.8.2 QEMU USB Tablet"
H: Handlers=mouse1 event2 js0
9 . Open /etc/X11/xorg.conf with your favorite text editor. If necessary, add the following InputDevice line to the ServerLayout section:
Section "ServerLayout"
...
...
InputDevice "Mouse0" "CorePointer"
EndSection
Then, create a new InputDevice section:
Section "InputDevice"
Identifier "Mouse0"
Driver "evdev"
Option "Device" "/dev/input/event2"
Option "Name" "QEMU 0.8.2 QEMU USB Tablet"
Option "Mode" "Absolute"
EndSection
For the Device and Name values, use the eventX value ("event2" in this case) and name found in the previous step.
10. Restart X Windows and exit the root shell by running
[root@hostname ~]# init 5; exit
The mouse tracking should be much more accurate now.
How can I find information on the maximum amount of memory my system can handle?
The dmidecode command can be used to display information from the systems' BIOS that includes the maximum memory that the BIOS will support. This information is displayed by dmidecode as type 16 (Physical Memory Array) which can be filtered with the command dmidecode -t 16.
For instance, the following output shows a system that can support a maximum of 16GB of RAM.
Handle 0x0032, DMI type 16, 15 bytes
Physical Memory Array
Location: System Board Or Motherboard
Use: System Memory
Error Correction Type: None
Maximum Capacity: 16 GB
Error Information Handle: Not Provided
Number Of Devices: 4
For instance, the following output shows a system that can support a maximum of 16GB of RAM.
Handle 0x0032, DMI type 16, 15 bytes
Physical Memory Array
Location: System Board Or Motherboard
Use: System Memory
Error Correction Type: None
Maximum Capacity: 16 GB
Error Information Handle: Not Provided
Number Of Devices: 4
Does Red Hat Enterprise Linux properly handle leap seconds?
Background
"Leap seconds" are extra seconds that are added or removed to keep Civil Time, which is based on Universal Coordinated Time (UTC), within 0.9 seconds of the Earth's rotational time (UT1). The last leap second was added at 2008-12-31 23:59:59 UTC. At that time, clocks keeping track of time based on UTC should have counted as follows:
2008-12-31 23:59:59 UTC
2008-12-31 23:59:60 UTC
2009-01-01 00:00:00 UTC
Note that the leap second corrections are made at midnight UTC, which is at different local times around the world. For example, the most recent leap second was added at 3:59:60 pm in the US Pacific time zone (2008-12-31 15:59:60 PST).
Red Hat Enterprise Linux using NTP
Systems running any version of Red Hat Enterprise Linux should automatically account for leap second corrections if they are using the NTP daemon to synchronize their local timekeeping with an NTP server. During the last day before a leap second correction, NTP servers should notify their clients that a leap second will occur, and at 23:59:59 UTC, the Linux kernel should add or remove an extra second by making the 60th second twice as long or removing it entirely. Thus, Red Hat Enterprise Linux systems running an NTP client during the last leap second correction should have counted time as follows:
2008-12-31 23:59:59 UTC
2008-12-31 23:59:59 UTC
2009-01-01 00:00:00 UTC
Red Hat Enterprise Linux not using NTP
By default, Linux systems not using NTP to synchronize their timekeeping will not correct leap seconds, and the time reported by these systems will have a one-second difference relative to UTC after the leap second correction. You should reset the clock manually after leap seconds occur.
You can also configure non-NTP systems to report time corrected for leap seconds by copying the appropriate file from the /usr/share/zoneinfo/right directory hierarchy to /etc/localtime and resetting the clock to the correct local time. The files in /usr/share/zoneinfo/right contain local time information corrected for all leap seconds that have occurred since the beginning of the Epoch on 1970-01-01 00:00:00 UTC. The other time zone files in /usr/share/zoneinfo do not have leap second corrections added. After the 2008 leap second, there have been 24 leap seconds added since the Epoch.
As an example, if a system is in the America/Los_Angeles (US Pacific) time zone, you can reconfigure the system to report leap-second-corrected time by running the following and resetting the clock to Pacific Time:
cp /usr/share/zoneinfo/right/America/Los_Angeles /etc/localtime
Once this is done, the system will report time corrected for leap seconds.
To ensure that the most recent leap second is accounted for properly, you should make sure you have the latest version of the tzdata installed in their Red Hat Enterprise Linux system. The leap second added at the end of 2008 should have been handled properly by the following versions of tzdata:
Red Hat Enterprise Linux Version tzdata version
==================================================
Red Hat Enterprise Linux 2.1 tzdata-2008e-1.el2_1
Red Hat Enterprise Linux 3 tzdata-2008e-1.el3
Red Hat Enterprise Linux 4 tzdata-2008e-1.el4
Red Hat Enterprise Linux 5 tzdata-2008e-1.el5
Additional Information
Additional information on leap seconds and how they are handled in Linux and by NTP can be found at the following links:
Leap Seconds
The NTP Timescale and Leap Seconds
NTP in real Life: What happens during a Leap Second?
"Leap seconds" are extra seconds that are added or removed to keep Civil Time, which is based on Universal Coordinated Time (UTC), within 0.9 seconds of the Earth's rotational time (UT1). The last leap second was added at 2008-12-31 23:59:59 UTC. At that time, clocks keeping track of time based on UTC should have counted as follows:
2008-12-31 23:59:59 UTC
2008-12-31 23:59:60 UTC
2009-01-01 00:00:00 UTC
Note that the leap second corrections are made at midnight UTC, which is at different local times around the world. For example, the most recent leap second was added at 3:59:60 pm in the US Pacific time zone (2008-12-31 15:59:60 PST).
Red Hat Enterprise Linux using NTP
Systems running any version of Red Hat Enterprise Linux should automatically account for leap second corrections if they are using the NTP daemon to synchronize their local timekeeping with an NTP server. During the last day before a leap second correction, NTP servers should notify their clients that a leap second will occur, and at 23:59:59 UTC, the Linux kernel should add or remove an extra second by making the 60th second twice as long or removing it entirely. Thus, Red Hat Enterprise Linux systems running an NTP client during the last leap second correction should have counted time as follows:
2008-12-31 23:59:59 UTC
2008-12-31 23:59:59 UTC
2009-01-01 00:00:00 UTC
Red Hat Enterprise Linux not using NTP
By default, Linux systems not using NTP to synchronize their timekeeping will not correct leap seconds, and the time reported by these systems will have a one-second difference relative to UTC after the leap second correction. You should reset the clock manually after leap seconds occur.
You can also configure non-NTP systems to report time corrected for leap seconds by copying the appropriate file from the /usr/share/zoneinfo/right directory hierarchy to /etc/localtime and resetting the clock to the correct local time. The files in /usr/share/zoneinfo/right contain local time information corrected for all leap seconds that have occurred since the beginning of the Epoch on 1970-01-01 00:00:00 UTC. The other time zone files in /usr/share/zoneinfo do not have leap second corrections added. After the 2008 leap second, there have been 24 leap seconds added since the Epoch.
As an example, if a system is in the America/Los_Angeles (US Pacific) time zone, you can reconfigure the system to report leap-second-corrected time by running the following and resetting the clock to Pacific Time:
cp /usr/share/zoneinfo/right/America/Los_Angeles /etc/localtime
Once this is done, the system will report time corrected for leap seconds.
To ensure that the most recent leap second is accounted for properly, you should make sure you have the latest version of the tzdata installed in their Red Hat Enterprise Linux system. The leap second added at the end of 2008 should have been handled properly by the following versions of tzdata:
Red Hat Enterprise Linux Version tzdata version
==================================================
Red Hat Enterprise Linux 2.1 tzdata-2008e-1.el2_1
Red Hat Enterprise Linux 3 tzdata-2008e-1.el3
Red Hat Enterprise Linux 4 tzdata-2008e-1.el4
Red Hat Enterprise Linux 5 tzdata-2008e-1.el5
Additional Information
Additional information on leap seconds and how they are handled in Linux and by NTP can be found at the following links:
Leap Seconds
The NTP Timescale and Leap Seconds
NTP in real Life: What happens during a Leap Second?
Can a system run multiple virtualization technologies simultaneously?
Can one system, for example, run both Red Hat Virtualization and VMware virtual machines at the same time?
No.
Virtualization software needs exclusive control over certain hardware resources. The host system may crash or reboot if multiple virtualization systems are active and try to use the same hardware resources. Be sure to install and use only one virtualization technology on a system.
To check if Red Hat Virtualization (Xen in Red Hat Enterprise Linux 5) is active, look for "xen" in the uname output, for example:
$ uname -r | grep xen
2.6.18-8.el5xen
To disable Xen, disable the xend and xendomains services, then reboot and choose another kernel at the GRUB screen, or use grubby to change the default kernel and reboot. For example:
# chkconfig xend off
# chkconfig xendomains off
# grubby --set-default=/boot/vmlinuz-2.6.18-8.el5
# reboot
No.
Virtualization software needs exclusive control over certain hardware resources. The host system may crash or reboot if multiple virtualization systems are active and try to use the same hardware resources. Be sure to install and use only one virtualization technology on a system.
To check if Red Hat Virtualization (Xen in Red Hat Enterprise Linux 5) is active, look for "xen" in the uname output, for example:
$ uname -r | grep xen
2.6.18-8.el5xen
To disable Xen, disable the xend and xendomains services, then reboot and choose another kernel at the GRUB screen, or use grubby to change the default kernel and reboot. For example:
# chkconfig xend off
# chkconfig xendomains off
# grubby --set-default=/boot/vmlinuz-2.6.18-8.el5
# reboot
How do I find which RPM contains a specific file?
The rpm -qf command will provide the name of the RPM package that contains a specific file. For example, to see which rpm contains the file /usr/lib/libdb.so.2, run the following:
# rpm -qf /usr/lib/libdb.so.2
gnome-libs-1.4.1.2.90-34.1
If you are trying to install an RPM package and you are getting an error message saying that a file is missing, RPM may not be able to tell you which package that file is in. Depending on which version of Red Hat Enterprise Linux you are running you can identify the necessary package using either 'yum whatprovides' for Red Hat Enterprise Linux 5 or 'up2date --whatprovides=' for Red Hat Enterprise Linux 4.
# up2date --whatprovides=libdb.so.2
compat-db-4.1.25-9.i386
or
# yum whatprovides */libdb.so
Loaded plugins: rhnplugin
db4-devel-4.3.29-9.fc6.x86_64 : Development files for the Berkeley DB
: (version 4) library.
In the case that you do not have your installations registered to the Red Hat Network and you have no others available, there is a third party web site http://www.rpmfind.net which is a good resource. This website allows you to search by file, and then prints out the name of the package that file is in.
Once you know which package you need to install, you can use up2date in Red Hat Enterprise Linux 4 and older, or yum in Red Hat Enterprise Linux 5 and newer, to install the package from RHN. Packages can also be downloaded from the RHN website at http://rhn.redhat.com.
# rpm -qf /usr/lib/libdb.so.2
gnome-libs-1.4.1.2.90-34.1
If you are trying to install an RPM package and you are getting an error message saying that a file is missing, RPM may not be able to tell you which package that file is in. Depending on which version of Red Hat Enterprise Linux you are running you can identify the necessary package using either 'yum whatprovides' for Red Hat Enterprise Linux 5 or 'up2date --whatprovides=' for Red Hat Enterprise Linux 4.
# up2date --whatprovides=libdb.so.2
compat-db-4.1.25-9.i386
or
# yum whatprovides */libdb.so
Loaded plugins: rhnplugin
db4-devel-4.3.29-9.fc6.x86_64 : Development files for the Berkeley DB
: (version 4) library.
In the case that you do not have your installations registered to the Red Hat Network and you have no others available, there is a third party web site http://www.rpmfind.net which is a good resource. This website allows you to search by file, and then prints out the name of the package that file is in.
Once you know which package you need to install, you can use up2date in Red Hat Enterprise Linux 4 and older, or yum in Red Hat Enterprise Linux 5 and newer, to install the package from RHN. Packages can also be downloaded from the RHN website at http://rhn.redhat.com.
Subscribe to:
Posts (Atom)
