LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
LinkBack Search this Thread
Old 08-28-2006, 07:11 AM   #1
sathyguy
Member
 
Registered: Sep 2005
Location: Indian Working in Saudi Arabia
Distribution: Redhat Linux AS 3.0
Posts: 93

Rep: Reputation: 15
how to do the Patch update and bug fix in AS 3.0?


Friends,

We are running Redhat Enterprise Linux AS 3.0 for the past 2 years.
Still now we never go for any updates i.e.,patch update or bug fixing.
Now i would like to do all the updates regularly.
as im new to linux i request you people to help me in this regarding.
From where should i start first.

Thanks & Regards
Sathyguy
 
Old 08-29-2006, 02:06 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,518
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
If you ran it for two years w/o patching then it's probably been neglected in all aspects and I would start with a thorough audit of the box. Check all services, users and processes for anomalies then work your way through the logs, file integrity check and run some audit tools like Chkrootkit and/or Rootkit Hunter, Tiger and/or Usat and update logging, access restrictions, etc, etc. before updating.

I'd say your upgrade strategy depends on what the box is used for. If it is part of a critical business process and only allowed maintenance downtime for strict defined durations then it probably would be advantageous to plan the whole upgrade process and mimick it on a test box first. If the box is not part of any critical business process then you probably have ages to (temporarily migrate services to another box and) just let your favourite update tool run and fix things afterwards.
 
Old 08-31-2006, 03:13 AM   #3
sathyguy
Member
 
Registered: Sep 2005
Location: Indian Working in Saudi Arabia
Distribution: Redhat Linux AS 3.0
Posts: 93

Original Poster
Rep: Reputation: 15
Thanks for your reply.
But the problem is I am newbie.
So can we start with step by step? Don't be angry
1. Auditing
a) Is there any tool inside the RHEL AS 3.0 for auditing or i have install any third party software for auditing?
b) If it is a third party where can i download it?
c) if it is inside the box what is the command to run the audit tool?
d) Will it harm the system by running the audit tool? Can i run the audit tool everyday?

I think let me finish the auditing first. Then i will go for the next step.

Thanks & Regards,
Sathyguy
 
Old 08-31-2006, 06:44 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,518
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
So can we start with step by step?
Definately.

Don't be angry
I'm not.

1. Auditing
Auditing simply means examining and adjusting. What, in what order and how you examine things depends roughly on the state of the box (distribution, release, maintenance history), the purpose or usage of the box (say shellserver versus database server) and the location (intranet, DMZ, publicly accessable).

Have a look at the LQ FAQ: Security references, post #1 under "Compromise, breach of security, detection", this one: Intruder Detection Checklist (CERT) . It's a good example of what to look for always.

Applying security measures should not stop at strenghtening security but also take care of leaving enough of an evidence trail to be able to audit a box and adjust where necessary (adjusting being the second half of auditing). Think system logging like performance counters and authentication and authorisation, process logging, users history (if any are allowed), anomalous network traffic. And for some boxen it would be "better" to configure syslogging to log to a remote host. Once logging is in place it's much easier to be proactive about it adding say file integrity, process and logfile checkers that can adjust and alert on certain conditions.


a) Is there any tool inside the RHEL AS 3.0 for auditing or i have install any third party software for auditing?
Yes and yes. But before you start you should ask yourself (any admins who used the box) if there's a cause for distrusting the box. If there is any, it would be safer to reboot the box with a Live CD whose tools you can trust to return the right information. In some cases you can also just mount the CD and use the tools from that location, you should judge if that's necessary based on information, reports or even rumours.

There's nearly always local tools for showing/checking info like:
- passwd (pwck) and group (grpck) consistency,
- who's logged in now (who), who logged in previously (last, lastb, lastlog),
- showing process and environment info (ps, pstree, procinfo, top, lsof, sa),
- network information (netstat, lsof),
- file information (lsof, fuser),
- installed files information (rpm),
- services (chkconfig).
Then there's local tools like "less" and "more" and text editors with which you can read configuration and logfiles (check /etc/syslog.conf for which ones should be used). Manually using available system tools and reading logs should be done to gain proficiency, because you don't have to introduce new tools and in some cases because there's no alternative for human knowledge and interpretation of signs. Using 3rd party apps still is a necessity IMHO because of their scope and to help speed up auditing and reporting (Tiger, Usat), because can provide you with checks you can't do easily otherwise (env_audit, unhide, check_sysmap) or because they provide checks that point to (possible) intrusions (Chkrootkit, Rootkit Hunter).

Like I already said there's no alternative for human knowledge and interpretation of signs, and there's also caveats which warrant human checking, for instance passwd and group information can have more root account users added, authentication logs can be tampered with or wiped, checking installed files information using "rpm" only covers files that where installed using rpm and services may be running from cron or at, locations like /etc/rc.d/rc.local or /etc/inittab or piggyback on other services.


b) If it is a third party where can i download it?
All the 3rd party tools I mentioned are mentioned on LQ before, are GNU GPL licensed and have homepages. It should not be hard for you to search LQ and teh intarweb to locate those.


c) if it is inside the box what is the command to run the audit tool?
All the "local" tools I mentioned have man and info pages. Read those. If you can't get it to work after reading, then ask.


d) Will it harm the system by running the audit tool?
No, not unless the box is already in a state of deterioration ;-p


Can i run the audit tool everyday?
Sure. In some cases that would be beneficial, in some cases unnecessary.


I think let me finish the auditing first. Then i will go for the next step.
Good. Reading, asking questions and being methodical about things is the best approach.
I'll keep an eye on this thread to see how things progress.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
firefox 1.0.2 bug-fix released rgiggs Slackware 13 03-25-2005 05:09 AM
Bug Fix Ctp. Obvious Linux - Newbie 5 08-02-2004 06:58 AM
Bug fix update for 10.0 akihandyman Mandriva 3 07-14-2004 04:13 PM
Postfix/ Redhat 9 bug fix Pcghost LinuxQuestions.org Member Success Stories 2 07-18-2003 04:57 PM
bug in RPM, but how to fix? bearcatsandor Linux - Software 2 12-06-2001 06:34 PM


All times are GMT -5. The time now is 05:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration