os patching

Download os patching

Post on 04-Apr-2018




0 download

Embed Size (px)


  • 7/30/2019 os patching



    Fall 2012


    Title: OS Patching, Updating, Upgrading & Core dumpManagement

    Name: Shivapuram Mithilesh

    Class ID#: 19School ID#: 0837622

    Course: Operating Systems Security

    Course ID: CSCI-620-M01Date: 1/17/12

  • 7/30/2019 os patching


    Assignments Content

    1. Overview.3

    2. Patching Linux.4


    4.OS UPDATING.22


    6.CONCLUSION.... 29

  • 7/30/2019 os patching


    1. Overview

    With the advent of ever-evolving technologies like SANs, virtualization and

    server consolidation, data centers are glowing with even more shimmering lights, and

    humming from the buzz of smaller form factor stand-alone servers, farms of virtual

    machine servers and rows of blade centers. The ease of using server templates, cloning

    and automated installations have definitely had a great impact on the number of servers

    you end up managing today. What may have been a 10:1 server to technician ratio several

    years ago has now changed, and enterprise sized server farms of several hundred

    machines are managed by just a handful of people. Simply put...if you can build it faster,

    better and cheaper, someone will take notice and expect more.

    Along with the growing data center, you also have the rise of Linux as an enterprise leveloperating system. As more tech houses use this constantly maturing operating system,

    they run into issues like support, hardware compatibility and finding ways to get more

    bang for their buck using open source components in their existing infrastructures. Now,

    aside from finding better ways to manage your hardware, using tools, monitoring

    processes and other fun IT stuff, one of the biggest headaches IT has to face is keeping

    your machines up to date. Yes...were talking about patching.

    When it comes to patching, Microsoft has the edge by far. Regardless of the number of

    patches Microsoft puts out every year, being the popular operating system that it is, it

    gets pretty good support from the industry when it comes to facilitating patch

    management. Aside from using Microsoft Update to patch your machines, there are

    plenty of third-party tools that support the Windows operating system. For Linux, on the

    other hand, youll only find a few third party tools. You can use the built-in update

    processes that the OS has to offer, but it can quite clumsy, especially if scheduling is

    required, or if there are package dependencies to consider. The few third party tools

    available can be rather limiting as well, since the majority only work with RedHat. You

    also need to deal with a vast number of machines in your server farm. How can youmanage large scale patch deployments across thirty, sixty or even several hundred


    In this article, I try to cover some of the basics of patching Linux using built-in

    mechanisms, whats available in the third-party tool market and, some of the obstacles

    Ive run into when trying to manage a small to large data center full ofLinux servers.

  • 7/30/2019 os patching



    There are four basic reasons patching your Linux machines are important:




    Error Fixing


    Possibly the most important reason to update your OS is to maintain a secure

    environment for your machines applications. Applying security patches will update your

    machine and plug up security holes left by outdated software or poorly writtenapplications. You really want to keep others from accessing your file system through

    some newly found vulnerability. If someone should get in, that person can possibly get

    important data, change security settings on the machine or even install some little piece

    of software you may not so easily catch. For example, software like rootkits can be

    installed and will use newly added processes, wresting some control from the unwary

    administrator. Even more, now that a machine is potentially under the control of

    someone else, it may become the unwilling participant in a bot attack involving other

    commandeered machines, coming from your network or across the Internet.

    There are plenty of ways to keep your machines safe, but most importantly, keepup with the all the latest security alerts. Checking up on updated packages occasionally

    can save you from having to deal with the repercussions of having your data stolen or

    rebuilding your machine. Vendors and distributors like RedHat, SuSE and Ubuntu have

    special alert services and websites that get updated with the latest security news and

    information. You can also look up security based web sites like Secunia or the United

    States Computer Emergency Readiness Team (US-CERT) for more information on

    current vulnerabilities and how theyre affecting other computers in the wild.


    Maintaining a solid working environment is the second reason for keeping your machine

    up to date. Having the latest/greatest software keeps you up with the times. As we all

    know, technology doesnt slow down, and new software features are always popping up.

    For example, an applications previous version may have needed an interface to a

    MySQL database, but with the advent of a new XML feature, the database requirement

  • 7/30/2019 os patching


    becomes non-existent. By updating your software, you can use the newer XML feature,

    and enjoy the benefits of updated technology.

    Patching your Linux machine may also present another challenge...dealing with

    dependencies. If you patch your OS the wrong way, you may run into dependency

    conflicts that, if not resolved, could prevent you from updating your application. Lets

    take an application like Gallery, a web based open-source photo album, as an example.

    You definitely wouldnt be able to run Gallery with an older mySQL installation on your

    computer. Certain requirements would not be met and during the Gallery installation you

    would get messages coming back about first having to update other dependent packages.

    You would then have to update those dependencies as well for your Gallery installation

    to succeed. Theoretically, you could spend quite some time trying to find the appropriate

    packages, until you get it all straightened out.


    If you are going run Linux in an enterprise environment where you have various levels of

    expertise on-staff, it is important to make sure that you have your OS at a supportable

    level. Sure, Linux may be a free operating system, but if your operations are the type that

    support life or manage your companys finances, you need to have access to a high level

    of expertise-youll never know for sure if youre going to need it, and while support is

    not cheap, its necessary.

    To qualify for support from most vendors, if not all, you need to have a supportable

    version of the OS to call in for. Just ask yourself this...In 2007, who supports RedHat

    Linux 6.0? Running an older version of an OS can potentially be more expensive to

    support, as fewer people work with it. Thus, its to your benefit to upgrade that RedHat

    server to a newer version, if not the latest. The big Linuxdistributions will usually list

    their supported OS levels, and also give end-of-life information so you can know when

    you should upgrade those older machines and OSes.

    Error Fixing

    The last reason for why you want to install newer software packages is to replace

    software that is problematic. Memory leaks, for example, are problems caused by errors

    that may have been missed during development. Software performance can also be fixed

    or improved on a well-maintained machine. Just keep in mind that though most of these

  • 7/30/2019 os patching


    updates are listed as optional, but they can also be listed in a critical category iftheir

    defects can lead to security holes or other vulnerabilities.

    2.1 How to Patch Your Linux Installation

    Like all OSes, every once in a while you need to update the software running on yourLinux server. You can do this in one of three ways:

    Download the updated packages and manually install them yourself.

    Use a built-in open source application that comes with the OS distribution.

    Use a third party application that downloads the file and then runs the installation for you.

    Lets look at these in more detail.

    Manual Updates

    One way you can update your RedHat or SuSE machine is by going to your particular

    vendors Web or FTP site, and downloading the packages directly from the online file

    repository or a trusted mirror site. For recent products, like Novells SLES or RedHat

    Enterprise Servers, once you get the file onto your machine you can then run the RedHat

    Package Manager (aka rpm) and update the target program you choose.

    FIGURE 2.1:RPM

    After downloading the rrdtools latest RPM, you can run rpm -i to install the new

    package, or rpm -u if you are updating rrdtool. The next RPM command queries all the

    installed RPMs, and extracts only the information you want, using the grep command.