os patching
Post on 04-Apr-2018
220 views
Embed Size (px)
TRANSCRIPT
7/30/2019 os patching
1/30
NYIT
Fall 2012
TERM PAPER:01
Title: OS Patching, Updating, Upgrading & Core dumpManagement
Name: Shivapuram Mithilesh
Class ID#: 19School ID#: 0837622
Course: Operating Systems Security
Course ID: CSCI-620-M01Date: 1/17/12
7/30/2019 os patching
2/30
Assignments Content
1. Overview.3
2. Patching Linux.4
3. OS UPGRADING18
4.OS UPDATING.22
5.LINUX CORE DUMPS..25
6.CONCLUSION.... 29
7/30/2019 os patching
3/30
1. Overview
With the advent of ever-evolving technologies like SANs, virtualization and
server consolidation, data centers are glowing with even more shimmering lights, and
humming from the buzz of smaller form factor stand-alone servers, farms of virtual
machine servers and rows of blade centers. The ease of using server templates, cloning
and automated installations have definitely had a great impact on the number of servers
you end up managing today. What may have been a 10:1 server to technician ratio several
years ago has now changed, and enterprise sized server farms of several hundred
machines are managed by just a handful of people. Simply put...if you can build it faster,
better and cheaper, someone will take notice and expect more.
Along with the growing data center, you also have the rise of Linux as an enterprise leveloperating system. As more tech houses use this constantly maturing operating system,
they run into issues like support, hardware compatibility and finding ways to get more
bang for their buck using open source components in their existing infrastructures. Now,
aside from finding better ways to manage your hardware, using tools, monitoring
processes and other fun IT stuff, one of the biggest headaches IT has to face is keeping
your machines up to date. Yes...were talking about patching.
When it comes to patching, Microsoft has the edge by far. Regardless of the number of
patches Microsoft puts out every year, being the popular operating system that it is, it
gets pretty good support from the industry when it comes to facilitating patch
management. Aside from using Microsoft Update to patch your machines, there are
plenty of third-party tools that support the Windows operating system. For Linux, on the
other hand, youll only find a few third party tools. You can use the built-in update
processes that the OS has to offer, but it can quite clumsy, especially if scheduling is
required, or if there are package dependencies to consider. The few third party tools
available can be rather limiting as well, since the majority only work with RedHat. You
also need to deal with a vast number of machines in your server farm. How can youmanage large scale patch deployments across thirty, sixty or even several hundred
servers?
In this article, I try to cover some of the basics of patching Linux using built-in
mechanisms, whats available in the third-party tool market and, some of the obstacles
Ive run into when trying to manage a small to large data center full ofLinux servers.
http://www.tomsguide.com/us/security-linux-update,review-1033.htmlhttp://www.tomsguide.com/us/security-linux-update,review-1033.html7/30/2019 os patching
4/30
2. PATCHING LINUX
There are four basic reasons patching your Linux machines are important:
Security
Maintenance
Supportability
Error Fixing
Security
Possibly the most important reason to update your OS is to maintain a secure
environment for your machines applications. Applying security patches will update your
machine and plug up security holes left by outdated software or poorly writtenapplications. You really want to keep others from accessing your file system through
some newly found vulnerability. If someone should get in, that person can possibly get
important data, change security settings on the machine or even install some little piece
of software you may not so easily catch. For example, software like rootkits can be
installed and will use newly added processes, wresting some control from the unwary
administrator. Even more, now that a machine is potentially under the control of
someone else, it may become the unwilling participant in a bot attack involving other
commandeered machines, coming from your network or across the Internet.
There are plenty of ways to keep your machines safe, but most importantly, keepup with the all the latest security alerts. Checking up on updated packages occasionally
can save you from having to deal with the repercussions of having your data stolen or
rebuilding your machine. Vendors and distributors like RedHat, SuSE and Ubuntu have
special alert services and websites that get updated with the latest security news and
information. You can also look up security based web sites like Secunia or the United
States Computer Emergency Readiness Team (US-CERT) for more information on
current vulnerabilities and how theyre affecting other computers in the wild.
Maintenance
Maintaining a solid working environment is the second reason for keeping your machine
up to date. Having the latest/greatest software keeps you up with the times. As we all
know, technology doesnt slow down, and new software features are always popping up.
For example, an applications previous version may have needed an interface to a
MySQL database, but with the advent of a new XML feature, the database requirement
7/30/2019 os patching
5/30
becomes non-existent. By updating your software, you can use the newer XML feature,
and enjoy the benefits of updated technology.
Patching your Linux machine may also present another challenge...dealing with
dependencies. If you patch your OS the wrong way, you may run into dependency
conflicts that, if not resolved, could prevent you from updating your application. Lets
take an application like Gallery, a web based open-source photo album, as an example.
You definitely wouldnt be able to run Gallery with an older mySQL installation on your
computer. Certain requirements would not be met and during the Gallery installation you
would get messages coming back about first having to update other dependent packages.
You would then have to update those dependencies as well for your Gallery installation
to succeed. Theoretically, you could spend quite some time trying to find the appropriate
packages, until you get it all straightened out.
Supportability
If you are going run Linux in an enterprise environment where you have various levels of
expertise on-staff, it is important to make sure that you have your OS at a supportable
level. Sure, Linux may be a free operating system, but if your operations are the type that
support life or manage your companys finances, you need to have access to a high level
of expertise-youll never know for sure if youre going to need it, and while support is
not cheap, its necessary.
To qualify for support from most vendors, if not all, you need to have a supportable
version of the OS to call in for. Just ask yourself this...In 2007, who supports RedHat
Linux 6.0? Running an older version of an OS can potentially be more expensive to
support, as fewer people work with it. Thus, its to your benefit to upgrade that RedHat
server to a newer version, if not the latest. The big Linuxdistributions will usually list
their supported OS levels, and also give end-of-life information so you can know when
you should upgrade those older machines and OSes.
Error Fixing
The last reason for why you want to install newer software packages is to replace
software that is problematic. Memory leaks, for example, are problems caused by errors
that may have been missed during development. Software performance can also be fixed
or improved on a well-maintained machine. Just keep in mind that though most of these
http://www.tomsguide.com/us/security-linux-update,review-1033-2.htmlhttp://www.tomsguide.com/us/security-linux-update,review-1033-2.html7/30/2019 os patching
6/30
updates are listed as optional, but they can also be listed in a critical category iftheir
defects can lead to security holes or other vulnerabilities.
2.1 How to Patch Your Linux Installation
Like all OSes, every once in a while you need to update the software running on yourLinux server. You can do this in one of three ways:
Download the updated packages and manually install them yourself.
Use a built-in open source application that comes with the OS distribution.
Use a third party application that downloads the file and then runs the installation for you.
Lets look at these in more detail.
Manual Updates
One way you can update your RedHat or SuSE machine is by going to your particular
vendors Web or FTP site, and downloading the packages directly from the online file
repository or a trusted mirror site. For recent products, like Novells SLES or RedHat
Enterprise Servers, once you get the file onto your machine you can then run the RedHat
Package Manager (aka rpm) and update the target program you choose.
FIGURE 2.1:RPM
After downloading the rrdtools latest RPM, you can run rpm -i to install the new
package, or rpm -u if you are updating rrdtool. The next RPM command queries all the
installed RPMs, and extracts only the information you want, using the grep command.