certwatch

Posted on 28. May 2012 by Jens Kuehnel

Because I just fell into the “forgot the renew my cert” trap again. One very important hint. Install crypto-utils on all machines where ssl-certs are used. It will check automatically all  certs that are used by httpd.

Posted in Uncategorized | Tagged | Leave a comment

Enable serial console with systemd

Posted on 29. April 2012 by Jens Kuehnel

If you need to enable a serial console on a systemd machine like Fedora 16, you have two possibilities.

Start it immediately with: systemctl start getty@ttyS0.service

or start it at every boot with:

ln -s /usr/lib/systemd/system/getty@.service   /etc/systemd/system/getty.target.wants/getty@ttyS0.service

Posted in Fedora, Linux | Tagged | 3 Comments

Oracle Linux UEK broken

Posted on 27. April 2012 by Jens Kuehnel

Hi,

after my post Centos vs. ScientificLinux  which included Oracle Linux, I played around with OL6. The default kernel running is the “Unbreakable Enterprise Kernel” (UEK). This kernel is based on 2.6.39 and is currently the only Linux kernel that is supported by Oracle DB 11.

I played around with this kernel for about a day and found a bug. I setup my kvm setup with bonding together 2 ethernet devices and put that into a bridge. Than I installed OL6 into a virtuel machine. Nothing fancy, but when the host is running UEK the network connection doesn’t work correctly anymore. From 100 pings only 5-10 return. dhclient works and I get an IP, but downloading or yum updating is not possible.

Of course is runs with the “RHEL compatible” kernel.

Maybe that is just bad luck, but what other things did they miss? Or is this kernel named unbreakable, because without network no one will attack it?

Posted in Enterprise Linux, Linux | Tagged | 1 Comment

Centos vs. ScientificLinux

Posted on 03. April 2012 by Jens Kuehnel

I’ve been asked by a lot of people why I switched from Centos to ScientificLinux.

My feeling was that ScientificLinux delivers security updates faster and more reliably, but feeling is not a good adviser when it comes to security. So I sat down and created a LibreCalc sheet to check how long it took between the RedHat security update release and the corresponding release of Centos and ScientificLinux. Because now Oracle offers free updates for OL, I added OL to the list.

I took all the security updates available from an uptodate RHN Satellite, export its erratas into an csv-File and add the release times from Centos, ScientificLinux (SL) and OracleLinux (OL). I took the create file time stamp from the main FTP-Server, as the release time for Centos and SL. . I checked some of the erratas with the security announce mailing list and found no difference. I did the same with OL, but I realized that Oracle don’t use the release time as FTP timestamp. For RHSA-2012:0426 I check the Oracle-FTP-Server at the 28th and no package was available, recheck 2 days later and it was available and the timestamp was from the 27th. I kept the timestamps in my list, but don’t trust them. I was thinking about writing a script to analyze the security mailing lists, but I don’t have time for that.

I only checked the erratas from 1. October 2011 to 1. April 2012. Two updates were ignored.  RHSA-2011:1328 because  it was only an update to an errata and RHSA-2011:1531 was replaced by RHSA-2011:1777 on the same day.

During this time red hat released 78 erratas and I used 76. The average delay for Centos is 6.58 days and for ScientificLinux is 1.33. In December 2011 Centos finally got his build environment and released both 6.1 and 6.2 in little over one week. Centos really picked up momentum. If you look at the updates between 1.Jan and 1.Apr 2012 the numbers are very close together with 1.27 for Centos and 0.97 for SL.

The choice of SL vs. Centos is really much harder today. But I switched and I don’t see a reason to switch back. If you use Centos 6, from my perspective there is no reason to switch anymore.

RH-vs-Centos-vs-SL is the libreOffice Calc  sheet. I don’t guarantee for the dates, I worked as best as I could. If you find a mistake or have something to say, don’t hesitate to write a comment.

Posted in Enterprise Linux, Fedora, Linux | Tagged | 6 Comments

Find deleted files that are still in use

Posted on 03. April 2012 by Jens Kuehnel

When you disc is full and you delete stuff and the disc is still full, have a look at delete files that are still used by a process.

Use the command lsof +L1 for this.

Posted in Enterprise Linux, Fedora, Linux | Tagged | Leave a comment

sort -h

Posted on 03. April 2012 by Jens Kuehnel

A friend  just showed me this cool new option for sort. You now can sort with -h, which works great with du -h.

du -hs * |  sort -h

Available since RHEL6 and current Fedora. Sorry no RHEL5.

Posted in Enterprise Linux, Fedora, Linux | Tagged | 2 Comments

Weekly Series: Tools you need to know

Posted on 08. October 2011 by Jens Kuehnel

I wanted to write a weekly series for years. A series of all the cool tools that I show to people very  often and allways create a jaw drop. Thanks to Michael for asking the question that reminded me of this.

Today: yum-utils

yum-utils is a great bundle of tools that work with yum and repositories. I only show some programs that I use at least weekly:

  • package-cleanup –problems
    checks if there are some errors.  In RHEL6 and Fedora you can use yum check for that, but this works also for RHEL5 and is faster.
  • package-cleanup –orphans
    show packages that are not available from any repository. Maybe the repository deleted it or it was installed manually.
  • package-cleanup –leaves –all
    shows all packages that are installed and are not a dependency of any other package
  • reposync
    downloads all packages from a repository. Great to create a local copy of a repository. You can even use with rhn channels with -l, but please read the RHEL license before using it to install machines.
Posted in Enterprise Linux, Fedora, Linux, Uncategorized | Tagged | Leave a comment

Update RHEL5 to RHEL6

Posted on 08. October 2011 by Jens Kuehnel

Officially Red Hat does not support updates from RHEL5 to RHEL6.

If you don’t care about support, or you are using Centos or ScientificLinux this is for you. But as always on the internet, I don’t give any warranties and when it breaks, you have to keep the pieces and don’t cry or sue! 🙂

Steps to update from RHEL5 to 6:

    • make backup!!!!!
    • install helpfull programm 
       yum install yum-utils
    • make a backup, not only of your data but everything
    • get list of installed packages. Just in case with rpm -qa > rpm-qa
    • remove packages that create problems 
      yum remove kmod-gnbd-xen kmod-gfs-xen \
kernel-xen-devel kmod-cmirror-xen kernel-xen \
unixODBC-kde OpenIPMI-python OpenIPMI-gui
    • remove kde because it creates problems, you can install it on RHEL6 again if needed: 
      yum groupremove kde-desktop
    • remove multilib on x86_64 because most of the time it is not needed anyway: 
      uname -a |grep x86_64 && yum remove *.i{3,4,5,6}86
    • check if there are problems before the upgrade to RHEL6 
      • package-cleanup --problems

        sometimes you have to remove some packages with

        rpm -e --noscripts
    • boot from RHEL 6.1 CD with option:  upgradeany 
    • at first reboot boot into runlevel 1
    • cleanup inittab of everything except this line and change it to runlevel 3: 
      • id:3:initdefault:
    • check that your yum-repofiles (/etc/yum*) are pointing only to RHEL6 repos!!!!!
rm -rf /var/cache/yum/*; yum clean all
  • remove abandon packages 
    yum remove adjtimex agg alchemist am-utils apmd \
aspell-af aspell-bg aspell-br aspell-ca aspell-cs aspell-cy \
aspell-da aspell-de aspell-el aspell-en aspell-es aspell-fo \
aspell-fr aspell-ga aspell-gd aspell-gl aspell-hr aspell-id \
aspell-is aspell-it aspell-nl aspell-no aspell-pl aspell-pt \
aspell-ru aspell-sl aspell-sr aspell-sv automake17 beecrypt \
bitstream-vera-fonts bluez-gnome bluez-hcidump bogl \
bootparamd booty cadaver cairo-java cdrtools chkfontpath \
Cluster_Administration cman cmirror cmirror-kmod \
compat-libcom_err compat-readline43 compat-slang conga \
convmv crash-spu-commands dasher dejavu-lgc-fonts \
Deployment_Guide desktop-backgrounds dhcdbd dhcpv6 \
distcache dogtail eel2 elilo emacspeak epic eruby etherboot \
exim exim-doc fbset fonts-arabic fonts-chinese fonts-hebrew \
fonts-indic fonts-ISO8859-2 fonts-japanese fonts-KOI8-R \
fonts-korean fonts-sinhala freeradius2 fribidi gcc44 \
gdk-pixbuf gfs-kmod gfs-utils gftp gimp-print gjdoc glade2 \
glib glib-java Global_File_System gnbd gnbd-kmod \
gnome-applet-vm gnome-audio gnome-keyring-manager \
gnome-mime-data gnome-mount gnome-netstatus gnome-nettool \
gnome-spell gnome-volume-manager gnu-crypto gpart gphoto2 \
gtk+ hfsutils htmlview hwbrowser ibmasm ibmasm-xinput \
icon-slicer ifd-egate inn ipsec-tools ipv6calc irda-utils \
jakarta-commons-fileupload jakarta-commons-launcher \
jakarta-commons-modeler jakarta-commons-validator joe \
joystick jpilot kcc kdbg kdeaddons kdewebdev kdnssd-avahi \
ktune kudzu lam launchmail libbtctl libdhcp libFS \
libgconf-java libglade-java libgnome-java libgtk-java \
libpfm libsdp libsilc libspe2 libtermcap libunwind \
libvte-java libXfontcache libXTrap lv lvm2-cluster \
man-pages-da man-pages-de mikmod mockobjects mod_python \
mozldap mpi-selector mx nedit nss_ldap ofed-docs \
openCryptoki openib openssl097a pam_ccreds pam_smb \
pdksh pfmon pkinit-nss postgresql84 prctl privoxy \
procinfo psgml pvm pwlib PyQt pyspi python-elementtree \
python-numeric qcairo qffmpeg qlvnictools qpixman qspice \
rarpd redhat-artwork rhel-instnum rhpl rhpxl rng-utils \
salinfo samba3x sblim scim scim-anthy scim-bridge \
scim-chewing scim-chinese-standard scim-hangul scim-m17n \
scim-pinyin scim-qtimm scim-sinhala scim-tables scribus slrn \
specspo splint squirrelmail stardict statserial struts \
switchdesk sysklogd system-config-bind system-config-boot \
system-config-cluster system-config-display \
system-config-httpd system-config-netboot system-config-nfs \
system-config-rootpassword system-config-samba \
system-config-soundcard system-switch-mail termcap tomcat5 \
tux tvflash unifdef uucp Virtualization wdaemon xcdroast xen \
xmlrpc xmlsec1 xorg-x11-drv-ark xorg-x11-drv-calcomp \
xorg-x11-drv-chips xorg-x11-drv-citron xorg-x11-drv-cyrix \
xorg-x11-drv-digitaledge xorg-x11-drv-dmc \
xorg-x11-drv-dynapro xorg-x11-drv-elo2300 \
xorg-x11-drv-jamstudio xorg-x11-drv-joystick \
xorg-x11-drv-magellan xorg-x11-drv-magictouch \
xorg-x11-drv-microtouch xorg-x11-drv-nsc xorg-x11-drv-palmax \
xorg-x11-drv-s3 xorg-x11-drv-spaceorb xorg-x11-drv-summa \
xorg-x11-drv-tek4957 xorg-x11-drv-tseng xorg-x11-drv-ur98 \
xorg-x11-drv-vga xorg-x11-resutils xorg-x11-xfs \
xorg-x11-xfwp xorg-x11-xsm xsri yum-updatesd zisofs-tools  \
tclx-doc
  • remove old kernels 
     yum remove kernel\*-2.6.18\*
  • there is a problem with lvm that are not automatically fixed: 
     yum downgrade lvm2
  • device-mapper-event is broken as well 
    rpm -e --nodeps device-mapper-event device-mapper
yum install device-mapper-event
  • remove problematic packages: 
     yum remove openoffice.org-langpack-sr_CS \
java-1.5.0-ibm-accessibility \
sblim-gather-provider-plugins-virt \
sblim-gather-plugins-virt java-1.6.0-ibm-accessibility \
yum-protect-packages.noarch
  • upgrade and downgrade (with –skip-broken) if needed: 
     yum distribution-synchronization
  • upgrade if needed (–skip-broken can help here as well): 
     yum update
  • check for programs that are not from RHEL6 an remove them: 
    package-cleanup --orphans | xargs yum remove
  • remove all packages with el5 in the name (should be empty or a very small number): 
     rpm -qa | grep el5 | xargs echo yum remove
  • check if all dep problems are fixed: 
    package-cleanup --problems
Posted in Enterprise Linux, Fedora, Linux | Tagged | Leave a comment

Welcome Fedora Planet

Posted on 18. September 2011 by Jens Kuehnel

Hallo fellow Fedorians,

after a lot of work and updating my server to ScientificLinux 6 (a blog post will be available shortly) I finally have my own blog.

I will write primarily in English, but expect some German posts as well.

Greetings from Germany

Jens Kühnel

Posted in Fedora, Linux | Tagged | 1 Comment

RHEL/Centos to ScientificLinux

Posted on 18. September 2011 by Jens Kuehnel

Hi,

You don’t want to wait for Centos 6.1 or your RedHat 6 entitlement is running out? This howto is about moving to ScienticLinux.

1a.) (for RHEL) rpm -e redhat-release-server redhat-indexhtml  yum-rhn-plugin –nodeps

1b.) (fpr Centos) rpm -e centos-indexhtml centos-release –nodeps

2.) wget http://ftp.scientificlinux.org/linux/scientific/6.1/x86_64/os/Packages/sl-release-6.1-2.x86_64.rpm http://ftp.scientificlinux.org/linux/scientific/6.1/x86_64/os/Packages/sl-indexhtml-6-2.sl6.5.noarch.rpm

3.) rpm -Uvh sl-release-6.1-2.x86_64.rpm sl-indexhtml-6-2.sl6.5.noarch.rpm
4.) check /etc/yum.repos.d/* it points to the right directory and no

4.) yum distribution-synchronization

5a.) rpm -qa –queryformat %{NAME}\ %{VENDOR}\\n | grep “Red Hat, Inc.” | sed -e ‘s: .*::’ | xargs yum reinstall -y

5b) rpm -qa –queryformat %{NAME}\ %{VENDOR}\\n | grep “CentOS” | sed -e ‘s: .*::’ | xargs yum reinstall -y

6.) check packages that are not available in ScientificLinux with “package-cleanup –orphan”

7.) check of all dependencies are still satisfied: “package-cleanup –problems”

8.) If you like install yum-autoupdate

 

Posted in Enterprise Linux, Linux | Leave a comment