THE OPEN PITT What's cooking in Linux and Open Source in Western Pennsylvania =========================================================================== Issue 16 August 2005 www.wplug.org =========================================================================== In this issue: Keeping Your Linux System Updated August Roundup Bylaws Update --------------------------------------------------------------------------- Coming Events Oct. 1: Ohio LinuxFest 2005. Columbus, Ohio: see for details Oct. 15: General User Meeting, Topic: Weblogs and Open Source. Also: Board Nominations. 10am to 2pm, 1507 Newell-Simon Hall, CMU Oct. 22: Tutorial, Topic: Intro to Objective C. 10am to 3pm, 1507 Newell- Simon Hall, CMU Nov. 5: General User Meeting/Election Meeting. 10am to 2pm, 1507 Newell- Simon Hall, CMU The public is welcome at all events --------------------------------------------------------------------------- Keeping Your Linux System Updated Applying updates to your computer's software is a lot like changing the oil in your car. Although a few people out there might derive pleasure from doing both of these things, for the rest of us it's a bit of drudgery that we know needs to be done, yet probably don't take care of as often as we should. Ten years ago, such neglect wasn't a big deal. Updates tended to focus on correcting bugs in software functionality, and if it wasn't obviously broken there was little need to fix it. But in today's world of always-on Internet connections, security concerns have moved to the forefront. Bugs in software packages you didn't even know were installed on your system can allow an attacker to gain superuser access and take control. If your machine is compromised, it's not just a problem for you. Malicious individuals use armies of these "zombies" to send out spam and break into others' systems. Although it is by no means a complete security program, keeping your software up to date reduces your vulnerability and is one way to be a good neighbor to others on the network. Here's a review of some major Linux distributions and how to keep them current. Fedora The traditional way to get updates in Fedora Core is by using the up2date tool developed by Red Hat. This puts a check-mark icon in the system tray that turns into a red exclamation mark when updates are available. You can download and install them by clicking on the icon. Another option is yum, which stands for "Yellow Dog updater, modified." Its name gives away the fact that it was originally developed for Yellow Dog Linux, a variant of Red Hat that runs on Apple and other PowerPC hardware. Yum can be run as needed or set to check for updates each day by issuing the commands "chkconfig yum on" and "service yum start" at a root prompt. As installed, Fedora systems download their updates from a single overloaded server at Red Hat, so you may want to change this to a closer and less-busy mirror. More help can be found at . Red Hat Enterprise Linux Like Fedora, Red Hat's enterprise offerings also use up2date. However, updates come from the Red Hat Network, a dedicated set of servers that also offers additional management services. A Red Hat Enterprise Linux subscription starts at $179/year for client workstations and $349/year for servers. SUSE Both the commercial versions of SUSE and their free counterpart openSUSE use YaST (Yet another Setup Tool) to handle many system administration tasks. Part of this is YOU (YaST Online Update). You can run YOU periodically, or use the SUSEWatcher auto-notification as described in . If you prefer to use the command line, run "online_update -h" for information on a tool that's easy to script or run as a cron job. For the enterprise versions of SUSE as well as Novell Linux Desktop, updates can be performed with the high-powered ZENworks management suite. Its capabilities and pricing options are far too complex to describe here, so check out the Novell web site for further details. Mandriva As with many tasks, this is handled through the Mandriva Linux Control Center. You'll find the update function under Software Management; when run for the first time it will give you a list of mirror servers to choose from. After that, it's a matter of checking for new updates on a regular basis. This is actually just a graphical front end for urpmi, Mandriva's package management tool. Another way to download and apply updates would be to run "urpmi --update --auto --auto-select" at a root prompt (you need to select a mirror before doing this, though). A paid service called Mandriva Online provides e-mail notifications and can also automatically install updated packages. Subscriptions are $22 per year or free for Mandriva Club members at the Silver level and above. Debian Debian users love to point out that simply typing "apt-get update && apt-get upgrade" at a root prompt will bring your system up to date. Another option is Aptitude, a menu-driven (but still text-based) program that can handle all aspects of package management. If you'd rather point and click, Synaptic provides an easy-to-use graphical interface. Additional helpful tips can be found at . Ubuntu In keeping with its philosophy of making things simple and straightforward, Ubuntu includes the friendly Update Manager, as well as an Update Notifier icon to tell you when new packages are available. Of course, as a Debian-derived distribution all of those methods can be used as well. The Hard Way As we've seen, there are numerous tools out there to make updating easy. But sometimes, things can go wrong and you have to fall back to a more manual method. This can happen if, for example, there's a bug in the update manager itself. Systems which use RPM packages can have upgrades applied with the "freshen" option to rpm. Place all the RPMs to be installed into a single directory and run "rpm -Fvh ./*.rpm" as root. Packages are only installed if you already have an older version, so you don't have to be careful about which updates are in the directory. You can install DEB packages by running "dpkg -i filename.deb" on Debian and related distributions, substituting the actual file name of course. To install _all_ of the DEB files in a directory or its subdirectories, use the -R option to dpkg. No matter which method you prefer, keeping current is an essential part of system administration. Don't let yourself fall behind. --------------------------------------------------------------------------- August Roundup Aug. 7 Open Source Picnic: Held at Snyder Park in Whitehall Borough, WPLUG's 4th annual picnic brought out a couple dozen people for an afternoon cookout. The day included games, conversation, and copious amounts of food. Aug. 13 General User Meeting: Beth Lynn Eicher discussed performing security audits using Linux live CDs. After recommending distributions like Knoppix-STD and WHAX, she went into the reasons for conducting an audit and important legal and ethical issues. Beth then presented several scenarios and techniques such as capturing packets, port scanning, and recovering passwords. A PDF copy of her slides is available at . --------------------------------------------------------------------------- Bylaws Update Nominations for the Board will be taken at the October 15 General User Meeting. Members may nominate any eligible member, including themselves. Once nominations are in, ballots will go out to all registered members. They can be returned according to the instructions on the ballot, or brought in person to the election meeting to be held on November 5. E-mail announcements have been sent to all members--if you haven't received any, you may not be registered. To resolve any problems, contact the Secretary at or the Chair at . =========================================================================== The Open Pitt is published by the Western Pennsylvania Linux Users Group Editors: Elwin Green, Vance Kochenderfer Copyright 2005 Western Pennsylvania Linux Users Group. Any article in this newsletter may be reprinted elsewhere in any medium, provided it is not changed and attribution is given to the author and WPLUG.