[olug] Centos

Rob Townley rob.townley at gmail.com
Fri May 24 17:36:52 UTC 2013


`*rpm -q --changelog php | less*`  may very well surprise you with the
security patches applied even though the version numbering scheme would
lead you to think it is way out-of-date.

RedHat derivatives have selinux turned on by default and it works.   Get
used to using ls -Z to see the selinux mandatory access control lists.
alias *'lZ=ls -latrZ'*
i had pushed /etc/hosts to a few different places and modified it on
different machines under different directories.  i had a heck-of-a-time
figuring out why /etc/hosts was being ignored until i ran  *`lZ
/etc/host*`.  *Noticed right away the MAC labels were different on this
file.
`*restorecon /etc/hosts*` fixed it right away.

i have some of my firefox profiles run in a selinux sandbox.  i will put
the script up on one of our shared repositories.  That will be a follow-up
email to my bash scripting problem.

Your companies IT policy may prevent adding 3rd party repositories, but if
not....
Remi Collet provides a repository for EL6 packages such as php and mysql
and currently firefox 21 ... blog.famillecollet.com.  He has docs on how to
install his repository on his blog but peruse the rpms here:
http://rpms.famillecollet.com/enterprise/6/

i followed Remi's documentation for the
http://www.glpi-project.org/spip.php?article43
glpi-project.org<http://www.glpi-project.org/spip.php?article43>and
found it to be awesome (extra steps to lock down mysql) for glpi and
fusioninventory.


On Wed, May 22, 2013 at 11:49 AM, Sam Tetherow <tetherow at shwisp.net> wrote:

> PHP and Apache were the biggest ones for me.  Mysql to a lesser extent.
>  Granted this was in the CentOS 5 days and there were several php 5.2
> security fixes coming out on a weekly/monthly basis.  Finding a good rpm
> repository for updates was a must.
>
>
> On 05/22/2013 11:17 AM, Obi-Wan wrote:
>
>> Good point about keeping packages updated & upgrades. Definitely worth
>>> bringing up.
>>>
>> Unless you need support for a new device, I rarely found the slow
>> package update cycle to be a problem for servers.  For production
>> servers, you generally don't want to be upgrading packages willy
>> nilly unless you've got a specific reason, like security updates
>> or needed functionality.  Once it's stable, let it lie.
>>
>>
>>
> ______________________________**_________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/**mailman/listinfo/olug<https://lists.olug.org/mailman/listinfo/olug>
>



More information about the OLUG mailing list