hi there...
Just installing and testing EasyIDS for the first time.... is it safe to "yum update" this system?
Thanks,
Paul
Yum Updates Safe?
6 posts
• Page 1 of 1
Yum Updates Safe?
by pstewart » Tue Feb 23, 2010 10:16 am
- pstewart
- Posts: 1
- Joined: Tue Feb 23, 2010 10:14 am
Re: Yum Updates Safe?
by oakleeman » Tue Feb 23, 2010 9:51 pm
as long as you don't enable the rpmforge repository you should be able to do updates. In the previous version of EasyIDS NTOP would break after an update was done because the repository was enabled by default.
Making Open Source Easier
- oakleeman
- Posts: 156
- Joined: Tue Sep 29, 2009 12:27 am
Re: Yum Updates Safe?
by zarated » Mon Mar 08, 2010 1:52 pm
Hi again,
This is related to yum-updates.
I'm not very experienced with Apache, and I could use a hint or guidance with the following problem:
I'm not allowing my rogue sensors any Internet Access, the reason being is that from a security
viewpoint it would be best practice to have these sensors completely disconnected from the Internet
and just operating locally. The only drawback is finding a work-around to performing yum updates.
What I want to happen is the central sensor hosting the local repository for the latest yum update.
The advantage of this would be the savings on bandwidth by downloading only latest RPMs once and pushing this out to the other boxes.
So far I've been able to create the local repository on the central sensor using the 'yum-downloadonly' plugin and
the 'createrepo' utility. As I understand it, next I have to modify the yum.conf of each of the
other boxes and have them point to this repository via http, ftp, smb or maybe even https.
Thing is, I have no idea how to do this, currently I'm facing 500 pages of Apache documentation.
That is, how to host the file(s) on the Apache server EasyIDS comes with.
Appreciate any help, if it'll saves me some time and/or headache that would be great! Thanks.
This is related to yum-updates.
I'm not very experienced with Apache, and I could use a hint or guidance with the following problem:
I'm not allowing my rogue sensors any Internet Access, the reason being is that from a security
viewpoint it would be best practice to have these sensors completely disconnected from the Internet
and just operating locally. The only drawback is finding a work-around to performing yum updates.
What I want to happen is the central sensor hosting the local repository for the latest yum update.
The advantage of this would be the savings on bandwidth by downloading only latest RPMs once and pushing this out to the other boxes.
So far I've been able to create the local repository on the central sensor using the 'yum-downloadonly' plugin and
the 'createrepo' utility. As I understand it, next I have to modify the yum.conf of each of the
other boxes and have them point to this repository via http, ftp, smb or maybe even https.
Thing is, I have no idea how to do this, currently I'm facing 500 pages of Apache documentation.
That is, how to host the file(s) on the Apache server EasyIDS comes with.
Appreciate any help, if it'll saves me some time and/or headache that would be great! Thanks.
- zarated
- Posts: 32
- Joined: Fri Feb 26, 2010 2:51 pm
Re: Yum Updates Safe?
by yngmike » Wed May 12, 2010 1:56 pm
You are wanting to set up your own yum repo which is a good idea anyways. But is more geared towards general Linux tech support, but anyway.
The following is for a centos5 server that has internet access and is not an Easy IDS server. Because the default settings for authentication mess my config up you might be able to just unprotect your repo directory in the same way the public folder is but I have a dedicated server for the yum repo already anyway.
Install the "createrepo" package
1. download the rpm from the public repo
2. rpm -Uvh /PathToFile/filename.rpm
3. alternatively "yum install createrepo"
4. man createrepo
5. create your repo
You'll need to drop a script like this into /etc/cron.daily and create all the local file paths that are referenced
make sure it is owned by root and executable (chown root:root filename.rpm && chmod 700 filename.rpm)
#!/bin/bash
rsync -avrt rsync://mirrors.kernel.org/centos/5/updates/i386 --exclude=debug/ /var/www/html/yumrepo/updates/ > /root/centos-i386-updates.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/updates/x86_64 --exclude=debug//var/www/html/yumrepo/centos/5/updates/ > /root/centos-x86_64-updates.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/os/i386/CentOS --exclude=debug/ /var/www/html/yumrepo/centos/5/os/i386/ > /root/centos-os-i386.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/os/i386/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/os/i386/ > /root/centos-os-i386-repo.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/os/x86_64/CentOS --exclude=debug/ /var/www/html/yumrepo/centos/5/os/x86_64/ > /root/centos-os-x86_64.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/os/x86_64/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/os/x86_64/ > /root/centos-os-x86_64-repo.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/extras/i386/RPMS --exclude=debug/ /var/www/html/yumrepo/centos/5/extras/i386/ > /root/centos-extras-i386.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/ext ... 6/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/extras/i386/ > /root/centos-extras-i386-repo.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/extras/x86_64/RPMS --exclude=debug//var/www/html/yumrepo/centos/5/extras/x86_64/ > /root/centos-extras-x86_64.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/ext ... 4/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/extras/x86_64/ > /root/centos-extras-x86_64-repo.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/addons/i386/RPMS --exclude=debug/ /var/www/html/yumrepo/centos/5/addons/i386/ > /root/centos-addons-i386.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/add ... 6/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/addons/i386/ > /root/centos-addons-i386-repo.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/addons/x86_64/RPMS --exclude=debug/ /var/www/html/yumrepo/centos/5/addons/x86_64/ > /root/centos-addons-x86_64.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/add ... 4/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/addons/x86_64/ > /root/centos-addons-x86_64-repo.txt 2>&1
exit 0
Then create a new file in "/etc/httpd/conf.d/somefilename.conf"
Alias /centos/ /var/www/html/yumrepo/centos/
<Directory /var/www/html/yumrepo/centos/>
Options +Indexes
AllowOverride None
order allow,deny
allow from all
</Directory>
Then restart apache
The following is done on your Easy IDS server
Then backup and replace the yum .repo file in "/etc/yum.repos.d/soemthing.repo"
[updates]
name=CentOS-$releasever - Updates
baseurl=http://yourservercentos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://yourserver/centos/RPM-GPG-KEY-CentOS-5
[os]
name=CentOS-$releasever - OS
baseurl=http://yourserver/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://yourserver/centos/RPM-GPG-KEY-CentOS-5
[addons]
name=CentOS-$releasever - AddOns
baseurl=http://yourserver/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=http://yourserver/centos/RPM-GPG-KEY-CentOS-5
[extras]
name=CentOS-$releasever - Extras
baseurl=http://yourserver/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://yourserver/centos/RPM-GPG-KEY-CentOS-5
Then run "yum clean all" and "yum update" to test.
The following is for a centos5 server that has internet access and is not an Easy IDS server. Because the default settings for authentication mess my config up you might be able to just unprotect your repo directory in the same way the public folder is but I have a dedicated server for the yum repo already anyway.
Install the "createrepo" package
1. download the rpm from the public repo
2. rpm -Uvh /PathToFile/filename.rpm
3. alternatively "yum install createrepo"
4. man createrepo
5. create your repo
You'll need to drop a script like this into /etc/cron.daily and create all the local file paths that are referenced
make sure it is owned by root and executable (chown root:root filename.rpm && chmod 700 filename.rpm)
#!/bin/bash
rsync -avrt rsync://mirrors.kernel.org/centos/5/updates/i386 --exclude=debug/ /var/www/html/yumrepo/updates/ > /root/centos-i386-updates.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/updates/x86_64 --exclude=debug//var/www/html/yumrepo/centos/5/updates/ > /root/centos-x86_64-updates.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/os/i386/CentOS --exclude=debug/ /var/www/html/yumrepo/centos/5/os/i386/ > /root/centos-os-i386.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/os/i386/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/os/i386/ > /root/centos-os-i386-repo.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/os/x86_64/CentOS --exclude=debug/ /var/www/html/yumrepo/centos/5/os/x86_64/ > /root/centos-os-x86_64.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/os/x86_64/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/os/x86_64/ > /root/centos-os-x86_64-repo.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/extras/i386/RPMS --exclude=debug/ /var/www/html/yumrepo/centos/5/extras/i386/ > /root/centos-extras-i386.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/ext ... 6/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/extras/i386/ > /root/centos-extras-i386-repo.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/extras/x86_64/RPMS --exclude=debug//var/www/html/yumrepo/centos/5/extras/x86_64/ > /root/centos-extras-x86_64.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/ext ... 4/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/extras/x86_64/ > /root/centos-extras-x86_64-repo.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/addons/i386/RPMS --exclude=debug/ /var/www/html/yumrepo/centos/5/addons/i386/ > /root/centos-addons-i386.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/add ... 6/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/addons/i386/ > /root/centos-addons-i386-repo.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/addons/x86_64/RPMS --exclude=debug/ /var/www/html/yumrepo/centos/5/addons/x86_64/ > /root/centos-addons-x86_64.txt 2>&1
rsync -avrt rsync://mirrors.kernel.org/centos/5/add ... 4/repodata --exclude=debug/ /var/www/html/yumrepo/centos/5/addons/x86_64/ > /root/centos-addons-x86_64-repo.txt 2>&1
exit 0
Then create a new file in "/etc/httpd/conf.d/somefilename.conf"
Alias /centos/ /var/www/html/yumrepo/centos/
<Directory /var/www/html/yumrepo/centos/>
Options +Indexes
AllowOverride None
order allow,deny
allow from all
</Directory>
Then restart apache
The following is done on your Easy IDS server
Then backup and replace the yum .repo file in "/etc/yum.repos.d/soemthing.repo"
[updates]
name=CentOS-$releasever - Updates
baseurl=http://yourservercentos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://yourserver/centos/RPM-GPG-KEY-CentOS-5
[os]
name=CentOS-$releasever - OS
baseurl=http://yourserver/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://yourserver/centos/RPM-GPG-KEY-CentOS-5
[addons]
name=CentOS-$releasever - AddOns
baseurl=http://yourserver/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=http://yourserver/centos/RPM-GPG-KEY-CentOS-5
[extras]
name=CentOS-$releasever - Extras
baseurl=http://yourserver/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://yourserver/centos/RPM-GPG-KEY-CentOS-5
Then run "yum clean all" and "yum update" to test.
- yngmike
- Posts: 20
- Joined: Fri Jan 22, 2010 11:52 am
Re: Yum Updates Safe?
by muppet » Tue May 25, 2010 4:33 am
Here's another cheap and dirty solution for you ...
If you have a squid or similar web proxy in your organisation, add following line to /etc/yum.conf:
proxy=http://IP-of-your-proxy:port-your-proxy-listens-on/
If your proxy requires authentication, see proxy_username and proxy_password in 'man yum.conf'.
Mup.
If you have a squid or similar web proxy in your organisation, add following line to /etc/yum.conf:
proxy=http://IP-of-your-proxy:port-your-proxy-listens-on/
If your proxy requires authentication, see proxy_username and proxy_password in 'man yum.conf'.
Mup.
- muppet
- Posts: 9
- Joined: Mon May 24, 2010 5:53 am
Re: Yum Updates Safe?
by stupots » Wed Jun 02, 2010 9:45 am
muppet wrote:Here's another cheap and dirty solution for you ...If you have a squid or similar web proxy in your organisation, add following line to /etc/yum.conf:
Alternatively, add the following lines to /etc/profile:
- Code: Select all
http_proxy=http://a.b.c.d:nnnn
export http_proxy
Also, this might be superfluous with the above, but I added my proxy details to /etc/wgetrc too.
Regards,
Stuart
- stupots
- Posts: 13
- Joined: Tue Feb 23, 2010 9:43 am
- Location: Somewhere in the UK
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest