[ Pobierz całość w formacie PDF ]
does not contain the actual packages for download.
3.1.1. Using Red Hat Network
Red Hat Network allows the majority of the update process to be automated. It determines which RPM
packages are necessary for the system, downloads them from a secure repository, verifies the RPM
signature to make sure they have not been tampered with, and updates them. The package install can
occur immediately or can be scheduled during a certain time period.
Red Hat Network requires a System Profile for each machine to be updated. The System Profile contains
hardware and software information about the system. This information is kept confidential and is not
given to anyone else. It is only used to determine which errata updates are applicable to each system,
and, without it, Red Hat Network can not determine whether a given system needs updates. When a
security errata (or any type of errata) is released, Red Hat Network sends an email with a description of
the errata as well as a list of systems which are affected. To apply the update, use the Red Hat User
Agent or schedule the package to be updated through the website http://rhn.redhat.com.
24
Chapter 3. Security Updates
Note>
Red Hat Enterprise Linux includes the up2date, a convenient panel icon that displays visible
alerts when there is an update for a registered Red Hat Enterprise Linux system. Refer to the
following URL for more information about the applet: http://rhn.redhat.com/help/basic/applet.html
To learn more about the benefits of Red Hat Network, refer to the Red Hat Network Reference Guide
available at http://www.redhat.com/docs/manuals/RHNetwork/ or visit http://rhn.redhat.com.
Important
Before installing any security errata, be sure to read any special instructions contained in the
errata report and execute them accordingly. Refer to Section 3.1.5, Applying the Changes for
general instructions about applying the changes made by an errata update.
3.1.2. Using the Red Hat Errata Website
When security errata reports are released, they are published on the Red Hat Errata website available
at http://www.redhat.com/security/. From this page, select the product and version for your system, and
then select security at the top of the page to display only Red Hat Enterprise Linux Security
Advisories. If the synopsis of one of the advisories describes a package used on your system, click on
the synopsis for more details.
The details page describes the security exploit and any special instructions that must be performed in
addition to updating the package to fix the security hole.
To download the updated package(s), click on the link to login to Red Hat Network, click the package
name(s) and save to the hard drive. It is highly recommended that you create a new directory, such as
/tmp/updates, and save all the downloaded packages to it.
3.1.3. Verifying Signed Packages
All Red Hat Enterprise Linux packages are signed with the Red Hat, Inc GPG key. GPG stands for GNU
Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files.
For example, a private key (secret key) held by Red Hat locks the package while the public key unlocks
and verifies the package. If the public key distributed by Red Hat does not match the private key during
RPM verification, the package may have been altered and therefore cannot be trusted.
The RPM utility within Red Hat Enterprise Linux automatically tries to verify the GPG signature of an RPM
package before installing it. If the Red Hat GPG key is not installed, install it from a secure, static
location, such as an Red Hat Enterprise Linux installation CD-ROM.
Assuming the CD-ROM is mounted in /mnt/cdrom , use the following command to import it into the
keyring (a database of trusted keys on the system):
rpm --import /mnt/cdrom/RPM-GPG-KEY
To display a list of all keys installed for RPM verification, execute the following command:
rpm -qa gpg-pubkey*
25
Red Hat Enterprise Linux 4 Security Guide
For the Red Hat key, the output includes the following:
gpg-pubkey-db42a60e-37ea5438
To display details about a specific key, use the rpm -qi command followed by the output from the
previous command, as in this example:
rpm -qi gpg-pubkey-db42a60e-37ea5438
It is extremely important to verify the signature of the RPM files before installing them to ensure that they
have not been altered from the Red Hat, Inc release of the packages. To verify all the downloaded
packages at once, issue the following command:
rpm -K /tmp/updates/*.rpm
For each package, if the GPG key verifies successfully, the command returns gpg OK. If it doesn't, make
[ Pobierz całość w formacie PDF ]
-
Archiwum
- Strona pocz±tkowa
- Eason, Cassandra A Practival Gu
- Lineage II Spellhowler Gu
- 10 Minute Gu
- Quinn Security 1 Finding Home Caneron Dane
- Red_Hat_Linux_9_Biblia_rhl9bi
- First Lady Blayne Cooper
- Bratny, Roman Kolumbowie rocznik 20 Tom 3
- Falkensee Margarete von Noce BśÂćÂkitnego AniośÂa
- Exiles at the Well of Souls Jack L. Chalker
- Copeland Lori Najciemniej jest pod latarnićÂ
- zanotowane.pl
- doc.pisz.pl
- pdf.pisz.pl
- g4p.htw.pl