Linux Patch Management: Keeping Linux Systems Up To Date

1.2. Distribution-Specific Repositories

Every major Linux distribution includes a repository of installation programs and packages. Distribution developers also maintain patches on these same repositories, and they update these repositories with security patches, upgrades, bug fixes, and new kernels as needed.

In this book, we focus on the releases from the developers of three major distributions: Red Hat/Fedora, Novell/SUSE, and Debian.

Note

The Web and FTP sites associated with a distribution are often very busy. Connections are limited to a certain number of users; even with such limits, downloads may be slow. Most distributions have "mirrors," or second-level repositories, which maintain an exact copy of the original.

1.2.1. Red Hat Enterprise Linux Updates

The current distribution released by Red Hat is known as Red Hat Enterprise Linux 4 (RHEL). With its reliance on older technologies, it is widely regarded as a conservative, perhaps even boring, distribution. Red Hat has stated that it will provide support and updates for at least five years, which makes it an ideal candidate for the enterprise. But even a boring and stable distribution such as RHEL requires frequent updates.

RHEL updates are limited to computers with valid subscriptions on the Red Hat Network (https://rhn.redhat.com). Each subscription allows you to register one computer on the Red Hat Network, which includes the right to download updates and CDs. I explain how you can purchase and activate a subscription in detail shortly.

RHEL updates are often consolidated onto CDs, on a quarterly basis. If you've purchased a subscription to the Red Hat Network, you should be on the email list which notifies you of individual patches and quarterly updates as they're released. While default updates are taken from Red Hat Network servers, Red Hat supports the use of Proxy and Satellite servers to cache that content on your LAN.

Because RHEL is released under the Free Software Foundation's (FSF) General Public License (GPL), the source code is publicly available from ftp.redhat.com. Several groups have built the source code, without the Red Hat trademarks, into enterprise distributions that are functionally equivalent to RHEL. We'll describe some of these "rebuilds," as well as how to use their repositories, in Chapter 2, "Consolidating Patches on a Red Hat/Fedora Network."

Note

The GPL and related licenses are critical to the Linux development process. In fact, this book has been released under a related license, the Open Publication License (www.opencontent.org), an open source compatible book license. For more information on the myriad of GNU licenses, see www.fsf.org/licensing/licenses/.

If you want RHEL, you may have already taken the following steps:

1.

Register with the Red Hat Network at https://rhn.redhat.com.

2.

Examine available RHEL distributions.

3.

Purchase one or more subscriptions for RHEL.

4.

Activate your subscription(s).

5.

Download or acquire the CDs for RHEL.

6.

Install RHEL on your computers.

7.

Update your system through the Red Hat Network.

We'll describe these steps (except installation) in detail in the following sections.

Register with the Red Hat Network

If you want to install RHEL on more than one computer, it's best to register first with the Red Hat Network. That will help you manage all your RHEL computers with one Red Hat Network account. If you're setting up a subscription for a corporate account, read Red Hat's Best Practices Guide, available from rhn.redhat.com/help/.

To register with the Red Hat Network, you'll need an account. To create a new account, navigate to https://rhn.redhat.com/newlogin/ and create a new corporate or personal login.

Examine Available Red Hat Enterprise Linux Distributions

Red Hat currently supports several different versions of RHEL. As you can see in Table 1-1, there are several different versions available; pricing varies by system and architecture. For more information, including current prices, see https://www.redhat.com/software/rhel/compare/.

Table 1-1. Red Hat Enterprise Linux systems

Version

System

Architecture

2.1

Advanced Server (AS)

x86

 

Enterprise Server (ES)

x86

 

Workstation (WS)

x86

3

AS

x86, Itanium, AMD64/Intel EM64T, iSeries/pSeries, S/390, zSeries

 

ES

x86, Itanium, AMD64/Intel EM64T

 

WS

x86, Itanium, AMD64/Intel EM64T

 

Desktop

x86, AMD64/Intel EM64T

4

AS

x86, Itanium, AMD64/Intel EM64T, iSeries/pSeries, S/390, zSeries

 

ES

x86, Itanium, AMD64/Intel EM64T

 

WS

x86, Itanium, AMD64/Intel EM64T

 

Desktop

x86, AMD64/Intel EM64T

Note

You can now subscribe to RHEL for free for 30 days. For details, see www.redhat.com/software/rhel/eval/. Registration on the Red Hat Network is required.

Purchase One or More Subscriptions for RHEL

When you purchase RHEL, you're buying a time-limited subscription to the Red Hat Network, along with some level of Web, email, or phone-based support. There are three ways to get a subscription to RHEL:

Direct from Red Hat; for options, see www.redhat.com/software/rhel/.

As a boxed set from Red Hat or a third party.

Preinstalled on a server or workstation.

Note

If you work for an academic institution, you may be able to get a RHEL subscription at a greatly reduced rate; see www.redhat.com/solutions/industries/education/products/ for details.

Activate Your Subscription

When you purchase RHEL, there are two ways to activate your subscription. If you have a registration number, you can activate your subscription at www.redhat.com/apps/activate; you can also activate a RHEL 4 subscription during the installation process. In either case, make sure to link this subscription to the appropriate Red Hat Network account.

Alternatively, if you purchased your subscription directly from Red Hat in the USA or via www.redhat.com, your subscription should already be active in your Red Hat Network account.

Download the CDs for RHEL

When you have a subscription to RHEL, you can download the CDs from the Red Hat Network. Because you'll be downloading two or more GB of data, you'll need a high-speed Internet connection. You can then download the CDs in ISO format by using the following steps:

1.

Make sure you have sufficient room for the RHEL CDs. The four CDs of binary packages alone can easily require 2.5GB of space on a hard drive.

2.

Log into the Red Hat Network at rhn.redhat.com.

3.

To find the distributions that you can download, select Channels.

You can download individual packages from available software channels listed on this Web page.

4.

To find the ISOs that you can download, select Easy ISOs.

5.

Select the desired distribution channel, such as Red Hat Enterprise Linux AS (v.4 for 32-bit x86).

You can download ISOs directly from the Red Hat Network at a Web page that looks similar to Figure 1-1.

Figure 1-1. Red Hat Network ISO downloads

6.

Download the ISOs that you need. As shown in the figure, you can click the Install Disc links directly or use the curl command. Copy and paste the URL for the ISO into the curl command as follows:

#curl -C --O 'very_long_url'

Of course, if you've purchased a boxed set, you can use the CDs directly from the box. Now you can set up an installation repository for your RHEL distribution. If you have the physical CDs, they're easy to mount. Just insert them into the drive, and run the mount /media/cdrecorder or mount /mnt/cdrom command.

You can mount ISO files as if they were physical CDs. For example, I've downloaded the first ISO for RHEL AS 4 in my home directory and mounted it with the following command:

# mount -o loop /home/michael/RHEL4-i386-AS-disc1.iso /media/cdrecorder

You can then copy the files from each CD to the installation directory of your choice. After you share these files with the NFS, FTP, or HTTP protocols, you can then install RHEL from this directory over your LAN. Make sure to copy the hidden .discinfo file from the first installation CD; you can then use this installation repository for Red Hat's system-config-packages utility.

Alternatively, you can configure a RHEL installation repository simply by sharing the directory with the installation ISO files on an NFS network.

Installing Red Hat Enterprise Linux

The steps required to install RHEL are beyond the scope of this book. For more information on RHEL installation, see Red Hat's installation guide, available from www.redhat.com/docs/manuals/enterprise.

If you're installing RHEL on a computer that you intend to use as a local Red Hat Network Proxy Server, keep the packages that you include to a minimum.

The Update Agent

RHEL's Update Agent, also known as up2date, provides a complete system for updating the RPM packages installed on your RHEL computers. It allows you to register with and monitor appropriate Red Hat repositories for updates. In Chapter 2, you'll learn how to configure a Red Hat repository locally on your computer.

You can review a standard RHEL 4 Network Alert Icon in Figure 1-2. It's a circle next to the date in the upper right part of the GUI. There are four options associated with this icon, which is available only in the GUI:

The red exclamation point in the upper-right part of the figure indicates that this system is not fully up to date.

If you see a green icon with arrows pointing in two directions, the Update Agent is currently checking the repository for updates.

If you see a gray icon with a slash through it, RHEL on your computer is unable to connect to the repository. There may be a problem with the connection from your system or to the computer with the repository.

A blue check mark means that your system is fully up to date with the latest patches.

Figure 1-2. Update Agent options in RHEL 4

As you can see in the figure, there are four options associated with the Update Agent:

Check for updates allows you to check the versions of packages on your system against those in the RHEL repository. If you see a red exclamation point, updates are available. When you've configured the Update Agent, you can call up the list by clicking the exclamation point; you'll see a screen similar to Figure 1-3.

Figure 1-3. The Red Hat Network Alert Notification Tool defines available updates

Launch up2date initiates the Red Hat Update Agent. You'll examine the process from a standard computer in the next section.

Configuration starts the Red Hat Network Alert Notification Tool.

RHN Website opens your default Web browser and navigates to rhn.redhat.com.

There are several things that you need to configure the Update Agent.

If you have a proxy server on your network, you'll need to configure the Red Hat Network Alert Notification Tool. In the GUI, right-click the Update Agent icon, and click Configuration from the shortcut menu that appears. This opens the Red Hat Network Alert Notification Tool window. Click Forward through the Terms of Service to reach the Proxy Configuration page shown in Figure 1-4.

Figure 1-4. Configuring the Red Hat Network for a Proxy Server

Note

The Red Hat Network Alert Notification tool warns you of new updates graphicallythere is no command line version of this tool available.

Test the result. Right-click the Red Hat Network icon, and then select Check for Updates. When you next hover your mouse over the icon, you'll see the number of updates available. You can click the icon to bring up the available updates; you'll see a screen similar to Figure 1-3.

Alternatively, in the command line interface, you can find a list of available updates, along with their dependencies, with the following command:

# up2date --dry-run

Updating Red Hat Enterprise Linux Using the Update Agent

Now you can update RHEL using the Update Agent. You can start the process in a number of ways; one method that works in both the GUI and text console is the up2date command. We illustrate the process in the GUI for clarity; the process is essentially the same at the text console, and requires the following steps:

1.

From the command line, run the up2date command.

2.

When the Welcome to the Red Hat Update Agent window displays, click Forward.

If you see a Login Page, you're prompted to enter your Red Hat Network account. You can then enter a new subscription number or prompt the Update Agent to use an existing active subscription. The Update Agent then sends your hardware information and collects a list of packages currently installed on your computer.

If you need to change the Red Hat Network account for your computer, such as from a personal to a corporate account, you can force the Update Agent to reset your account information with the up2date --register command. If you're using RHEL 2.1, the command is rhn_register --configure.

3.

Now you'll see a list of available channels, such as those shown for my server in Figure 1-5. If you have more than one channel available, you can change update selections as desired. When done, click Forward to continue.

Figure 1-5. Available Red Hat Network channels

4.

The Update Agent fetches headers from the repository associated with each channel. By default, it skips downloads of any kernel related packages, as shown in Figure 1-6.

Figure 1-6. The Update Agent avoids downloading kernel packages by default

You can change the list of packages to be skipped with the up2date --config command. This opens a Red Hat Network Configuration window. You can change the list of packages under the Package Exceptions tab.

5.

Next, you'll see a list of available package updates from your channels. You can select the packages of your choice, as shown in Figure 1-7. Click Forward when ready.

Figure 1-7. The Update Agent lists available updates

6.

The Update Agent tests for dependencies. If found, other required packages are added to the update list. The Update Agent then proceeds with retrieving packages. When the process is complete, click Forward to continue.

Updated packages are downloaded by default to the /var/spool/up2date directory.

7.

The Update Agent proceeds with installing the downloaded packages. When the process is complete, click Forward to continue.

8.

The Update Agent lists the packages that it installed or upgraded on your system. Click Finish after you've reviewed these packages.

Configuring the Update Agent Settings

Naturally, Red Hat's Update Agent is much more flexible when started from the command line interface. As an administrator, you may administer a number of your systems remotely; in this case, the command line interface is more efficient.

The Update Agent configuration command is up2date-nox --configure. As it opens several-dozen configuration options, it's best to pipe the output to a pager with a command such as

up2date-nox --configure | less

You can review the settings associated with the Update Agent in Table 1-2; the sequence in this table is based on RHEL 4. Changes are saved in /etc/sysconfig/rhn/up2date. Alternatively, if you run up2date --configure in the GUI, you'll find many of the same settings in Figure 1-8.

Table 1-2. Update Agent configuration options

Option

Description

debug

Enables or disables debugging

useRhn

Set to yes if you have and want to use a RHEL subscription or a Proxy/Satellite server

rhnuuid

Specifies the unique Red Hat Network user ID for the computer

isatty

Connects the output to a terminal

showAvailablePackages

Lists all available packages from the repository; disabled by default

useNoSSLForPackage

Allows unencrypted downloads; disabled by default

storageDir

Specifies a directory for headers, RPMs, and other files downloaded from the repository; default is /var/spool/up2date

pkgSkipList

Specifies packages that the Update Agent should skip when searching for updates; kernel* packages are included by default

retrieveOnly

Sets update retrieval without installation; disabled by default

noSSLServerURL

Specifies the URL for the repository

networkSetup

Sets up the use of the Update Agent network configurator, where you can specify any proxy server on your network; one method is shown in Figure 1-4

networkRetries

Configures the number of times the Update Agent retries when there is a connection problem

pkgsToInstallNotUp

Specifies the names of packages that are not installed automatically with an up2date --install or up2date -u command

enableProxy

Allows you to update through a local proxy server, which controls your LAN's connections to the Internet

noBootLoader

Disables any upgrades to the boot loader

proxyPassword

Sets a password to use for a local proxy server

updateUp2date

Allows the Update Agent to update itself when an upgrade is available

keepAfterInstall

Stores downloaded packages and headers in storageDir after installation

useGPG

Requires the use of GPG signatures to verify the integrity of a package

headerCacheSize

Configures a maximum number of headers to cache in RAM

forceInstall

Overrides pkgsToInstallNotUp; would install new kernel

systemIdPath

Specifies the file with System ID information

retrieveSource

Configures retrieval of source RPMs; disabled by default

enableRollbacks

Allows you to undo the current update; disabled by default

gpgKeyRing

Specifies the file with the Update Agent GPG key

adminAddress

When the Update Agent is run in batch mode, with the up2date -u command, notice is sent to this address

serverURL

Specifies the URL with the repository; may be changed if you've configured an Update Agent Proxy or Satellite server

fileSkipList

Allows you to specify files for the Network Agent to skip

versionOverride

Overrides the version listed in /etc/redhat-release

sslCACert

Specifies the file with the SSL Certificate

noReplaceConfig

Packages that would change configuration data are not installed by default

enableProxyAuth

Supports the use of an authenticated proxy server

disallowConfChange

Sets a list of configuration changes not allowed through the Update Agent

headerFetchCount

Sets the maximum number of RPM headers to acquire at a time

proxyUser

Assigns a username for an authenticated proxy server

removeSkipList

While the Update Agent removes packages from StorageDir by default, this list specifies packages which should not be removed

httpProxy

Specifies the URL of the local proxy server; standard TCP/IP ports suggest an address such as squid.example.com:3128

noReboot

Disables any instruction to reboot this computer

Figure 1-8. Configuring the Update Agent

Update Agent Command Line Options

There are a number of other useful actions that you can take with the Update Agent. They're associated with different switches for the up2date command. While a complete list is available in the associated man page, I've listed the more important alternatives here:

up2date --configure

As described earlier, this command allows you to configure Update Agent options. If you're in the GUI, this opens the Update Agent configuration window shown in Figure 1-9; if you want the full functionality associated with the command line interface, use the up2date-nox --configure command.

Figure 1-9. SUSE is watching for updates

up2date --register

This command allows you to register (or revise your registration) with the Red Hat Network.

up2date -d packagename

This command downloads specified packages, without installing them. If you already have the most up-to-date version of the packagename, you'll see a message to that effect.

up2date --src packagename

This command downloads the source package along with the associated binary RPM. If you already have the most up-to-date version of the packagename, you'll see a message to that effect.

up2date --show-channels

This command lists the channels available for updates to your computer. For more information on Red Hat Network channels, see Chapter 2.

up2date --hardware

The --hardware switch updates the hardware profile for your computer, as documented on the Red Hat Network.

up2date --list-rollbacks

This switch lists packages that you can restore to their former versions.

up2date -u

This command automatically updates your system with all upgradeable packages.

up2date --installall --channel=rhel-i386-as-4

This downloads and installs all packages from the given channel, as defined in the output from the up2date --show-channels command. Naturally, you'll want to enable the KeepAfterInstall configuration option described in the previous section. Otherwise, the Update Agent deletes these packages after downloading and installing them on your system.

Aggregating Red Hat Enterprise Linux Updates

If you administer just a few RHEL computers on a network, you may choose to configure them to download their updates directly from the Red Hat Network (after you've tested each update, of course). But if you have a substantial number of RHEL computers, their simultaneous updates may overload your connection to the Internet.

There are several methods you can use to manage and maintain control of how you keep your systems up to date.

Quarterly Updates

Red Hat provides CD-based updates of its RHEL distributions on a quarterly basis. These updates include all upgraded packages otherwise available through the Update Agent. You can store these packages in a local installation repository and upgrade your system with said packages.

Proxy Servers

Another way to update a group of RHEL systems is with a proxy server. A Red Hat Network Proxy Server stores content locally and passes authentication requests to the Red Hat Network. It requires a relatively high-powered system; minimum requirements shown in the release notes include

Dell PowerEdge 1750 server or equivalent

Two or more CPUs

512MB of RAM

3GB of storage for RHEL AS

1.5GB for source and update packages

These are relatively minimal requirements. If you're storing updates for more than one version of RHEL, practical hardware requirements increase accordingly.

The default Red Hat Network Proxy Server is available with 10 desktop subscription entitlements. Other packages may be available; contact Red Hat sales or www.redhat.com for more information.

You can learn how to install and configure the Red Hat Network Proxy Server in Chapter 2, as well as how to configure your RHEL clients to connect to those servers.

Satellite Servers

If you have a larger network, or one which requires a higher level of security, you may want more control over how your computers communicate with the Red Hat Network. This is possible with the Red Hat Network Satellite Server. Authentication, policies, and profiles are stored on the Satellite Server. Updates can be "pushed" directly to the clients of your choice. A Satellite Server can also serve as an installation server, from which you can automate the RHEL installation process on as many computers for which you have subscriptions.

Nominally, the hardware requirements for a Satellite Server are not significantly greater than for a Proxy Server. But if you have the number of RHEL systems that justify a Satellite server, you'll want to follow Red Hat recommendations, including

Dell PowerEdge 2650 server or equivalent

Two or more 2.4GHz CPUs

2GB-4GB of RAM

3GB of storage for RHEL AS

5GB for source and update packagesper channel (such as for different hardware-based versions of RHEL)

2GB of storage for database RPMs

36GB of storage in the database repository

These are relatively minimal requirements. If you're storing updates for more than one version of RHEL, practical hardware requirements increase accordingly.

The default Red Hat Network Proxy Server is available with 50 desktop subscription entitlements. Other packages may be available; contact Red Hat sales or www.redhat.com for more information.

Creative Options

You can create your own repository of available updates. If you enable the KeepAfterInstall option, updates that you download are stored in /var/spool/up2date. You can then share these updates with other computers on your network. Assuming their configurations are identical, you can upgrade with these same packages. Some administrators have been known to configure downloaded packages in a yum repository, as demonstrated in Chapters 6, "Configuring a yum Client," and 7, "Setting Up a yum Repository."

Alternatively, you can point the Upgrade Agent to repositories created by one of the Red Hat Rebuilds that you'll learn about in Chapter 2.

1.2.2. Novell/SUSE

The SUSE distributions, now owned by Novell, have a very different look and feel from the RHEL distributions. Administrative tools are integrated into the SUSE all-in-one tool, known as YaST (Yet another Setup Tool). While YaST is not geared to the command line interface, it does support a low-level graphical screen even from remote consoles, and it has a similar look and feel to YaST in the GUI.

In this section, you'll examine detailed workings of the YaST Online Update tool and get a feel for what you can do with repositories on SUSE Linux Enterprise Server (SLES). Unlike Red Hat, SUSE does not have a dedicated interface for subscriptions similar to the Red Hat Network.

YaST Online Update

In this section, you'll examine YaST Online Update on SUSE Linux Professional 9.3. Unlike RHEL, registration is not required at this operating system level. YaST Online Update, also known as YOU, provides a complete system for updating the RPM packages installed on your SUSE Linux Professional computers. It allows you to monitor appropriate SUSE repositories for updates. In Chapter 2, you'll learn how to configure a SUSE repository locally on your computer.

You can review a standard SUSE Professional GUI in Figure 1-9. You'll see a circle next to the date in the lower-right part of the GUI. A red exclamation point indicates that updates are available.

To start YaST Online Update, take the following steps:

1.

Click Menu -> System -> YaST.

You're prompted to enter the root password before SUSE opens YaST.

2.

In the YaST menu, select the Software option from the left-hand pane, and then select Online Update.

3.

You can now configure YaST Online Update, as shown in Figure 1-10.

Figure 1-10. Configuring YaST Online Update on SUSE Linux Professional

You can configure YaST Online Update in several different ways. The Installation source drop-down box allows you to choose from several pre-configured SUSE update mirrors from the USA or Europe. You can specify the URL of your choice in the Location text box. Click New Server, and you can select a local source on a directory, CD, or DVD. You can also select a network source from a FTP, HTTP, Samba, or NFS server. For your first update, select a preconfigured Installation source and the Manually Select Patches option.

If your chosen repository requires a user name and password, click Edit Server. You can verify authentication here.

When you're comfortable with YaST Online Update, you can Configure Fully Automatic Update from this window, which allows automated updates on a daily or weekly basis, starting at a time specified by you.

4.

When you're finished with this window, click Next to continue.

YaST Online Update opens a window telling you that it's "Retrieving information about new updates." This process may take several minutes.

5.

You can now configure the patches to be downloaded and installed, as shown in Figure 1-11.

Figure 1-11. Configuring patches to download and install

You can customize what YaST Online Update does with each patch. As shown in Figure 1-11, you can set several conditions on what to do with each patch:

Install

Do not install during this update

Never install this package with YaST Online Update

Keep; retain the current package as is

Update if a newer version of this package is available

Update always; may overwrite previous configurations

Do not modify this package

Review the list of available packages. When ready, press Accept to continue.

6.

YaST Online Update now proceeds with downloading the patches you've selected.

If you've included a kernel in the update list, YaST Online Update requests confirmation, as shown in Figure 1-12. As you can see for yourself, a kernel update includes several different packages. Unless you're ready to risk a new kernel, press Skip Patch.

Figure 1-12. Confirming kernel patches

You may also have to confirm installation of other patches for packages, such as databases.

7.

When the process is complete, you'll see a message listing the number of patches which have been installed. Click Finish to continue.

8.

To complete the process, YaST Online Update writes the system configuration and runs the scripts in the /sbin/conf.d directory to integrate patches into your system.

When complete, you can find a repository of download patches in the following directory:

/var/lib/YaST2/you/mnt/i386/update/9.3

The directory with your patches will vary slightly, depending on your CPU and version of SUSE Linux. This repository includes four different categories of patches, as associated with their subdirectories:

  1. Deltas include relatively small changes in the RPM package for installed systems.

  2. Patches include text descriptions of the changes associated with each patch.

  3. RPMs include new RPM packages; they're generally installed as an upgrade to your current system.

  4. Scripts include small text programs that generally apply new drivers to your system.

If you're running SUSE Linux Enterprise Server 9, downloads are divided into SUSE-SLES and SUSE-CORE packages. The SLES packages are associated with the first installation CD; the CORE packages include downloaded updates associated with the remaining CDs. In other words, you can find updates in the following two directories:

/var/lib/YaST2/you/mnt/i386/update/SUSE-SLES/9 /var/lib/YaST2/you/mnt/i386/update/SUSE-CORE/9

Downloaded RPMs, patches and scripts can be found in the same subdirectories.

SUSE Linux Enterprise Server Updates

SUSE Linux Enterprise Server is designed to hold repositories. In SUSE Linux Enterprise Server 9, there is a YOU Server Configuration option available with the Online Update. When you start this server, you'll see the YaST Online Update Server Configuration screen shown in Figure 1-13.

Figure 1-13. SUSE Linux Enterprise Server has more limits on YaST Online Update

If you have a valid subscription for SUSE Linux Enterprise Server, it'll be associated with your SUSE Linux online account. In the Update Server configuration screen, select a server and then click Edit Server. This opens the Authorization window shown in Figure 1-14, where you'll need to enter the username and password for your account. Any SUSE subscriptions should be automatically linked to that account.

Figure 1-14. Authorizing SUSE Linux Enterprise Server Online Update

Downloading SUSE Linux

Two of the flagship distributions in the SUSE Linux line are SUSE Linux Professional and SUSE Linux Enterprise server.

While each version of SUSE Linux Professional is available only for sale during the first few months of each release, it's available for download after that. For more information, see www.novell.com/products/linuxprofessional/. It's best if you use a mirror; links are available from the noted Web site. As of this writing, downloads of SUSE Linux Professional 9.3 are available as a DVD ISO or a standard installation tree. If you download the installation tree, you'll need a boot CD or floppy. Starting with version 10.0, Novell has made an open source version of SUSE Linux Professional available at www.openuse.org.

SUSE Linux Enterprise Server is available with a 30-day evaluation license. More information is available from www.novell.com/products/ linuxenterpriseserver. You'll need a Novell account before you can download this system. SUSE Linux Enterprise Server 9 requires that you download six CDs from the SUSE servers in Ireland or Utah (USA).

As of this writing, with instructions available on the download page, you can extend the evaluation to six months. The license is only required for updates; the server remains functional thereafter.

1.2.3. Debian

For me, Debian offers what I think of as the Heathkit version of Linux. It offers a wide degree of flexibility. Debian repositories offer a wider variety of packages than any other distribution that I know.

Debian hearkens back to the origins of Linux, where it was solely a cooperative arrangement between developers. As you can see at www.debian.org, this distribution is the province of its volunteers. However, there is commercial support available for Debian. Ian Murdock, one of the founders of Debian, started Progeny as a company which provides commercial support for Debian (and several other versions of Linux). For more information, see www.progeny.com.

The current version of Debian Linux is known as Sarge. There is also a "testing" distribution, similar to a beta, known as Etch. The developmental distribution, which includes packages more likely to have problems, is known as Sid. You might recognize these names from the Disney movie Toy Story.

Installing Debian

Debian Linux is different. You could download the 14 CDs or 2 DVDs associated with Sarge and install Debian from there. You could store the associated packages in a network repository. I have a fairly speedy cable modem connection, and I still find the thought of downloading this amount of data rather intimidating.

If you don't have a high-speed connection, you can purchase CDs or DVDs from vendors, such as www.cheapbytes.com or www.thelinuxshop.co.uk. I've installed Debian Sarge over a network connection, installing just the packages that I need. For this purpose, a high-speed connection is still the only practical method. I've started with the first installation CD. I was able to install enough of the operating system, including links to Debian repositories in /etc/apt/sources.list. For more information on this method, see www.debian.org/CD/netinst/.

Note

Most of the current development work on Debian is on a different release, known as Debian Sid. It is known as an unstable release; in my opinion, it is akin to the Developmental (Rawhide) releases of Fedora Linux. For more information on Debian Sid, see www.debian.org/releases/unstable/.

Many Regional Mirrors

After you've installed the basic Debian distribution, you'll want to configure your /etc/apt/sources.list file with one or more appropriate repositories. One list is available in the Debian Web page of mirrors at www.debian.org/mirror/list. I count mirrors available in over 50 countries.

To use a mirror, you'll want to specify the URL, the distribution, and whether you want to be able to download source code. In my case, I've added the following mirrors to my sources.list file:

deb ftp://debian.oregonstate.edu/debian/ stable main deb-src ftp://debian.oregonstate.edu/debian/ stable main

This points my Debian computer to a mirror at Oregon State University. This is direct from the Debian Web page of mirrors noted previously. As I've installed Debian Sarge on my system, I've listed the stable repository. I've also noted the main set of packages. If I wanted additional packages contributed by other developers, I'd add contrib to these lines. If I wanted to access repositories of proprietary packages, I'd add non-free to these lines.

The apt System

The Debian patch management system is very closely integrated with the apt series of commands. You'll learn about the apt commands in detail in Chapter 4. The strength of apt is how it searches for and includes any dependent packages as it installs (or removes) the packages you desire.

The apt commands are also in common use on Debian-based distributions, such as Knoppix, as well as some RPM-based distributions, such as Conectiva.

There are two apt commands which I use more than others. The first command is the following:

apt-cache search searchterm

I can check the repositories configured in my /etc/apt/sources.list for the package of my choice. All I need is a search term; for example, if I wanted to search for packages related to Linux office suites, I substitute office for searchterm. My repositories return a wide variety of packages, including the OpenOffice.org, KOffice, and Abiword applications, as well as related programs that might fit in an Office suite, such as xfonts and the HP Office Jet driver (hpoj).

The other apt command I use frequently is

apt-get install packagename

For example, if I want to install the standard Linux DNS server, I substitute bind for packagename. The appropriate version of bind is installed; if there are dependencies, they are also installed. If additional configuration is required, Debian prompts me for appropriate selections. Alternatively, if I wanted to remove a package with dependencies, I could run the following command:

apt-get remove packagename

Synaptic offers a GUI front-end to the apt system. As you can see in Figure 1-15, Synaptic allows you to graphically view, install, and remove the packages you desire.

Figure 1-15. Debian's Synaptic Package Manager

1.2.4. Other Linux Distributions

There are hundreds of Linux distributions. Many have their own update repositories. I'll mention a few of the more important Linux distributions here:

Mandriva Linux. As of this writing, this company is merging the former Mandrake and Conectiva distributions. Mandrake was developed from Red Hat Linux and uses RPMs; they have a wide variety of graphical tools. Conectiva is the developer of apt for RPMs; before their work, the apt tools were most closely associated with Debian-based distributions. For more information, see www.mandriva.com.

Yellowdog Linux. While this distribution was developed for PowerPC computers, their update tool, Yellowdog Updater, Modified (yum) is widely used on RPM-based distributions, including Red Hat's Fedora Linux. For more information, see www.yellowdoglinux.com.

Linspire. Formerly known as Lindows, this distribution is known for its user friendliness and support, which has made it one of the distributions of choice at Walmart. For more information, see www.linspire.com.

Knoppix. This Debian-based distribution has quickly gained fame as the "handyman" that can fix numerous problems with Linux (and even Microsoft Windows) computers. For more information, see www.knoppix.org.

It's not fair that I don't really have the space to mention other Linux distributions. There are many other excellent distributions available, with repositories that you can use and even replicate on your own networks. Many of these distributions use the yum and apt tools that you can learn about in the last half of this book.

Категории