Wednesday, October 1, 2014

What is Backporting Security fixes in RHEL

Recently while the whole Unix world was shocked by the Shell Shock bug in bash , like everyone we were also scheduled to patch our servers(all of those having RHEL 5.6 Tikanga installed). We upgrade the bash through the following command:

rpm -U bash-3.2-33.el5_11.4.x86_64.rpm

And then we checked whether the new package is get installed or not through the following command:

rpm -qa | grep bash

This one confirmed that new bash package i.e  bash-3.2-33.el5_11.4.x86_64.rpm is get installed. But when we run the following command it was still showing the older version installed:

bash --version
GNU bash, version 3.2.25(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.

Then i found that on the Red Hat Site that is a default behavior of RHEL OS. This phenomenon is called  Backporting Security fixes.

Backporting can be described as follows:

When a security flaw is fixed in the  most recent version of an upstream software package and that fix get applied to an older version of the package we distribute it is called Backporting Security Fix.

So the software version will not change but the changes made in the recent version would get integrated in the older version through upgrade and thus make it vulnerable free.
Posted by at No comments:

Sunday, April 13, 2014

Installing Apache through tar ball

Installation of httpd 2.4.9

I got the tar ball of the mentioned version of apache from the httpd site. After untrar the file when i run the ./configure file i got the following message with an error:
root@vikash-Vostro-2520:/home/vikash/httpd-2.4.9# ./configure
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
configure:
configure: Configuring Apache Portable Runtime library...
configure:
checking for APR... no
configure: error: APR not found.  Please read the documentation.

Then i read in  the install file that we need to put the path where we want the apache to be installed while running the configure command, the command should be run like this:
./configure --prefix=/usr/local/apache2
But running this also gives me the same error.


From Wiki:

The Apache Portable Runtime (APR) is a supporting library for the Apache web server. It provides a set of APIs that map to the underlying operating system (OS). Where the OS does not support a particular function, APR will provide an emulation. Thus programmers can use the APR to make a program truly portable across platforms.
APR originally formed a part of Apache HTTP Server, but the Apache Software Foundation spun it off into a separate project. Other applications can use it to achieve platform independence.
The range of platform-independent functionality provided by APR includes:
  • Memory allocation and memory pool functionality
  • Atomic operations
  • Dynamic library handling
  • File I/O
  • Command-argument parsing
  • Locking
  • Hash tables and arrays
  • Mmap functionality
  • Network sockets and protocols
  • Threadprocess and mutex functionality
  • Shared memory functionality
  • Time routines
  • User and group ID services

Even after installing Apache Portable Runtime Library, i was getting the same error.

 Then i install APR and APR-util and again tried to run the configure utility to install apache this time it stuck due to unavailabiilty of  

 root@vikash-Vostro-2520:/home/vikash/httpd-2.4.9# ./configure --prefix=/usr/local/apache2 --with-apr=/usr/local/apache2 --with-apr-util=/usr/local/apache2
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
configure: 
configure: Configuring Apache Portable Runtime library...
configure: 
checking for APR... yes
  setting CC to "gcc"
  setting CPP to "gcc -E"
  setting CFLAGS to " -g -O2 -pthread"
  setting CPPFLAGS to " -DLINUX -D_REENTRANT -D_GNU_SOURCE"
  setting LDFLAGS to " "
configure: 
configure: Configuring Apache Portable Runtime Utility library...
configure: 
checking for APR-util... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking how to run the C preprocessor... gcc -E
checking for gcc option to accept ISO C99... -std=gnu99
checking for pcre-config... false

configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/

 The PCRE(Perl Compatible Regular Expressions) library is a set of functions that implement regular expression pattern matching using the same syntax and semantics as Perl 5. PCRE has its own native API, as well as a set of wrapper functions that correspond to the POSIX regular expression API. The PCRE library is free, even for building proprietary software.

After the installation of PCRE, apache was installed completely through the following commands:

i. ./configure --prefix=/usr/local/apache2 --with-apr=/usr/local/apache2 --with-apr-util=/usr/local/apache2 --with-pcre=/usr/local/pcre
ii. make
iii. make install

Posted by at No comments:
Subscribe to: Posts (Atom)