Security :: Check RPM Signatures During A Kickstart Install?
Sep 15, 2010Is there a way to check RPM signatures during a kickstart install? Seems as if the signatures are not checked during an installation.
View 5 RepliesIs there a way to check RPM signatures during a kickstart install? Seems as if the signatures are not checked during an installation.
View 5 RepliesI have a GnuPG key that's been signed by several people. I want to add another name (and e-mail) to it.I used seahorse to do it, but it doesn't look like the old signatures migrated to the new name.Is this standard behavior? Is there a way that I can migrate the signatures, or do I have to request that the signers themselves do it?
View 1 Replies View RelatedI have a GnuPG key that's been signed by several people. I want to add another name (and e-mail) to it. I used seahorse to do it, but it doesn't look like the old signatures migrated to the new name. Is this standard behavior? Is there a way that I can migrate the signatures, or do I have to request that the signers themselves do it?
View 1 Replies View RelatedIs there a way to to check if the system has the available security updates installed? Specifically, I am looking to do this programmatically.
View 1 Replies View RelatedI have a working Centos 5.4 (== Red Hat Enterprise Linux 5.4) kickstart installation working with pxe boot.I am now trying to do the same kickstart installation but from a SCSI harddrive on the hardware box itself.In other words, the system already has an older distribution on it, and it has a formatted LVM partition with free space. I expect to upload an initrd, vmlinux, ks.cfg at the top of this partition, edit the grub.conf with something like so:
grub.conf
--------
title TestOS
[code].....
I have not used Fedora in a long while (since version 5 I think).I am moving back to it for my new home server but there is something that is driving me completely crazy. Can you no longer do HDD installs from a ISO?I whipped out my old kickstart files and worked off of them and all seams to be OK but every time it says it is unable to find the install source.Here are the first two lines of my KS file:
Code:
install
harddrive --partition=sdb1 --dir=/linux_install/fedora/iso
[code]....
I'm trying to install CentOS 5.5 from harddrive using a kickstart file. Kickstart file is read correctly, it contains the following 3 lines (+ additional config):
install
harddrive --partition=sda11 --dir=repos/CentOS/5.5/isos/i386
repo --name="CentOS-5.5 - Updates" --baseurl=hd:sda11:repos/CentOS/5.5/updates/i386
I've downloaded both CentOS-5.5-i386-bin-DVD.iso and CentOS-5.5-i386-bin-1of7.iso, but anaconda (the installer) asks: - What partition and directory on that partition holds the CD (iso9660) images for CentOS? ...
VT3 gives these messages:
INFO: partition /dev/sda11 selected
INFO: mounting device sda11 for hard drive install
INFO: mntloop loop7 on /tmp/loopimage as /tmp/hdimage/repos/CentOS/5.5/isos/i386/CentOS-5.5-i386-bin-1of7.iso fd is 12
[Code]....
when i use kickstart to install centos from cdrom (i make it myself in my way),i got a %post script problem with the kickstart file. 1.%post script used to copy my own software from cdrom to hard disk.then make install automaitlly with bash script.
the %post script like :
%post
mkdir -p /myownsoftware
cp -r /mnt/myownsoftware/* /myownsoftware
cd /myownsoftware
[Code]...
Is it possible to install more than one machine simultaneously with kickstart? I need to install 15 machines.
View 2 Replies View Relatedwe can't get the clients in our lab to do a kickstart install. we're doing the install by booting from the Centos 5.3 net install cd and anaconda starts, but terminates abnormally reporting a SIGSEGV fault. Interestingly, attempts at doing an install from a CD and without the network connection results in this error:
X11TransSocketINETConnect() can't get address for localhost:6001. Temporary failure in name resolution.
In the release anouncement there is mention of adding additional repo's at install time. Is this also possible in the kickstart file?
View 1 Replies View RelatedI have compiled and created a kernel rpm kernel-2.6.18165.11.1.el5-3.i386.rpm
then created initrd image
I have installed the above via kickstart installation
%post
mount xxx.xxx.x.xx:/var/www/html/os/i386 /mnt/tmp
cd /mnt/tmp
rpm -uvh kernel-2.6.18165.11.1.el5-3.i386.rpm
cp initrd-2.6.18-165.11.1.el5.img /boot
[Code]....
I am trying to use kickstart to create a master boot disk for all of my server installs. Unfortunately it seems to be missing some of the packages specified and I can't figure out why. Here is the packages section of my ks.cfg file
Note: all at symbols have been replaced with # because the forum filter seems to think they are urls.
%packages
#admin-tools
#base
#core
#dns-server
[Code].....
I am trying to copy an updated splash.xpm.gz at the end of a system build but everything in the post section is total ignored.
#--- Post-installation script
%post
#!/bin/sh
#...Mount the installation CD
[code]....
Can an unattended Kickstart support both IDE (hda) and SCSI (sda)? The goal is to to create a new virtual machine from scratch. What I have works for Parallels in which a new VM defaults to emulate an IDE hard disk. It does not work for VMware Workstation which defaults to emulate a SCSI disk.
The relevant Kickstart section: bootloader --location=mbr --driveorder=hda --append="rhgb quiet"
clearpart --all --initlabel --linux --drives=hda
part /boot --fstype ext3 --size=100 --ondisk=hda
part pv.2 --size=0 --grow --ondisk=hda
volgroup VolGroup00 --pesize=32768 pv.2
logvol / --fstype ext3 --name=LogVol00 --vgname=VolGroup00 --size=1024 --grow
logvol swap --fstype swap --name=LogVol01 --vgname=VolGroup00 --size=1024 --grow --maxsize=2048
Can the Kickstart file be made to not care what drive type is there, or conditionally handle either type?
I am looking for a thorough document that explains:
1) Creating a local repo
2) Using kickstart to access that repo
3) Performing a network install using kickstart
Some background: I have several racks of servers that I need to install Fedora on. These servers CANNOT be placed on the internet; hence the need for the creation of a local repo on some other machine (which will be connected to the servers via a local network). I am not sure how to create a local repo, so that one of my questions.
I'd also like to automate as much of the install as possible and kickstart is the only thing I know of for that. I am no guru with kickstart, but I have used it before to successfully install Fedora Core 6 -- I am hoping there are no great changes with the current releases of Fedora (12-14)?
A local repo of Fedora Core 6 was created by someone (some time ago) on a workstation (running FC6). This is what I've used in the past to install FC6 on previous servers (via a kickstart CD). However, I dont have the documentation on how the repo was created or how the kickstart CD was created I've gleaned some ideas ok kickstart from the pieces I've read on web, but none of it has been specific to the latest releases of Fedora.
CentOS 5.3 32bit
I'm having trouble trying to copy files from an nfs mounted remote machine during the the post install with kickstart.
My post install:
%post
mkdir /mnt/foo
mkdir /mnt/foo/downloads
mount 206.xx.xx.xxx:/downloads /mnt/foo/downloads
ln -s /mnt/foo/downloads /downloads
sed -i '$ afoo:/downloads /mnt/foo/downloads nfs exec,dev,suid,rw,bg,soft,rsize=8192,wsize=8192 1 1' /etc/fstab
%end
%post --nochroot
cp -r /downloads/thirdparty/importantFolder /mnt/sysimage/opt
%end
As the title says, I'm building a kickstart for a RedHat installation.I'm trying to incorporate the firegl driver rpm installation and its halfway working, not completly. What I've tried so far is to place the rpm in the --nochroot and in the normal chroot enviornment and neither one works. In the --nochroot, install it with rpm --root /mnt/sysimage/ and in the normal post i just do an rpm -ivh. In either case the fglrx folder is built within /lib/modules, however everything thats supposed to be installed never makes it to the newly installed root. I'm thinking that its actually getting installed to the installation / as opposed to the new /.
View 3 Replies View RelatedI'd like to install centos from a USB stick on to a hard drive and also include a custom kickstart on the USB stick to run post-build scripts or install additional packages, which the additional packages would also be on the USB stick..Are there any howto's already written?
View 2 Replies View RelatedI can see what Firestarter is blocking in the Firestarter/Events tab, but after reading all the man pages of UFW, I still don't know how to check what the UFW is blocking.
View 9 Replies View RelatedI'm trying to do an online security check on my Linux system.I would like to do a Firewall/Antivirus test. What free online sites do you know?For instance, I use ShieldsUp to test some firewall's components.Does someone recommend anything else?I still can't find a site that tests for the presence of virus/malware installed.Are there any?
View 8 Replies View RelatedIs there a plugin or some other way to check to see if a website has https available, and use that instead? I know some sites, like Wikipedia have a different hostname for SSL support while others have the same hostname, just What I would really like to seesome kind of header in the http reply or the html that saysSecureAvailable= is there any system like this in place? There's too many issues with with unencrypted http to continue having that as the default.
View 3 Replies View RelatedI have Ubuntu 10.04 and I used my ssh to connect to a webserver. This is the version that I have installed.
Quote:
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
Apparently the server was hacked using my user and the server admin suggested the my ssh can be tainted.
do a checksum of the ssh, but I cannot find this file on my system.
Code:
md5sum /usr/sbin/sshd
And I will need a md5 hash from a good untainted version and I cannot find that as well on the openssh website.
having a slow internet connection, I bought the all maverick repository on DVDs, copied the files on a usb drive and modified the apt sources file to consider the local repository only:
Code:
# deb file:/var/www/ubuntu_local/ ./
deb file:/var/www/maverick/dvd1/ maverick main universe restricted multiverse
deb file:/var/www/maverick/dvd2/ maverick main universe restricted multiverse
deb file:/var/www/maverick/dvd3/ maverick main universe restricted multiverse
[code]....
Even though I am reasonably sure it is safe, this local repository is not authenticated and I can only install package through the command line or synaptic, the Ubuntu Software Centre giving an error message "Requires installation of untrusted packages"...I thus would like to disable the apt authentication check for this local repository.
Im trying to make a script that will test the suitability of a password. I understand that all the features I want are in the /etc/pam.d/common-password file. From here I can change the length of a password, what characters must be in a password, if the words are in the dictionary, etc... but I don't know how to change these values by using a script. I want it in a script because I want to be able to suggest a more suitable password if the original password doesn't meet the criteria.
View 3 Replies View RelatedI have stuk up in big issue here , I just want to find the remote url in which it listens ?
I know the remote host and remote port number but i just want to which url the web application listen
For example : Host : 1.1.1.1 & port no : 8080
But i remember the url would be http://1.1.1.1/(something):8080
I want to find the complete url in which it listens ?
In nmap whether i can achive this or anyother tool ?
rc.scripts, cron jobs, what else? Can hidden files be executed simply by going to a directory that has that hidden file inside it?
View 5 Replies View RelatedI'm using FC14_64
How can I check if there are intruders or hackers in my system and how to boot the hell out of my system?
i was thinking that is there a way to check data flow for viruses? i mean if i set up calm av in my internet sharing server could it detect anything in incoming and outgoing data ?!!
View 2 Replies View RelatedI recently ran a rkhunter check and in my log i have found some very odd (to me at least) reports.
/usr/bin/last [ Warning ]
Warning: The file properties have changed:
File: /usr/bin/last
[code]....