Deep application of RPM

Article Title: Deep application of RPM. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

RPM (Red Hat Package Management, Red Hat Package Management) provides a framework in which, you can manage software packages in RPM-based Linux releases such as Red Hat Enterprise Linux, Fedora Project, SuSe Linux Enterprise, CentOS, and Mandriva Linux.

In a sense, RPM is a bit like a calculator. It has many practical functions, but most people only use it to install, upgrade, and uninstall software packages, it is as if most people only use a calculator to calculate addition and subtraction. However, if you have a better understanding of RPM, you will find that its functions such as query and verification can be used for more software package maintenance and management, system troubleshooting, and file security detection.

RPM records all installed software information to the RPM database and stores it in the/var/lib/rpm directory of the system, you can use the RPM database to query and verify installed software packages in the system. This article introduces the deep application of RPM based on the actual cases of the author, hoping to help beginners of Linux understand RPM.

Note: many of my friends think that RPM is out of date. Actually, I think that YUM can be used for installation, upgrade, and uninstallation, but it is similar to operations such as checking, querying, and extracting files, RPM is still very useful

1. querying the help information of the software package in a course that explains the Vim application, the student asked the following question: "How to comment in the Vim configuration file ?". The Vim configuration file is stored in the user's home directory. The default file name is ". Vimrc, which can be written to setting commands such as "set nu". The problem is how to annotate the command written to this configuration file to make it invalid. Generally, the configuration file of a Linux system or system software can be annotated with the symbol "#" at the beginning of the line. However, after the Vim configuration file is saved and exited, this occurs when editing the file: # vi/etc/inittab Error detected while processing/root /. vimrc: line 1: E488: Trailing characters: # The set nu system prompts an error. Therefore, "#" is not a valid annotator of Vim.

The following is an example of how to query the result of such a problem: the idea is that most of the software packages installed in Linux contain application examples or instructions, and the content can be found, you can know the answer to this question.

1) Find all Vim installation packages in the system # rpm-qa | grep vim-minimal-7.0.109-3 vim-common-7.0.109-3 vim-enhanced-7.0.109-3 2) query the content of the installation package, and check whether the application sample file exists. The value "minimal" indicates the minimum application software package, and the value "common" indicates the general basic software package, "enhanced" is a software package for enhanced functionality, check whether there are sample files in the files installed in the system by the "vim-common" Software Package (for example, files containing the keyword "example" or "sample ): # rpm-ql vim-common | grep example/usr/share/vim/vim70/gvimrc_example.vim/usr/share/vim/vim70/macros/urm/examples/usr/share/vim /vim70/vimrc_example.vim according to the file name found, determine that "vimrc_example.vim" should be An example of the Vim configuration file and check its content: # head-4/usr/share/vim/vim70/vimrc_example.vim "An example for a vimrc file. "" Maintainer: Bram Moolenaar "Last change: 2006 Aug 12 when you see the double quotation marks before the" author "and" Last update date "information in this file, we know that it must be the annotator of the Vim configuration file!

This is a problem encountered in the application of Linux, very representative, such as the most common configuration network servers (such as DNS, DHCP, etc.), find their configuration file examples, you can use a similar method. To solve such problems, you should use the help information of the system software and run the RPM query command to solve the problem.

2. RPM Software Package verification RPM uses the "-V" option for verification. You can compare all file attributes (size, date, owner, md5sum value, etc.) of the system based on the RPM database to list the differences. If no output is executed, it indicates that no changes have occurred since the date of installation of the software package.

The RPM check result contains eight attributes of each file on the system. Each attribute is represented as follows: S: the file size is changed. M: The file permission or the file attribute is changed. 5: the md5 check value is changed, indicating that the file content is changed)

D: Device Id changed L: link property changed U: file owner changed G: file owner group changed T: the file timestamp is changed. Check package openssh-server example: # rpm-V openssh-server S.5 ...... T c/etc/ssh/sshd_config execution result indicates that the file size of the openssh-server package/etc/ssh/sshd_config file has been changed (such as adding or deleting characters), the file content is changed (Note: The content change is different from the file size change, because if only one character in the file is replaced with another character, the file size will not change, but the content will change) the timestamp is changed (the last modification time has changed ). If the file to be verified is being changed, there will be no major problems. But if it is not expected, will it be intruded? This is worth noting.

Check all software packages (and all files) on the system. Run the command: # rpm-Va. This command occupies a large amount of system resources, therefore, the RPM detection output is usually sent to grep for filtering. For example, only the lost files are detected: # rpm-Va | grep missing or, command file with only strings in the output file path: # rpm-Va | grep 'bin \/'if one or more important command files have changed, to check whether the system is under attack. After hackers intrude into the system, commands such as/bin/vi,/bin/login,/usr/bin/passwd, And/bin/ps will be changed or replaced, for example, set the/bin/vi command to SetUID: # ls-l/bin/vi-rwsr-xr-x 1 root 594740 Sep 29 2006/bin/vi then any user will log on to the system, you can use/bin/vi to change all files (including/etc/passwd and/etc/shadow). For more information about the SetUID concept, see other materials.

3. System troubleshooting if some software on the Linux system does not work properly, you need to check whether the recently added or upgraded software is faulty (similar to Windows system installation, software upgrade, or patch pack, causes the system to fail to boot normally and is fixed in safe mode), use the "-- last" option to list the RPM packages (starting from the most recently installed package) in the order of installation time ), analyze faults.

# Rpm-qa -- last bind-chroot-9.3.2-41.fc6 Sat Apr 14 08:37:49 2007 samba-swat-3.0.23c-2 Sat Apr 14 06:51:04 2007 xinetd-2.3.14-8 Sat Apr 14 06:50:53 2007 ......

If a problem occurs when a service is started, for example, # service sshd start Starting sshd:/etc/ssh/sshd_config: No such file or directory [FAILED, please refer to the following steps: 1) if the error message details the file loss of the service, you only need to recover the file. If the error message is not clear, you can run the "rpm-V" command to check whether "missing" is displayed in the # rpm-V openssh-server missing c/etc/ssh/sshd_config result, the corresponding service configuration file is lost. If there is a backup of this file, you can recover it. If there is no backup, see Step 2.

2) There are two ways to restore the file. One is to overwrite the RPM software package corresponding to the file. If you are not sure about the software package to which the file is missing, you can run the following command to query the file (even if the file is lost, but because the RPM database has records, you can still query the results): # rpm-qf/etc/ssh/sshd_config openssh-server-4.3p2-10 and then execute the command: # rpm-ivh -- replacepkgs/mnt/cdrom/Fedora/RPMS/openssh-server-4.3p2-10.i386.rpm to overwrite this RPM package from the disc and restore lost files.

Another method is to extract the corresponding files from the RPM package, copy them to the original directory, and run the following command: # rpm2cpio/mnt/cdrom/Fedora/RPMS/openssh-server-4.3p2-10.i386.rpm | cpio-idv. /etc/ssh/sshd _ config # cp etc/ssh/sshd_config/etc/ssh/you can use the rpm2cpio command to convert the RPM package to the cpio format. cpio is a standard tool, it is used to create software files and Extract files from files. "I" indicates extracting files, "v" indicates executing processes, and "d" indicates creating directories based on the original path of the files in the package, if you need to keep the Update Time of the original file, you can also add the option "m ".

Note: When executing this command, you cannot directly restore the file to the/etc/ssh directory. You can only extract the file to the current directory, and the path of the recovered file name must be a complete absolute path (. /Etc/ssh/sshd _ config ). After the file is extracted, copy it to the/etc/ssh directory.

4. RPM database problems sometimes occur in the RPM database. The result is that the request cannot be executed when the software package is installed, deleted, or queried. In this case, the database needs to be rebuilt.

First, it takes some time to delete the current RPM Database: # rm-f/var/lib/rpm/_ db. * re-build the database: # rpm -- rebuilddb.

After hackers intrude into the system, they sometimes confuse the Administrator's line of sight to prevent the administrator from detecting problems through the RPM verification function and change the RPM database (theoretically, after the system is intruded, everything will no longer be trusted ), in this case, we can perform the following steps to check the file: 1) Find out which package it belongs to for the file or command to be checked: # rpm-qf/etc/rc. d/init. d/smb samba-3.0.23c-2 2) use the -- dump option to view information about each file and use the grep command to extract information about the corresponding file: # rpm-ql -- dump samba | grep/etc/rc. d/init. d/smb/etc/rc. d/init. d/smb 2087 1157165946 b1c26e5292157a83cadabe851bf9b2f9 0100755 root 1 0 0 X where "2087" indicates the initial number of characters in the file "b1c26e5292157a83cadabe851bf9b2f9" For the md5 check value of smb File Content "0755 root" is the File Permission, owner, and group 3) Next, check the actual file to see if the content has been changed: # ls-l/etc/rc. d/init. d/smb-rwxr-xr-x 1 root 2087 Sep 2 2006/etc/rc. d/init. d/smb # md5sum/etc/rc. d/init. d/smb b1c26e5292157a83cadabe851bf9b2f9/etc/rc. d/init. d/smb checks whether the file size, owner, group, permission, and md5 check value match.

4) in this example, the smb File matches the information obtained by the -- dump command. If you are sure that the RPM database may be modified, check by obtaining Samba RPM files from a CD or other trusted sources, such: # rpm-ql -- dump-p/mnt/cdrom/Fedora/RPMS/samba-3.0.23c-2.i386.rpm | grep/etc/rc. d/init. d/smb warning: samba-3.0.23c-2.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2/etc/rc. d/init. d/smb 2087 1157165946 b1c26e5292157a83cadabe851bf9b2f9 0100755 root 1 0 0 X if the result is different from the command Running Based on the RPM database, it can be determined that the database must be changed and must be repaired. Correct file errors and system vulnerabilities, and re-build the RPM database.

5. Check the script of the software package. Many RPM software packages contain the script, including the script to be run during installation, uninstallation, and upgrade of the software package, and the trigger script that will be triggered when certain conditions are met during installation. These scripts are helpful for understanding Linux system management and software applications.

Run the rpm command with the "-- scripts" query option to view the scripts to be run before and after installing and uninstalling the software package. Example: # rpm-q -- scripts openssh-server preinstall scriptlet (using/bin/sh ): /usr/sbin/useradd-c "Privilege-separated SSH"-u 74 \-s/sbin/nologin-r-d/var/empty/sshd 2>/dev/ null |: postinstall scriptlet (using/bin/sh):/sbin/chkconfig -- add sshd preuninstall scriptlet (using/bin/sh ): if ["$1" = 0] then/sbin/service sshd stop>/dev/null 2> & 1 |:/sbin/chkconfig -- del sshd fi ......

This example shows the script contained in the openssh-server software package. Before the openssh-server software package is installed (preinstall), call the useradd command to add the sshd user. After the software package is installed (postinstall ), call the chkconfig command to open the sshd service (-- add sshd); before uninstalling the software package (preuninstall), stop the sshd service (service sshd stop), and delete the service (chkconfig -- del sshd )......

The trigger script runs if the conditions are met during installation. If the software package has different installation actions during the upgrade, the trigger script will be particularly useful.

# Rpm-q -- triggers openssh-server triggerun scriptlet (using/bin/sh) -- ssh-server if ["$1 "! = 0-a-r/var/run/sshd. pid]; then touch/var/run/sshd. restart fi ......

View the RPM script information to understand how the system software is installed and uninstalled, and to solve the problem, there will be a clearer idea.

For more RPM usage information, visit the RPM Project Website: http://www.rpm.org, RPM Software Package download site http://www.rpmfind.net for RPM software packages of various Linux releases.