NOTICE: Before you attempt any of these updates read everything you can on this subject. If you need someone to do the job for you contact NukeZone Hosting or someone else that you know can do the upgrades for you. These are very serious security issues and need to be addressed asap!
ALERT: Redhat has issued an updated kernel-2.4.20-18.7 that supposedly addresses SOME of the previously discovered quota issues discovered with kernel 2.4.20-13.7 https://rhn.redhat.com/errata/RHSA-2003-187.html
---------------------------------------------
Remote DDOS and local exploit issues are resolved in this update so hopefully we will get answers soon to these issues...
-----------------------------
We have been successful upgrading the kernel to redhat 2.4.18-27 on a Plain Redhat 2.0 GHZ P4 using up2date with the following procedure. The process is identical with an Ensim P4.
This HOWTO assumes that you have already registered your system with the Redhat Network. If not, STOP and do a search for rhn_register on this forum.
If you are running a kernel version OLDER than 2.4.18-26 please read the "Note:" messages carefully.
To check the current version of kernel(s) you have installed ( the rpm version) type the
following at a bash prompt when logged in as root:
rpm -q kernel
If this displays more than one version number, the largest number is most likely the version you are running. If in doubt compare with:
uname -r
Which shows the actual RUNNING kernel version.
Before you begin this procedure you should have applied ALL other patches and updates required for your system. Check the Ensim and other threads for details on what other patches are SAFE to install.
Make sure you do step (1) first to disable automatic installs by up2date before proceeding.
While this procedure worked perfectly for me and the others who responded on this thread (and also should for you) it is posted without warranty! I won't be responsible if you need a restore
(1) "su -" to root.
type: up2date --configure
Make sure
item 8 (retrieve only) is set to yes
item 24 (pkgskiplist) is blank
Save changes and type
up2date --configure
again to confirm that the changes have taken place.
(2) Type:
up2date -u
This command will retrieve all required packages for the kernel update to /var/spool/up2date. You should see progress bar as files are downloaded from the Red Hat Network. DO NOT proceed if you get any error messages.
(3) Verify files have been downloaded
cd /var/spool/up2date
ls -la
and verify that following rpm files are there (Versions will differ if you are not running RH 7.2):
kernel*.rpm (there may be several kernel files ending in .rpm)
Note: The following files will ONLY be present if you are upgrading from a Kernel version OLDER than 2.4.18-17
------------------------------------------
iptables-1.2.5-3.i386.rpm
modutils-2.4.18-3.7x.i386.rpm
MAKEDEV-3.3-4.i386.rpm
dev-3.3-4.i386.rpm
------------------------------------------
(4) Verify checksums on the kernel files by comparing the result of :
md5sum kernel*.rpm
with the values at this link:
[http://rhn.redhat.com/errata/RHSA-2003-098.html
The other files shown above (which are present ONLY if you are running kernel OLDER than 2.4.18-17 )should be checked with
Make sure you check the correct Redhat 7.1 or 7.2 md5 values next to each package name. Also make sure you are also looking at the proper i386 or i686 versions on the kernel packages based on the filename.
Do NOT proceed if you have a mismatch!
(5) IF you have a kernel OLDER than 2.4.18-17 you must update the previously listed packages before the kernel like this:
If up2date has downloaded an rpm file called kernel-headers in the /var/spool/up2date directory
do this
rpm -Uvh kernel-headers*.rpm
to update your kernel header file BEFORE actually installing the new kernel.
NOTE: There may be other files in the directory not listed here. DO NOT install them unless you know their exact purpose and compatibility with your installation.
(6) Save the existing lilo.conf
cp /etc/lilo.conf /etc/lilo.conf.old
(7) Install kernel
cd /var/spool/up2date
rpm -ivh the-actual-kernel-rpm-file-name
Replace "the-actual-kernel-rpm-file-name" in the command above with the full name of the kernel rpm that was downloaded into /var/spool/up2date. For example, the full name might be kernel-2.4.18-27.7.x.i686.rpm if you have an Intel system.
(Note use of -ivh to leave existing kernel as backup)
You should see a progress bar as packages are installed.
DO NOT proceed if you get any error messages you don't understand.
(8) Edit /etc/lilo.conf so it reads as follows:
Note: Before editing see note below if your current kernel version is NOT 2.4.18-26.7.x
Note: If you have a very old system your existing lilo.conf may not contain lines beginning with "initrd". If that is the case, check messages later in this thread for further instructions.
Note: If you are running an AMD machine or have one of the newer machines, your boot partition (root=/dev/hda2) may be different. If this is the case, use the partition shown in your EXISTING /etc/lilo.conf NOT the one shown here.
Check the messages later in this thread for details.
--------begin -----
prompt
timeout=50
default=linuxnew
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
message=/boot/message
linear
The new kernel is labelled linuxnew and will boot by default. Your original kernel is labelled linux and can still be booted as a backup.
Note: If you are currently running a kernel version other than 2.4.18-26.7.x you MUST replace the first block of text with the information appropriate for your system. For example if you are currently running 2.4.9-34 replace:
------ begin -----
image=/boot/vmlinuz-2.4.18-26.7.x
label=linux
initrd=/boot/initrd-2.4.18-26.7.x.img
read-only
root=/dev/hda2
------------- end ------------
with
----------- begin ----------
image=/boot/vmlinuz-2.4.9-34
label=linux
initrd=/boot/initrd-2.4.9-34.img
read-only
root=/dev/hda2
----------- end -------------------
Double check the file names you should use by typing
ls -la /boot
(9) Execute lilo by typing
lilo -v -v
results should be:
[root@yoursystem root]# lilo -v -v
LILO version 21.4-4, Copyright (C) 1992-1998 Werner Almesberger
'lba32' extensions Copyright (C) 1999,2000 John Coffman
Reading boot sector from /dev/hda
Merging with /boot/boot.b
Secondary loader: 11 sectors.
Mapping message file /boot/message
Message: 46 sectors.
Boot image: /boot/vmlinuz-2.4.18-26.7.x
Setup length is 10 sectors.
Mapped 2082 sectors.
Mapping RAM disk /boot/initrd-2.4.18-26.7.x.img
RAM disk: 228 sectors.
Added linux
Boot image: /boot/vmlinuz-2.4.18-27.7.x
Setup length is 10 sectors.
Mapped 2083 sectors.
Mapping RAM disk /boot/initrd-2.4.18-27.7.x.img
RAM disk: 228 sectors.
Added linuxnew *
/boot/boot.0300 exists - no backup copy made.
Map file size: 29696 bytes.
Writing boot sector.
---------------------------------
Note: If you are currently running a kernel version other than 2.4.18-26.7.x the coressponding lines above will differ.
Look carefully for any errors before going on to step 10! DO NOT reboot if you get errors or don't understand any differences you see!
(10) Reboot with
reboot
(11) After the machine reboots you can update your package list on the Red Hat network by typing:
up2date -p
This will clear the errata list for your system on the Redhat Network.
-----------------------------------------------------------
Note: I know some of you up2date fans will say that this is way too LONG and could be shortened. Yes it could, but I have chosen to follow the path of safety over brevity when updating something as critical as the kernel.
Another Note:
There is a known problem using up2date for kernel updates on the Plain RH Compaq 1.7 boxes.
The procedure shown above WILL work on these boxes as well.
Issues are described in these threads:
Celeron 1.3 issues showthre...;threadid=23460
Ensim quota issues showthread.php?s=&threadid=6114
Dual Xeon issues showthr...;threadid=23594
GPAN has started a discussion regarding one of these problems at the end of this thread. Read the entire Thread here! Before you do anything! If you need someone to do the job for you contact NukeZone Hosting or someone else that you know can do the upgrades for you. These are very serious security issues and need to be addressed asap!
Main Menu
ALERT: Urgent - Kernel Security Advisory
