By Chris Kawalek-Oracle on Jul 03, 2015
Happy Friday and a happy holiday weekend to those of you in the US!
Happy Friday and a happy holiday weekend to those of you in the US!
Get the most out of Oracle Linux 7 by taking the new Oracle Linux 7: System Administration training course. This course covers a wide range of skills including installation, using the Unbreakable Enterprise Kernel, configuring Linux services, monitoring, troubleshooting and preparing your system for the Oracle Database.
In this 5-day instructor-led course, learn to handle typical issues faced by administrators. You learn about the kernel development model and Linux distributions. You hear about Oracle's comprehensive solutions and Oracle's contribution to the Linux community.
You can take this course from your own desk as a live-virtual offering or travel to an education center to attend an in-class event.
You can influence the schedule for this new course by registering your interest in an event on http://oracle.com/education/linux.
I wanted to quickly draw your attention today to a couple of updates. First, Spacewalk 2.2 for Oracle Linux is available on our public yum server. We have also published the Release Notes, including upgrade instructions from Spacewalk 2.0.
If you're interested in Spacewalk, you might enjoy a webcast we did in November that goes into a lot of detail on using Oracle Linux and Spacewalk together. You can watch that webcast on-demand.
And second, RPMs for the Oracle Instant Client are now available on Unbreakable Linux Network.
Have a great week and we'll see you next Friday!
It's been a very busy week here for Oracle Linux, so our spotlight this week will round up several interesting things for you!
There's some material to keep you busy this afternoon!
Have a great week!
We've just updated the Oracle version of Spacewalk on http://public-yum.oracle.com to include a ULN plug-in for the spacewalk-repo-sync tool. The plug-in enables you to synchronize ULN content directly into Spacewalk channels without registering the Spacewalk server with ULN, but an active ULN account is still required. This allows you to register your Spacewalk server to Spacewalk itself while still receiving updates from ULN.
The ULN plug-in was not included with the initial release of Spacewalk from Oracle. Depending on the configuration of your Spacewalk server, you might need to update the Spacewalk packages, specifically the spacewalk-config and spacewalk-backend-* packages.
To configure the ULN plug-in, edit the
/etc/rhn/spacewalk-repo-sync/uln.conf file and add login credentials for ULN. By default, this file is read-only by
[main] username =
<ULN SSO username>password =
<ULN SSO password>
After you edit the configuration file, change the file permissions on the file to make it read-only (0400) by root or the user that will run the spacewalk-repo-sync tool. This is an important security step to protect the ULN credentials. By default, this script is run as the root user by the Spacewalk scheduling engine, but if you chose to run the script interactively via the command-line, you will need to ensure at least read-access to this file.
Once the ULN plug-in is configured, you create the Spacewalk software channels and repositories in the normal way using the Spacewalk web interface. When you specify the URL for a ULN repository, use a URL in the following format:
uln:///<ULN channel label>
You can get a list of available ULN channel labels by logging in to ULN (https://linux.oracle.com) and selecting the Channels tab.
We've also updated Spacewalk to allow installation with the latest version of the Oracle 11gR2 Instant Client (220.127.116.11) available on ULN and OTN.
You can find more information about Spacewalk, including installation and configuration details, on the Spacewalk 2.0 for Oracle Linux 6 Release Notes. Spacewalk for Oracle Linux is free to download and use from http://public-yum.oracle.com and Spacewalk support is included with Oracle Linux Basic and Premier support subscriptions.
Happy Friday! Our spotlight this week is on an excellent blog post by Oracle Senior Vice President of Linux and Virtualization, Wim Coekaerts. Wim describes the new Java channel on ULN that you can use to easily install Java on Oracle Linux.
See you next week!
It is Friday and that means it is time for our Spotlight!
Our spotlight today is the recently updated Oracle Linux FAQ. This is an excellent document that features some of the questions that everyone asks about Oracle Linux and Oracle Linux support. We cover variety of topics including general definitions, compatibility, support, pricing, indemnification, migration and many more..
Here's one of the questions as an example:
Q: What is DTrace for Oracle Linux?
A: DTrace is a comprehensive dynamic tracing framework that was initially developed for the Oracle Solaris operating system, and is now available to Oracle Linux customers. DTrace is designed to give operational insights that allow users to tune and troubleshoot the operating system. DTrace provides Oracle Linux developers with a tool to analyze performance, and increase observability into the systems they own to see how they work. DTrace enables higher quality applications development, reduced downtime, lower cost, and greater utilization of existing resources. It is available to download from ULN for Oracle Linux Support customers.
Read more in the newly published FAQ.
Have a great weekend!
The Unbreakable Linux Network (ULN) team have been hard at work updating the errata metadata that is delivered on ULN and public-yum.oracle.com. The changes provide more information about all errata, including security patches, bug fixes and feature enhancements. In addition, security fixes are listed by priority (important, moderate, low). This will allow Oracle Linux customers more flexibility when working with 3rd party Linux management tools like Spacewalk or SUSE Manager.
You can see some of the changes we've implemented using the yum-security plugin that's available as part of Oracle Linux:
First, install the yum-security plugin:
# yum install yum-plugin-security
You can read all about the options available once you have the yum-security plugin installed by reading the man page:
# man yum-security
Let's take it for a spin. First, let's list all the errata that are available for your system:
# yum updateinfo list Loaded plugins: rhnplugin, security ELBA-2012-1399 bug device-mapper-libs-1.02.74-10.el6_3.2.x86_64 ELEA-2012-1574 enhancement device-mapper-libs-1.02.74-10.el6_3.3.x86_64 ELSA-2012-1141 Moderate/Sec. dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64 ELSA-2013-0504 Low/Sec. dhclient-12:4.1.1-34.P1.0.1.el6.x86_64 ELSA-2012-1141 Moderate/Sec. dhcp-common-12:4.1.1-31.P1.0.1.el6_3.1.x86_64 ELSA-2013-0504 Low/Sec. dhcp-common-12:4.1.1-34.P1.0.1.el6.x86_64 ...
This command lists all the errata that are available for your system by errata ID. It also specifies whether it's a security patch (Moderate/Sec.), bugfix (bug) or feature enhancement (enhancement).
You could also narrow your search to just the CVEs, i.e. security patches:
# yum updateinfo list cves CVE-2012-3954 Moderate/Sec. dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64 CVE-2012-3571 Moderate/Sec. dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64 CVE-2012-3955 Low/Sec. dhclient-12:4.1.1-34.P1.0.1.el6.x86_64
This provides the CVE ID instead of the errata ID so that you can correlate a published CVE with a particular errata:
# yum updateinfo list --cve CVE-2012-3954 Loaded plugins: rhnplugin, security ELSA-2012-1141 Moderate/Sec. dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64 ELSA-2012-1141 Moderate/Sec. dhcp-common-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
Or see additional information about that particular errata or CVE:
# yum updateinfo info --cve CVE-2012-3954 Loaded plugins: rhnplugin, security =============================================================================== dhcp security update =============================================================================== Update ID : ELSA-2012-1141 Release : Oracle Linux 6 Type : security Status : final Issued : 2012-08-02 CVEs : CVE-2012-3954 : CVE-2012-3571 Description : [12:4.1.1-31.P1.0.1.el6_3.1] : - Added oracle-errwarn-message.patch : : [12:4.1.1-31.P1.1] : - An error in the handling of malformed client : identifiers can cause a denial-of-service : condition in affected servers. (CVE-2012-3571, : #843120) : - Memory Leaks Found In ISC DHCP (CVE-2012-3954, : #843120) Severity : Moderate updateinfo info done
For more information on using the yum tool, see the Oracle Linux 6 Administration Guide.
The yum-security plugin also allows you to narrow the yum tool to only update security fixes. Instead of running a generic update command, you can leverage the additional errata metadata and tell yum to only apply security patches:
# yum --security update
Alternatively, you can target a specific errata or CVE:
# yum update --cve CVE-2012-3954
# yum update --advisory ELSA-2012-1141
Oracle Enterprise Manager 12c Cloud Control has always been able to extract and display errata information for Oracle Linux.
Now, tools like Red Hat Satellite, Spacewalk, Katello/Pulp and SUSE Manager are all able to ingest the errata information and provide that information via their UI tools.
For example, here's a snippet from Spacewalk showing the Oracle Linux 6 (i386) Latest channel from public-yum.oracle.com:
If you click on a particular advisory, you can see information for that advisory:
You can also see the packages affected by an advisory:
Stay tuned for a future blog post that goes through how to setup Spacewalk to mirror the public-yum.oracle.com repositories.
I have recently received several questions about how to find information relating to critical security updates or important errata releases for Oracle Linux. I realized that perhaps people were not aware of the new features and improvements to Unbreakable Linux Network (ULN), which assist users with common administrative tasks. I wanted to take a quick moment to highlight for you some of the changes we have made. First, there are two links you will want to bookmark:
Each link will allow the user to evaluate what updates have been made available for Oracle Linux.
With https://linux.oracle.com/errata you are able to view all errata releases available, listed by type, severity, advisory, summary and release date. In addition, you are also able to filter this list by release and/or type (Bug, Security, Enhancement) and if you select an item from the list you will receive additional details regarding the errata, including a description, related CVEs and the packages updated by the errata. You can also navigate to this same information by logging into ULN and selecting the 'Errata' tab from the options across the top.
For those who need information on security errata involving CVE identifiers (Common Vulnerabilities and Exposures) we have created https://linux.oracle.com/cve. This site allows you to gather information on important CVE identifiers, by providing a summary of all CVE offered through ULN. This summary is listed by CVE identifier and includes a brief synopsis and the release date. You can also filter the list by year. In addition, when you select a specific CVE identifier, you will receive additional details, such as information on CVSS v2 metrics as well as affected platforms.
We have been working to bring more features to ULN and these updates should provide more tools to simplify your administrative activities. Happy patching!
We’re proud to announce the availability of a major enhancement to Oracle Linux: Unbreakable Enterprise Kernel Release 2 (2.6.39) has been released! The RPM packages are now available from the Unbreakable Linux Network and the public yum repositories. This kernel can be installed on both Oracle Linux 5.8 and newer as well as Oracle Linux 6.2 and newer. By simply updating the Unbreakable Enterprise Kernel, Oracle Linux customers can benefit from the latest improvements that have taken place in mainline Linux, without having to re-install their distribution or applications.
This release includes many new features as well as numerous performance and scalability improvements that were added to mainline Linux since the first Unbreakable Enterprise Kernel release (which is based on Linux 2.6.32). Despite the version number, the Unbreakable Enterprise Kernel Release 2 is based on mainline Linux 3.0.16 and includes a few selected patches from other mainline Linux versions. The source code is available from this public git source code repository.
Some key highlights in this release include:
For more information, please see the Unbreakable Enterprise Kernel Release 2 features and benefits document and consult the release notes for more For installation instructions, check out the Getting Started with the Unbreakable Enterprise Kernel installation guide on the Oracle Technology Network.
Now that the Unbreakable Enterprise Kernel Release 2 has been released, we will continue to provide support for Release 1 of the Unbreakable Enterprise Kernel (2.6.32) in the form of critical bug fixes and security errata for another 9 months. However, new hardware enablement (e.g. by providing device driver updates) will now only be made available through the quarterly updates of Unbreakable Enterprise Kernel Release 2 on the Unbreakable Linux Network. During this grace period, we encourage all customers to switch to Release 2.
We're happy to announce the general availability of Oracle Linux 5 Update 8. RPM packages for direct installation/upgrade are available for Oracle Linux Support Customers from the Unbreakable Linux Network. Individual packages of the initial release are also available for download from our public yum repository. ISO installation images of the distribution will be made available for download from the Oracle Software Delivery Cloud (aka E-Delivery) shortly or look for external mirror sites. If you require ISO images before they are available from there, please request these via a Metalink service request or log into My Oracle Support and search for patch 13801642.
This distribution includes the latest release of the Unbreakable Enterprise Kernel Release 1 (version 2.6.32-300.10.1, based on mainline Linux 2.6.32), which includes a number of important bug fixes and driver updates. Please see the release notes for a detailed list of changes and improvements.
Recently, the ULN team added Yum support. This means that anyone running Oracle Linux 5 registered with ULN can now use yum instead of up2date to download and install packages. If you have already run a full update since Oracle Linux 5.6 was released on January 20th 2010, you should already be able to use yum against ULN.
If you are running Oracle Linux 5 and want to enable ULN yum support without updating any other packages, install yum-rhn-plugin as follows. This assumes your system is already registered with ULN:
# up2date --install yum-rhn-plugin
With that installed, you can immediately being using yum. For example:
# yum repolist Loaded plugins: rhnplugin, security repo id repo name status ol5_x86_64_latest Oracle Linux 5 Latest (x86_64) enabled: 4,647 repolist: 4,647 # yum info oracle-validated Loaded plugins: rhnplugin, security Installed Packages Name : oracle-validated Arch : x86_64 Version : 1.1.0 Release : 3.el5 Size : 60 k Repo : installed Summary : Verifies and sets system parameters based on Oracle validated configuration : recommendations for OEL5 License : GPL Description: This package verifies and sets system parameters based on Oracle validated : configuration recommendations for Oracle Enterprise Linux Release 5 Files : affected: /etc/sysctl.conf, /etc/security/limits.conf, /etc/modprobe.conf, : /boot/grub/menu.lst. For changes to modules, this package installation will modify : module paramters and re-insert. Available Packages Name : oracle-validated Arch : x86_64 Version : 1.1.0 Release : 7.el5 Size : 23 k Repo : ol5_x86_64_latest Summary : Verifies and sets system parameters based on Oracle validated configuration : recommendations for OEL5 License : GPL Description: This package verifies and sets system parameters based on Oracle validated : configuration recommendations for Oracle Enterprise Linux Release 5 Files : affected: /etc/sysctl.conf, /etc/security/limits.conf, /etc/modprobe.conf, : /boot/grub/menu.lst. For changes to modules, this package installation will modify : module paramters and re-insert. # yum update ...
If you're new to yum, see this overview of basic yum commands. Enjoy.
Get the latest updates on strategy, products, events, news, customers, partners and all things Oracle Linux! Connect with Oracle's Linux experts.