Softpanorama May the source be with you, but remember the KISS principle ;-)	Home	Switchboard	Unix Administration	Red Hat	TCP/IP Networks	Neoliberalism	Toxic Managers
	(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix

Updates in RHEL 5

RHEL 5, especially versions 5.6-5.11 were probably one of the most stable version of Red Hat I ever encountered. It still support more or less recent hardware (Oracle provides updated kernel if you want it). This is a very conservative distribution. For example, it still uses such really old (or obsolete, if you wish) versions as bash 3.2.25, Perl 5.8.8, and Python 2.4.3.

Oracle produced improved kernel for 5.x versions based of later version of linux kernel then "stock" RHEL kernel. It might benefit stability if you are running Oracle applications. It is 64-bit only and is more capricious toward hardware then Red Hat stack kernel so your mileage can vary.

RHEL 5 suffers from proliferation of useless or semi-useless daemons and as such is not secure and probably can't be made secure in default installation. You need carefully minimize the system to get s usable server.

Systemtap

Systemtap is a GPL-based infrastructure which simplifies information gathering on a running Linux system. This assists in diagnosis of performance or functional problems. With systemtap, the tedious and disruptive "instrument, recompile, install, and reboot" sequence is no longer needed to collect diagnostic data. Systemtap is now fully supported. For more information refer to http://sources.redhat.com/systemtap.

iSNS-utils

The Internet storage name service for Linux (isns-utils) is now supported. This allows you to register iSCSI and iFCP storage devices on the network. isns-utils allows dynamic discovery of available storage targets through storage initiators.

isns-utils provides intelligent storage discovery and management services comparable to those found in fibre-channel networks. This allows an IP network to function in a similar capacity to a storage area network.

With its ability to emulate fibre-channel fabric services, isns-utils allows for seamless integration of IP and fibre-channel networks. In addition, isns-utils also provides utilities for managing both iSCSI and fibre-channel devices within the network.

For more information about isns-utils specifications, refer to http://tools.ietf.org/html/rfc4171. For usage instructions, refer to /usr/share/docs/isns-utils-[version]/README and /usr/share/docs/isns-utils-[version]/README.redhat.setup.

rsyslog

rsyslog is an enhanced multi-threaded syslogd daemon that supports the following (among others):

MySQL
syslog/tcp
RFC 3195
permitted sender lists
filtering on any message part
more granular output format control

rsyslog is compatible with the stock sysklogd, and can be used as a replacement in most cases. Its advanced features make it suitable for enterprise-class, encrypted syslog relay chains; at the same time, its user-friendly interface is designed to make setup easy for novice users.

For more information about rsyslog, refer to http://www.rsyslog.com/.

Openswan

Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE) for Linux. IPsec uses strong cryptography to provide authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN).

This release of Openswan supports IKEv2 (RFC 4306, 4718) and contains an IKE2 daemon that conforms to IETF RFCs. For more information about Openswan, refer to http://www.openswan.org/.

Password Hashing Using SHA-256/SHA-512

Password hashing using the SHA-256 and SHA-512 hash functions is now supported.

To switch to SHA-256 or SHA-512 on an installed system, run authconfig --passalgo=sha256 --update or authconfig --passalgo=sha512 --update. To configure the hashing method through a GUI, use authconfig-gtk. Existing user accounts will not be affected until their passwords are changed.

For newly installed systems, using SHA-256 or SHA-512 can be configured only for kickstart installations. To do so, use the --passalgo=sha256 or --passalgo=sha512 options of the kickstart command auth; also, remove the --enablemd5 option if present.

If your installation does not use kickstart, use authconfig as described above. After installation, change all created passwords, including the root password.

Appropriate options were also added to libuser, pam, and shadow-utils to support these password hashing algorithms. authconfig configures necessary options automatically, so it is usually not necessary to modify them manually:

New values of the crypt_style option and new options for both hash_rounds_min and hash_rounds_max are now supported in the [defaults] section of /etc/libuser.conf. For more information, refer to man libuser.conf.
New options sha256, sha512, and rounds are now supported by the pam_unix PAM module. For more information, refer to /usr/share/doc/pam-[pam version]/txts/README.pam_unix.
The following new options in /etc/login.defs are now supported by shadow-utils:
- ENCRYPT_METHOD — Specifies the encryption methods to be used. Valid values are DES, MD5, SHA256, and SHA512. If this option is defined, MD5_CRYPT_ENAB is ignored.
- SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS — Specifies the number of hashing rounds to use if ENCRYPT_METHOD is set to SHA256 or SHA512. If neither option is set, a default value is chosen by glibc. If only one option is set, the encryption method specifies the number of rounds.
  If both options are used, they specify an inclusive interval from which the number of rounds is chosen randomly. The selected number of rounds is limited to the inclusive interval [1000, 999999999].

OFED in comps.xml

The group OpenFabrics Enterprise Distribution is now included in comps.xml. This group contains components used for high-performance networking and clustering (for example, InfiniBand and Remote Direct Memory Access).

Further, the Workstation group has been removed from comps.xml in the Red Hat Enterprise Linux 5.2 Client version. This group only contained the openib package, which is now part of the OpenFabrics Enterprise Distribution group.

system-config-netboot

system-config-netboot is now included in this update. This is a GUI-based tool used for enabling, configuring, and disabling network booting. It is also useful in configuring PXE-booting for network installations and diskless clients.

openmpi

In order to accommodate the use of compilers other than gcc for specific applications that use message passing interface (MPI), the following updates have been applied to the openmpi and lam packages:

MPI installations are now consolidated under a single installation directory. All files can now be found under /usr/lib(64)/lam and /usr/lib(64)/openmpi/[openmpi version]-[compiler name].
Version and compiler strings are now included in the openmpi installation path, but not the lam installation path. This enables you to install multiple versions of openmpi, or install the same version of openmpi built by different compilers.
While this capability allows you to use a version of openmpi built by another compiler, Red Hat only supports the latest, gcc-compiled version of openmpi.
openmpi and lam now use mpi-selector to set which MPI implementation to use at any given time. For more information, refer to man mpi-selector and man mpi-selector-menu.

Note that when upgrading to this release's version of openmpi, you should migrate any default parameters set for lam or openmpi to /usr/lib(64)/lam/etc/ and /usr/lib(64)/openmpi/[openmpi version]-[compiler name]/etc/. All configurations for either openmpi or lam should be set in these directories.

lvm2 Snapshot Volume Warning

lvm2 will now warn if a snapshot volume is near its maximum capacity. However, this feature is not enabled by default. To enable this feature, uncomment the following line in /etc/lvm/lvm.conf：

snapshot_library = "libdevmapper-event-lvm2snapshot.so"

Ensure that the dmeventd section and its delimiters ({ }) are also uncommented.

bash

bash has been updated to version 3.2. This version fixes a number of outstanding bugs, most notably:

bash man page: updated to reflect the correct behavior of special built-in commands (such as eval, exec, and set. In addition, the bash man page now includes an explanation of the use of aliases in non-interactive scripts.
File descriptors now work as expected; in previous releases, bash did not close file descriptors with two or more digits.
A bug in the way bash handled certain multi-byte strings is now fixed.

Note that with this update, the output of ulimit -a has also changed from the Red Hat Enterprise Linux 5.1 version. This may cause a problems with some automated scripts. If you have any scripts that use ulimit -a output strings, you should revise them accordingly.

Red Hat 5.2 Enterprise Linux Documentation

Document	Published	PDF Download
Software Package Manifest	May 21, 2008	PDF
Deployment Guide	May 21, 2008	PDF
Installation Guide	May 21, 2008	PDF
Virtualization Guide	May 21, 2008	PDF
Cluster Suite Overview	May 21, 2008	PDF
Cluster Administration	May 21, 2008	PDF
LVM Administrator's Guide	May 21, 2008	PDF
Global File System	May 21, 2008	PDF
Using GNBD with GFS	May 21, 2008	PDF
Linux Virtual Server Administration	May 21, 2008	PDF
Using Device-Mapper Multipath	May 21, 2008	PDF
Tuning and Optimizing Red Hat Enterprise Linux for Oracle 9i and 10g Databases	Nov PDF