RPM Package Inspection for Fun and Profit

6a00d8341c562c53ef01538f8abd65970b-800wi"Whats in the box" — David Mills

Lets face it, one of your users needs to have a package installed on a system, you tend to do it for them. That is, as long as the package looks safe. Sure, your not going to install an rpm that is clearly dangerous, but as long as the package name looks reasonable and you trust the user, you might actually just go ahead an install it for them without thinking much about it. Hell, I know that I have done the exact same thing from time to time. And I have done it with an unsigned package.

"Sure you need this Oracle thing installed on this database server?"

 "You got it directly from Oracle right?"

But honestly, this is a very bad practice as you have no idea what the RPM is installing, and what its pre and post scripts might be doing to your system. Using the command below, you can inspect a packages post and pre install scripts to see if they are doing anything funny. In this instance I am taking a look at the dropbox package for my little Eeepc.

[root@localhost ~]# rpm -qp –scripts /root/Downloads/nautilus-dropbox-1.6.0-1.fedora.i386.rpm

If you have already installed a package and want to see what its pre and post install scripts did. You can run the command above using the installed package name. Note that you will drop the "P" from the command. See my sendmail example below.

[root@localhost ~]#rpm -q –scripts sendmail-8.14.8-2.fc20.i686

 

In addition to checking the pre and post scripts, you also want to check to see if the rpm has any triggers. What are triggers you ask? Well they are extensions to the normal install scripts, and they may often call for the installation of another package or the execution of a command. Just look at all the triggers that fire when you install sendmail.

[root@localhost ~]# rpm -q –triggers sendmail-8.14.8-2.fc20.i686
triggerun scriptlet (using /bin/sh) — sendmail < 8.14.5-3
/usr/bin/systemd-sysv-convert –save sendmail >/dev/null 2>&1 ||:
/bin/systemctl enable sendmail.service >/dev/null 2>&1
/bin/systemctl enable sm-client.service >/dev/null 2>&1
/sbin/chkconfig –del sendmail >/dev/null 2>&1 || :
/bin/systemctl try-restart sendmail.service >/dev/null 2>&1 || :
/bin/systemctl try-restart sm-client.service >/dev/null 2>&1 || :
# workaround for systemd rhbz#738022
/bin/systemctl is-active sendmail.service >/dev/null 2>&1 && \
        ! /bin/systemctl is-active sm-client.service >/dev/null 2>&1 && \
        /bin/systemctl start sm-client.service >/dev/null 2>&1 || :

Obviously you also want to check to see what files are actually part of a package. This can be accomplished with the query and list arguments seen below. Add the "P" argument if the rpm is not already installed. In this case I have already installed sendmail, so I exclude the "P" from the command.

 

[root@localhost ~]# rpm -ql sendmail-8.14.8-2.fc20.i686
/etc/NetworkManager/dispatcher.d/10-sendmail
/etc/mail
/etc/mail/Makefile
/etc/mail/access
/etc/mail/access.db
/etc/mail/aliasesdb-stamp
/etc/mail/domaintable
/etc/mail/domaintable.db
/etc/mail/helpfile
/etc/mail/local-host-names
..truncated…

 

So whats the moral of the story here. Well its really not that hard to take a minute and look under the covers and make sure that the packages that you are installing are not harming your systems. Is definetly worth 5 minutes of your time. Might just save your behind.

 

Related articles

RHEL6 – Simple Postfix Configuration
RHEL6 – Common Postfix Server Roles
Configure sendmail as a client for SMTPs
Sendmail Server

AIX – Check Availiable Memory, Free Memory, and Used Memory in Gigabytes

Dunce-cap-2Dunce Cap… seriously is that a real thing. Have you or someone you know ever have had to wear one? Or is this just something made up for tv and movies… anyway I digress.

Everything is harder in AIX – like looking at memory statstics and viewing them in a normal human readable format (like gigabytes). Because apparently IBM knows best and like to show me free memory in 4k bytes (and filesystem sizes in 512-blocks).

Anyway while I was working on a production server with high memory usage found this nice little blog artice which contains a simple script for viewing availiable memory, free memory, and used memory in gigabtyes.

Link below:

http://karellen.blogspot.com/2012/01/available-used-and-free-memory-in-aix.html

And for my own selfish purposes I copied the script below — just in case the link above dies at somepoint.

#!/bin/ksh
memory=`prtconf -m | awk 'BEGIN {FS=" "} {print
$3/1024}'`
usedmem=`svmon -G | grep memory | awk 'BEGIN {FS=" "} {print
$3/256/1024}'`
freemem=`echo $memory-$usedmem | bc -l`

#
Conclusion
echo "Avai Mem: $memory GB"
echo "Free Mem: $freemem
GB"
echo "Used Mem: $usedmem GB"

 

Anyway.. AIX sucks and I hate it.

 

Related articles

New IBM servers meet Energy Star 2.0 guidelines
Sudosh Make Me a Sandwich: Install and Configure Sudosh in Solaris 9/10
IBM Power Systems with POWER7 and AIX & Linux Technical Sales Skills – v2 (000-225)