搜索

此内容没有您所选择的语言版本。

1.5.4. Applying the Changes

download PDF
After downloading and installing security errata and updates, it is important to halt usage of the older software and begin using the new software. How this is done depends on the type of software that has been updated. The following list itemizes the general categories of software and provides instructions for using the updated versions after a package upgrade.

Note

In general, rebooting the system is the surest way to ensure that the latest version of a software package is used; however, this option is not always required, or available to the system administrator.
Applications
User-space applications are any programs that can be initiated by a system user. Typically, such applications are used only when a user, script, or automated task utility launches them and they do not persist for long periods of time.
Once such a user-space application is updated, halt any instances of the application on the system and launch the program again to use the updated version.
Kernel
The kernel is the core software component for the Red Hat Enterprise Linux operating system. It manages access to memory, the processor, and peripherals as well as schedules all tasks.
Because of its central role, the kernel cannot be restarted without also stopping the computer. Therefore, an updated version of the kernel cannot be used until the system is rebooted.
Shared Libraries
Shared libraries are units of code, such as glibc, which are used by a number of applications and services. Applications utilizing a shared library typically load the shared code when the application is initialized, so any applications using the updated library must be halted and relaunched.
To determine which running applications link against a particular library, use the lsof command:
lsof <path>
For example, to determine which running applications link against the libwrap.so library, type:
~]# lsof /lib64/libwrap.so*
COMMAND     PID      USER  FD   TYPE DEVICE SIZE/OFF   NODE NAME
sshd      13600 root mem    REG  253,0    43256 400501 /lib64/libwrap.so.0.7.6
sshd      13603 juan mem    REG  253,0    43256 400501 /lib64/libwrap.so.0.7.6
gnome-set 14898 juan mem    REG  253,0    43256 400501 /lib64/libwrap.so.0.7.6
metacity  14925 juan mem    REG  253,0    43256 400501 /lib64/libwrap.so.0.7.6
[output truncated]
This command returns a list of all the running programs which use TCP wrappers for host access control. Therefore, any program listed must be halted and relaunched if the tcp_wrappers package is updated.
SysV Services
SysV services are persistent server programs launched during the boot process. Examples of SysV services include sshd, vsftpd, and xinetd.
Because these programs usually persist in memory as long as the machine is booted, each updated SysV service must be halted and relaunched after the package is upgraded. This can be done using the Services Configuration Tool or by logging into a root shell prompt and issuing the /sbin/service command:
/sbin/service <service-name> restart
Replace <service-name> with the name of the service, such as sshd.
xinetd Services
Services controlled by the xinetd super service only run when a there is an active connection. Examples of services controlled by xinetd include Telnet, IMAP, and POP3.
Because new instances of these services are launched by xinetd each time a new request is received, connections that occur after an upgrade are handled by the updated software. However, if there are active connections at the time the xinetd controlled service is upgraded, they are serviced by the older version of the software.
To kill off older instances of a particular xinetd controlled service, upgrade the package for the service then halt all processes currently running. To determine if the process is running, use the ps or pgrep command and then use the kill or killall command to halt current instances of the service.
For example, if security errata imap packages are released, upgrade the packages, then type the following command as root into a shell prompt:
~]# pgrep -l imap
1439 imapd
1788 imapd
1793 imapd
This command returns all active IMAP sessions. Individual sessions can then be terminated by issuing the following command as root:
kill <PID>
If this fails to terminate the session, use the following command instead:
kill -9 <PID>
In the previous examples, replace <PID> with the process identification number (found in the second column of the pgrep -l command) for an IMAP session.
To kill all active IMAP sessions, issue the following command:
~]# killall imapd
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.