Presentation on theme: "Managing System Software Chapter 6. Chapter Objectives Explore hardware and software requirements for application installation. Explore types of software."— Presentation transcript:
Managing System Software Chapter 6
Chapter Objectives Explore hardware and software requirements for application installation. Explore types of software installations. Explore software installation and maintenance tools. Explore disk layout, and pros/cons of partitioning. Explore steps required before an installation is attempted.
Managing System Software Operating systems, utilities and applications are continually being updated. User’s request new software package installations as their needs change or new packages become available. Vendors constantly offer new versions of operating systems, utilities and applications. Bugs are found and patches to correct them need to be applied. No matter the source or the reason, the system administrator will be called upon to manage the system's software on a routine basis. Software maintenance is the task of obtaining, installing and keeping track of these updates.
Software Maintenance Concepts Software maintenance is conceptually pretty straight-forward. –As new features are added or bugs discovered, the provider of the operating system or applications bundles together the files needed to add the feature or correct the bug and makes them available. –The bundle of files is then installed to add the feature or correct the problem and possibly some additional commands are run to adjust configuration information as needed by the newly installed files. –Depending on the installation tools used, the bundle of files may also be checked for correct installation and authenticity as part of the installation process.
Software Maintenance Concepts These bundles of files are given various names. –Packages refer to a bundle of files that contain the programs, configuration files and installation commands for a single facility such as a print spooler. –Updates often refer to bundles that add additional features. –Patches, service packs and hot fixes often refer to bundles that correct a problem.
Software Maintenance Concepts Some vendors group bundles together into larger groupings. For example, Sun calls the groupings of Solaris packages, clusters, while Red Hat names their groupings for the type of system (e.g. server, client, laptop, etc.). A configuration is the term often used to describe a particular suite of packages such as the suite of packages one might install on each of a group of similar systems or the complete suite required packages needed to set a system up as a web server or print server.
Software Maintenance Concepts The difficulty in performing software maintenance comes in four areas. –First, there is not much agreement on the format for bundling files. –Second, various bundling formats require specialized installation, removal and management tools. These tools are different between vendors, and offer differing feature sets. –Third, updates, often overwrite configuration files, reset values to defaults, add users, turn on services, or perform other actions that causing working software to fail, or security to be compromised. –Finally, there is the chore of keeping track of which updates have been installed and which of the available updates need to be installed.
Software Packaging Formats Bundles of software can be packaged in a wide variety of forms. It's not uncommon to use one format for the operating system software, another for an application program and third format for a tool or utility program. –The self-extracting formats should be examined most carefully before using them. These formats have a history of being attacked via so-called Trojan Horse programs. –A careful system administrator will verify the authenticity of any patch or package before he installs it.
Software Maintenance Tools The wide variety of software packaging formats can be grouped together based on the features present in the tools used to manage them. There are three basic types of tools, –simple archivers –specialized multiple command package management suites –all in one tools Additionally, many of these tools include additional graphical interfaces making them easier to learn and use. Individual package management tools are not hard to learn, it is the variety of differing feature sets and tools across operating systems that makes this task tougher then it ought to be.
Simple Archivers The simplest of the software package management tools are the simple archivers such as tar, zip and cpio. –These common archiving tools are found on both UNIX and Windows and are used to create and install files from their corresponding archive formats. –Macintosh users will be familiar with Stuff-It tool for archiving files on that platform. –While tar, zip, cpio and other archive tools have the advantages of being cross platform, commonly used and readily available, they lack a number of features commonly found in tools specifically designed for software package management.
Simple Archivers Drawbacks of simple archival tools –Tracking installed software is left up to the administrator. –Simple archivers make no installation records. –The system administrator must use some external means to record what has been installed via these tools. –Any additional work required such as modifying configuration files or additional set up steps must be performed by hand. –These tools provide no integrated way to verify the authorship of the archive. –A simple archive does not contain the information needed to check for any dependencies the package may require. –None of these tools provide a direct method for obtaining the archives over the Internet.
Software Package Management Tools To address these deficiencies of simple archive tools for software package management, specialized installation tools were developed. Unlike the simple archivers whose packaging format is common across systems, these specialized tools use a wide variety of formats with limited cross platform availability. –Worse still, the tools used to manage these packages are at least as varied as the packaging formats themselves. Finally, the features provided by these tools vary from tool to tool often leaving the system administrator to pick up the slack when a needed feature is missing.
Software Package Management Tools A typical suite has commands to install or update packages, inquire about which packages are installed and remove packages. Dependency checking is an important feature for a package installation tool as many UNIX packages are modular, built on top of libraries found in other packages. Verification is the act of checking that the package is installed correctly and the files in the package match those installed. This can be used to check for possible tampering that may have occurred due to a break-in or to check that file modes or ownerships have not been changed my mistake.
Software Package Management Tools Another aspect of assuring system security when installing packages is the determination of the authenticity of the package being installed. This is especially important when using packages and patches downloaded over the Internet. Listing the installed packages and removing packages are common features across all of the package installation tools.
Software Package Management Tools Creating your own packages is one way a system administrator can deal with the installation and maintenance of locally developed software on a large number of systems. Advantages of home-grown installers: –The created package can be distributed and installed using the same tools and procedures used for other packages. –Any post installation configuration steps needed may be encapsulated in the package, assuring a consistent installation. –Checking and verification of proper installation of a package can be used to verify that the locally developed software is installed correctly.
Graphical Software Package Management Tools A typical software package management tools suite often tops off the command line tools with a graphical installation tool. In the case of Windows, graphical tools are the only way to install many software packages. These tools often offer the administrator fewer installation options, but handle the typical installations very well. While these graphical tools can make life easier when managing software on a single system, they suffer when put to use across many systems.
Graphical Software Package Management Tools When dealing with large numbers of systems, command line tools that can be run from scripting languages offer the flexibility needed to get package installations accomplished in a timely fashion. Graphical installers (generally) offer few installation options, by tending to oversimplify the installer for use by a novice user. Installations that make use of shared disk space for applications and other special situations will often require the use of options not found in a graphical installation tool.
Dealing with missing features It would be terrific if every software package management tool or tool suite had all the features needed. Unfortunately, nearly every installation tool suites lack one or more features. This can be worked around by combining the installation tools with other commonly available tools. The easiest (missing) feature to compensate for is Internet access. Most vendors provide access to software packages and patches via ftp, the web or both. Internet available packages and patches are often further packaged into one of the several common formats for download and will need to be unpacked from their distribution packaging before they can be installed.
Authenticity & Integrity Verification that a software package is intact and was produced by the genuine author are two critical but lacking features of nearly every software package management suite. They are of special importance when using the Internet to obtain patches or other software. One method of checking integrity and authenticity is to use a public key cryptographic tool such as gpg. Another way to fill in for this missing feature is to perform checksum and MD5 cryptographic fingerprint checks on the files using the sum and md5sum commands. –However, the vendor or other supplier of the patch or software package must publish a reference MD5 fingerprint or checksum value for comparison. Not all vendors do.
Catching Unintended Changes Despite the best intentions of the software vendor, installing a new package or patch sometime results in unintended changes to the operating system configuration files. These changes are not always easy to spot, but there are several things that can be done to prevent problems caused by package or patch installations. –1. Make certain you have a good backup of the system to be patched. –2. Install the package using an account other than root whenever possible.
Catching Unintended Changes –3. Install the package or patch on a test system first. –4. List and inspect the contents of the patch or package to be installed. –5. Extract and examine the installation script(s) for setuid/setgid commands, or any chown, chmod, cp, rm, mv, or shell redirection commands to ensure that critical system files are not altered. –6. Use a file modification monitor such as tripwire.
Finishing Touches Installing a package is often times not the end of the job for the system administrator. A wide variety of software packages require some degree of local customization, configuration, licensing or user level setup to complete the installation process and present the user with the fully functioning tool they expect. Since every package will have its own customization and configuration needs, the system administrator will need to read up on the specifics of the packages in use at his site.
Finishing Touches Configure once, and distribute the configuration. –Even packages that are installed by a package installation tool often have configuration files that will need to be modified. These files can modified to suit local conditions and then distributed using a tool such as rdist. Wrap a short shell script around a package to set needed variables. –Many packages require setting environment variables or adding elements to a shell’s execution path. Instead of having each user make the needed changes, one approach is to replace the program with a short shell script that sets the environment as required.
Finishing Touches For packages that contain several tools, all of which require special environmental variables or modifications to the user’s execution path consider adding the needed setup information to the skeleton files used to create the user’s accounts. Employ a specialized user environment configuration tool such as modules. –The modules tool provides the means for the system administrator to package up the environment variables, PATH and other user environment changes into modulefiles that can be easily loaded by a user to configure their environment to suit a specific package. –The modules tool performs complex tasks such as removing and reordering elements of the user’s execution PATH to allow even differing versions of the same package to be configured correctly.
Service Packs and other special situations Some patches and software packages cannot be installed using the usual software management tools. Special updates often require more time and a planning than the usual package installation. –Following the precautions listed in the previous section on unintended changes are a must for special updates. Additional caution is recommended.
Service Packs and other special situations Keep the previous kernel version available and ready to use. On Linux this can easily be accomplished by adding an entry to /etc/lilo.conf or /etc/grub.conf. –Other UNIX variants allow for a second kernel to be kept in the root or boot partition. Make an emergency boot disk. The procedure for this varies, but many operating systems allow you to make a floppy disk that the system can be booted from. Locate a bootable CD for the system being updated. Many operating systems allow you to boot from the installation CD and correct problems caused by updates.
Tracking and Distributing Packages and Patches Installing packages and patches on a large collection of systems is a challenging task. –The system administrator will need to maintain records of the packages and patches installed, check for missing packages and patches, and perform multiple installations. –Record keeping and checking for correct package and patch installation is rarely integrated into a software package management tool or suite of tools. –A simple, external method of monitoring packages and patches is the keep records in a table such as a spreadsheet.
Tracking and Distributing Packages and Patches Another approach is to make use of the software package management tool’s ability to list the installed packages. –Lists of packages from each system in a group can be gathered and compared to a master list or a master system. –This makes missing patches easy to spot. –The lists from each system can be stored and referred to later to determine which patches or packages need to be installed on a given system.
Tracking and Distributing Packages and Patches Package and patch distribution can be accomplished in a similar manner. –One method which works well is to place the package and patch files in a network-accessible directory which is available to all the systems to be patched. –Then connect to each system in turn and execute the appropriate package installation commands. –Automating the actual installation of packages and patches is an area where UNIX and command line package installation tools really shine. –Command line tools are readily automated by a variety of methods and are easily run remotely over a network connection such ssh.
Summary Maintaining the software on a system involves the periodic installation of software packages and patches. While a straight-forward task in concept, the pitfalls are many. The wide variety of package formats, management tools and missing features in specific tool sets make the process of managing packages and patches more challenging then it ought to be. Before attempting a software installation, the administrator should: –Explore hardware and software requirements for the application. –Understand the types of software installations. –Understand the software installation and maintenance tools. –Understand the disk layout, and pros/cons of partitioning. –Understand the steps required before the installation is attempted.