[redhat-lspp] LSPP kickstart config v0.16 released

Linda Knippers linda.knippers at hp.com
Fri Jan 12 19:44:24 UTC 2007 

Klaus Weidner wrote:
> Hello,
> 
> an update to go with snapshot 5, which appears to work with no issues so
> far (knock on wood) :-) :-) :-)
> 
> Changes:
> 
>     Remove requirements for packages that are current in snapshot5
>     (pam, selinux-policy)
> 
>     activate MLS sshd on port 2222 via xinetd

With the latest ssh packages from dwalsh's repo, is this still needed?
If causes an avc when starting xinetd because the port hasn't been registered
with selinux.  If we still need to add a port, is this an ok number to choose?
Its in /etc/services as being Rockwell CSP2, whatever that is.  If we define a
port, we need an semanage port command to go along with it.

Also related to ssh, I saw in bugzilla 220487 that we should no longer
have pam_selinux in /etc/pam.d/sshd.  Is that right?  I hope so because
it no longer works with those lines in there.

-- ljk

>     Activate MLS level selection for local console login
> 
>     Add 'retry' option when post-install rpm upgrade fails
>     (Thanks to Klaus Kiwi for the patch)
> 
> This works for me without updates.img, and installs a correct grub config
> (yay!). According to the README I think the bug the updates.img fixes
> isn't applicable to this ks script.
> 
> I added the following updated packages for i386, but it should also work
> to update those later:
> 
>  http://people.redhat.com/sgrubb/files/lspp/kernel-2.6.18-1.2840.2.1.el5.lspp.57.i686.rpm
>  http://people.redhat.com/sgrubb/files/lspp/kernel-devel-2.6.18-1.2840.2.1.el5.lspp.57.i686.rpm
> 
> Since these appeare older than the snapshot5 kernel, you need to install
> them with:
> 
>  rpm -Uvh --oldpackage kernel-*
>  rm kernel-*
> 
> If you want ssh-via-xinetd on port 2222 to work, you'll need the patch
> from this bug, and recompile openssh:
> 
>  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220487
> 
> 	rpm -i ~kw/openssh-4.3p2-14.el5.src.rpm
> 	cd /usr/src/redhat
> 	rpmbuild -bc --nodeps SPECS/openssh.spec
> 	cd BUILD/openssh-*
> 	patch -p2 < ~kw/openssh-xinetd-MLS.diff 
> 	make sshd
> 	mv /usr/sbin/sshd /usr/sbin/sshd.old
> 	cp sshd /usr/sbin/sshd
> 	restorecon /usr/sbin/sshd
> 
> Known issues:
> 
> - if you upgrade PAM packages on biarch systems (not needed this time),
>   always update both the 32bit and 64bit PAM packages together
> 
> RPM download:
> 
>    http://klaus.vh.swiftco.net/lspp/SRPMS/
>    http://klaus.vh.swiftco.net/lspp/RPMS/noarch/
> 
> Git repository:
> 
>    http://klaus.vh.swiftco.net/lspp/git/
> 
> -Klaus
> 
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp

More information about the redhat-lspp mailing list