Tales of the sysadmin : patching

Posted on November 14, 2011 by Piotr

One thing that sysadmin is rather often involved is patching. You need to keep an eye on the exploits, and if possible apply new versions of software that you are using on the server.

There is an obvious danger related to keeping old, outdated software active on your servers. But there can also be dangers in updating software – this is not usually the case, but there is a possibility of new, even bigger bugs or incompatibilities to be introduced into the software.

It is quite normal for PHP developers for example to be careful with upgrades of major PHP versions – code may survive upgrade from 5.2 to 5.3 branch without any changes, but this is less likely if updating from 5.1 to 5.3. Updating from 4.x to 5.x branch will most likely require high amounts of code changes.

However, one needs to be prepared for anything, as in computer world everything is possible!

We’ve had an odd issue recently with httpd. The server was running version 2.2.17 for some time without any problems. Last patching updated it with version 2.2.21, which is not that far away. Yet, it turned out that for some reason one of modules that were used had gone missing.

The fix was rather simple, in short steps:

yum install httpd-devel
wget http://path.to/SRPMS/httpd-2.2.21-jason.1.src.rpm
mkdir /usr/src/redhat
rpm -Uvh httpd-2.2.21-jason.1.src.rpm
cd /usr/src/redhat/SOURCES/
tar -zxvf httpd-2.2.21.tar.gz
cd httpd-2.2.21/modules/mappers/
apxs -i -c mod_negotiation.c
/etc/init.d/httpd restart

A longer explanation:

In slightly longer terms, we’ve installed the httpd-devel package, which contains apxs, Apache Extensions Toolkit. Then downloaded, installed and unpacked source of this specific apache version, and finally compiled and installed the broken module.

Looking into RPM, this offending module should not cause any problems as it was in the package. However, for some unknown reason, it seemed like it was an older, incompatible version, hence the problem.

Checking that everything is working after patching is hard sometimes, especially if it is related to code, but quick looks into what software runs on the server while sysadmin finishes patching can help to keep down times at minimum.

Post to Digg Digg This Post Post to Reddit Post to Reddit Post to StumbleUpon Stumble This Post Post to Technorati Post to Technorati

This entry was posted in Managed Hosting. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>