3.11 Configuring and Using Software Management

Oracle Linux provides the yum utility which you can use to install or upgrade RPM packages. The main benefit of using yum is that it also installs or upgrades any package dependencies. yum downloads packages from repositories such as those that are available on the Oracle public yum server and the Unbreakable Linux Network (ULN), but you can also set up your own repositories on systems that do not have Internet access.

The Oracle public yum server is a convenient way to install Oracle Linux packages rather than installing them from installation media. You can also subscribe to the Oracle Linux errata mailing list, and obtain bug fixes, security fixes and enhancements. You can access the server at http://public-yum.oracle.com/.

If you have registered your system with ULN, you can use yum with the ULN channels to maintain the software on your system

You can use the RPM package manager to verify the integrity of installed system files. The rpm -V package and rpm -Vf filename commands verify packages and files respectively by comparing them with package metadata in the RPM database. The verify operation compares file size, MD5 sum, permissions, type, owner, and group and displays any discrepancies. To see more verbose information, specify the -v option. You can use the rpm -qa command to verify the integrity of all the packages that are installed on a system, for example:

# for i in `rpm -qa`
> do
> rpm -V $i > .tmp || echo -e "\nDiscepancies for package $i" && cat .tmp
> rm -f .tmp
> done

Discepancies for package gdm-2.30.4-33.0.1.el6_2.x86_64
.M....G..    /var/log/gdm
.M.......    /var/run/gdm
missing     /var/run/gdm/greeter

Discepancies for package libgcj-4.4.6-4.el6.x86_64
..5....T.  c /usr/lib64/security/classpath.security

Discepancies for package sudo-1.7.4p5-12.el6_3.x86_64
S.5....T.  c /etc/sudoers

Discepancies for package libcgroup-0.37-4.el6.x86_64
S.5....T.  c /etc/cgconfig.conf

Discepancies for package yum-3.2.29-30.0.1.el6.noarch
.......T.  c /etc/yum.conf

Discepancies for package kernel-2.6.32-279.el6.x86_64
.......T.    /etc/ld.so.conf.d/kernel-2.6.32-279.el6.x86_64.conf

A string of character codes indicates the discrepancies between an installed file and the metadata for that file. The following table lists the meanings of the character codes in the output from rpm -V:


Description of Difference


MD5 sum.


Device major or minor number.


Group ownership.


Symbolic link path.


Mode including permissions or file type.




File size.


Modification time.


User ownership.


None (test passed).


Unknown (test could not be performed).

If displayed, a single character code preceding the affected file denotes the file type, and can take the values shown in the following table:




Configuration file.


Documentation file.


Ghost file, whose file contents are not included in the package payload.


License file.


Readme file.

Most discrepancies are caused by editing the configuration files of subsystems. To see which files change over time, create a baseline file of discrepancies immediately after installation, and diff this file against the results found by rpm -V at a later date.

You can also use a file integrity checker to test whether a system has been compromised. There are several available open source and commercial file integrity checking tools, including AIDE (Advanced Intrusion Detection Environment) and Tripwire. AIDE and Tripwire are intrusion detection systems that scan file systems and record cryptographic hashes of each file in a database. After creating the database, you should then move it to a read-only medium to avoid tampering. On subsequent file system checks, the tool alerts you if the stored checksums do not match those for the current files. For more information, see the AIDE or Tripwire websites.

For more information about using yum, see the yum(8) manual page and the Oracle Linux Administrator's Solutions Guide.