CentOS AS 3 Update 2 Release Notes Copyright (c) 2004 Red Hat, Inc. Copyright (c) 2004 CentOS Project. ---------------------------------------------------------------------- Introduction The following topics are covered in this document: o Changes to the CentOS installation program (Anaconda) o General information o Changes to drivers and hardware support o Changes to packages Changes to the CentOS Installation Program (Anaconda) The following section includes information specific to the CentOS installation program, Anaconda. Note In order to upgrade an already-installed CentOS 3 system to Update 2, you must use yum to update those packages that have changed. The use of Anaconda to upgrade to Update 2 is not supported. Use Anaconda only to perform a fresh install of CentOS 3 Update 2. o If you are copying the contents of the CentOS 3 Update 2 CD-ROMs (in preparation for a network-based installation, for example) be sure you copy the CD-ROMs for the operating system only. Do not copy the Extras CD-ROM, or any of the layered product CD-ROMs, as this will overwrite files necessary for Anaconda's proper operation. These CD-ROMs must be installed after CentOS has been installed. General Information This section contains general information not specific to any other section of this document. o For information regarding various system configuration limits, refer to: http://www.redhat.com/software/rhel/configuration/ o CentOS 3 Update 2 adds a graphical boot option back-ported from Fedora Core. It is disabled by default; to enable, add the rhgb option to the boot command line, and ensure that the GRAPHICAL line in /etc/sysconfig/init reads: GRAPHICAL=yes o To speed login when NIS is used, it is now possible to request the use of the netid.byname map instead of the groups.byname map for providing group-related information to NIS clients. This map is traditionally not used for this purpose, but in most configurations contains the necessary information, and is generated by default on recent Linux and Solaris(TM) NIS servers. To enable this feature, find the following line in /etc/default/nss: # NETID_AUTHORITATIVE=TRUE Next, use a text editor to remove the leading '#' character, saving your changes when done. Note No cross-checks of the netid.byname map are done by either the NIS server or client. Therefore, the responsibility of ensuring that netid.byname contains appropriate information rests with the system administrator. It is also possible to improve NIS performance by using the services.byservicename map. If this map exists and has been built properly, its use can be enabled by the following setting in /etc/default/nss: SERVICES_AUTHORITATIVE=TRUE The services.byservicename map must contain both names of services and aliases as keys, both without protocol specified and with protocol. Recently-updated CentOS and Solaris NIS servers provide properly-built services.byservicename maps. o The CentOS 3 Update 2 Extras CD-ROM includes the fonts-monotype package. This optional package contains the Albany(TM), Cumberland(TM), and Thorndale(TM) fonts by Agfa Monotype. These fonts provide a core set of document fonts with metrics close to those of core fonts included with other common operating systems. LauS (Linux Auditing System) Notes CentOS 3 Update 2 features LAuS, the Linux Auditing System. This system is composed of kernel-resident and user-space components that facilitate highly-configurable and robust logging of system call use. This document provides an overview of how the auditing system is put together and basic information on how to get it running. Pointers to relevant documentation are also provided that should help in making the best use of this new capability. LauS Overview LauS consist of two types of components: o The kernel component o The User-space components Kernel Component The default kernel provided with CentOS 3 Update 2 contains modifications that enable system-call auditing. When auditing is not in use, these modifications are performance-neutral. The kernel component provides access to the auditing facilities through a character-special device -- /dev/audit. Through this device, a user-space daemon (auditd) can enable or disable auditing and can provide the kernel with the rulesets it is to use to determine when an invocation of a system call must be logged. This device is also used by auditd to retrieve audit records from the kernel for transfer to the audit log. Refer to the audit(4) man page for information about supported ioctl() calls and /proc/ interfaces for managing and tuning auditing behavior. User-Space Components There are a number of programs provided that transfer audit records from the kernel to the audit log and manipulate the resulting data. These programs and their documentation are found in the laus package. Auditing is performed for a process if that process registers itself with the kernel as auditable. This registration is propagated to any process started from a registered process. Modifications were made to PAM to assure the auditing of all user sessions when kernel auditing is enabled. auditd The audit daemon can be run as a service and configured with chkconfig. The audit daemon reads a number of files from /etc/audit/ at startup. The contents of /etc/audit/audit.conf specify how and where to write audit records and what to do if the logs overrun available disk space. The contents of /etc/audit/filesets.conf and /etc/audit/filters.conf specify the rulesets the kernel uses to determine if a system call is auditable. The audit daemon can also be run with the -r option to instruct auditd to reload the rulesets and communicate any changes to the kernel. Refer to the auditd(8), audit-filters(5), audit-conf(5), and audit-filesets(5) man pages for more information. aurun This program enables an auditing context for itself and execs the program specified on its command line. This can be used to enable auditing on processes that are not generally part of a user session. Refer to the aurun(8) man page for more information. aucat This program writes the contents of the audit log to standard output. There are also options for specifying the level of detail required. Refer to the aucat(1) man page for more information. augrep This program writes audit log records matching specified patterns to standard output. Refer to the augrep(1) man page for more information. PAM The Pluggable Authentication Modules package has been modified to log authentication activity. Failed and successful authentications are logged to the audit log. PAM marks for auditing all sessions which are started from successful authentication and generates an audit record when the session is terminated. For Further Information Detailed information regarding data formats can be found in the laus-fields(7) and laus-record(7) man pages. Changes to Drivers and Hardware Support This update includes bug fixes for a number of drivers. The more significant driver updates are listed below. In some cases, the original driver has been preserved under a different name, and is available as a non-default alternative for organizations that wish to migrate their driver configuration to the latest versions at a later time. Note The migration to the latest drivers should be completed before the next CentOS update is applied, because in most cases only one older-revision driver will be preserved for each update. These release notes also indicate which older-revision drivers have been removed from this kernel update. These drivers have the base driver name with the revision digits appended; for example, megaraid_2002.o. You must remove these drivers from /etc/modules.conf before installing this kernel update. Keep in mind that the only definitive way to determine what drivers are being used is to review the contents of /etc/modules.conf. Use of the lsmod command is not a substitute for examining this file. IBM ServeRAID (ips driver) o The ips driver has been updated from 6.10.52 to 6.11.07 o The new driver is scsi/ips.o o The older driver has been preserved as addon/ips_61052/ips_61052.o o The 6.00.26 driver (ips_60026.o) has been removed LSI Logic RAID (megaraid driver) o The megaraid2 driver has been updated from v2.00.9 to v2.10.1.1 o The new driver is scsi/megaraid2.o o The older driver has been preserved as addon/megaraid_2009/megaraid_2009.o o The default driver remains the v1.18k driver (megaraid.o) LSI Logic MPT Fusion (mpt* drivers) o These drivers have been updated from 2.05.05+ to 2.05.11.03 o The new drivers are located in message/fusion/ o The older drivers have been preserved in addon/fusion_20505/ Compaq SA53xx Controllers (cciss driver) o The cciss driver has been updated from 2.4.47.RH1 to 2.4.50.RH1 QLogic Fibre Channel (qla2xxx driver) o These drivers have been updated from 6.06.00b11 to 6.07.02-RH2 o The new drivers are located in addon/qla2200/ o The older driver have been preserved in addon/qla2200_60600b11/ Note Note that the QLA2100 adapter has been retired by QLogic. This adapter is no longer supported by QLogic. Therefore, the driver is located in the kernel-unsupported package. Intel PRO/1000 (e1000 driver) o This driver has been updated from 5.2.20-k1 to 5.2.30.1-k1 Broadcom Tigon3 (tg3 driver) o This driver has been updated from v2.3 to v2.7 Network Bonding (bonding driver) o This driver has been updated from 2.2.14 to 2.4.1 Serial ATA (libata driver) o This driver has been updated to version 1.01 Changes to Packages This section contains listings of packages that have been updated or added from CentOS 3 as part of Update 2. Note These package lists include packages from all variants of CentOS 3. Your system may not include every one of the packages listed here. The following packages have been updated from the original release of Red Hat Enterprise Linux 3: o anaconda o anaconda-images o anaconda-runtime o ant o ant-devel o ant-libs o arptables_jf o arpwatch o at o binutils o clumanager o compat-gcc o compat-gcc-c++ o compat-gcc-g77 o compat-gcc-objc o compat-glibc o compat-libstdc++ o compat-libstdc++-devel o comps o cpp o cvs o cyrus-sasl o cyrus-sasl-devel o cyrus-sasl-gssapi o cyrus-sasl-md5 o cyrus-sasl-plain o dev o devlabel o distcache o distcache-devel o elfutils o elfutils-devel o elfutils-libelf o elilo o ethereal o ethereal-gnome o firstboot o fontconfig o fontconfig-devel o freeradius o freeradius-mysql o freeradius-postgresql o freeradius-unixODBC o gaim o gcc o gcc-c++ o gcc-c++-ssa o gcc-g77 o gcc-g77-ssa o gcc-gnat o gcc-java o gcc-java-ssa o gcc-objc o gcc-objc-ssa o gcc-ssa o GConf2 o GConf2-devel o gdb o gdk-pixbuf o gdk-pixbuf-devel o gdk-pixbuf-gnome o gdm o glibc o glibc-common o glibc-debug o glibc-devel o glibc-headers o glibc-profile o glibc-utils o gnome-mime-data o gnome-panel o gnupg o hotplug o httpd o httpd-devel o hwdata o initscripts o iproute o ipsec-tools o iptables o iptables-ipv6 o kbd o kdegames o kdegames-devel o kdepim o kdepim-devel o kernel o kernel-doc o kernel-source o kernel-unsupported o kernel-utils o kinput2-canna-wnn6 o krb5-devel o krb5-libs o krb5-server o krb5-workstation o kudzu o kudzu-devel o lftp o libf2c o libgcc o libgcc-ssa o libgcj o libgcj-devel o libgcj-ssa o libgcj-ssa-devel o libgnat o libmudflap o libmudflap-devel o libobjc o libpcap o libstdc++ o libstdc++-devel o libstdc++-ssa o libstdc++-ssa-devel o libxml2 o libxml2-devel o libxml2-python o MAKEDEV o mdadm o modutils o modutils-devel o mod_python o mod_ssl o mozilla o mozilla-chat o mozilla-devel o mozilla-dom-inspector o mozilla-js-debugger o mozilla-mail o mozilla-nspr o mozilla-nspr-devel o mozilla-nss o mozilla-nss-devel o mutt o net-snmp o net-snmp-devel o net-snmp-perl o net-snmp-utils o netdump o netdump-server o netpbm o netpbm-devel o netpbm-progs o nfs-utils o nptl-devel o nscd o nss_ldap o openssh o openssh-askpass o openssh-askpass-gnome o openssh-clients o openssh-server o openssl o openssl-devel o openssl-perl o openssl096b o oprofile o oprofile-devel o pam o pam-devel o pam_krb5 o popt o postfix o pwlib o pwlib-devel o quagga o quagga-contrib o quagga-devel o rdist o redhat-config-cluster o redhat-config-kickstart o redhat-config-network o redhat-config-network-tui o redhat-config-packages o redhat-config-printer o redhat-config-printer-gui o redhat-config-xfree86 o redhat-rpm-config o rh-postgresql o rh-postgresql-contrib o rh-postgresql-devel o rh-postgresql-docs o rh-postgresql-jdbc o rh-postgresql-libs o rh-postgresql-pl o rh-postgresql-python o rh-postgresql-server o rh-postgresql-tcl o rh-postgresql-test o rhdb-admin o rhdb-docs o rhdb-explain o rhpl o rpm o rpm-build o rpm-devel o rpm-python o rpmdb-redhat o rsync o samba o samba-client o samba-common o samba-swat o sendmail o sendmail-cf o sendmail-devel o sendmail-doc o shadow-utils o slocate o strace o struts o sysklogd o sysstat o SysVinit o tcpdump o unixODBC o unixODBC-devel o unixODBC-kde o up2date o up2date-gnome o vsftpd o xemacs o xemacs-el o xemacs-info o XFree86 o XFree86-100dpi-fonts o XFree86-75dpi-fonts o XFree86-base-fonts o XFree86-cyrillic-fonts o XFree86-devel o XFree86-doc o XFree86-font-utils o XFree86-ISO8859-14-100dpi-fonts o XFree86-ISO8859-14-75dpi-fonts o XFree86-ISO8859-15-100dpi-fonts o XFree86-ISO8859-15-75dpi-fonts o XFree86-ISO8859-2-100dpi-fonts o XFree86-ISO8859-2-75dpi-fonts o XFree86-ISO8859-9-100dpi-fonts o XFree86-ISO8859-9-75dpi-fonts o XFree86-libs o XFree86-libs-data o XFree86-Mesa-libGL o XFree86-Mesa-libGLU o XFree86-sdk o XFree86-syriac-fonts o XFree86-tools o XFree86-truetype-fonts o XFree86-twm o XFree86-xauth o XFree86-xdm o XFree86-xfs o XFree86-Xnest o XFree86-Xvfb o ypbind o ypserv The following packages have been added to CentOS 3 Update 2: o commons-dbcp o commons-dbcp-devel o commons-pool o commons-pool-devel o eclipse o elfutils-libelf-devel o gnu-efi o jaf o jaf-devel o java-javadoc o javamail o javamail-devel o jpackage-utils o junit o junit-devel o laus o laus-devel o libunwind o mtx o mysql-jdbc o rh-cs-de o rh-cs-es o rh-cs-fr o rh-cs-it o rh-cs-ja o rh-cs-ko o rh-cs-pt_br o rh-cs-zh_cn o rh-cs-zh_tw o rhdb-cc o rhgb o sg3_utils o struts-webapps The following packages have been removed from CentOS 3 Update 2: o mod_jk2 o mod_webapp o mozilla-psm ( ia64 )