• See the section of General Admin Principles that deals with software and system maintenance.
• Software can be evil.
  • Can open doors to system intrusion through exploitable weaknesses in software, network ports needed by the software.
  • Can results in system instability, performance degradation, loss of disk space.
  • User demand requires software to be installed.
  • But the administrator should avoid installing software, as far as it is possible.

• widely used
  • used on rockhopper, since its a Fedora Linux system
• To install a RPM package

        rpm -i package.rpm

• To upgrade a RPM package

        rpm -U package.rpm

• To uninstall a RPM package

        rpm -e package.rpm

• To query all RPM packages currently installed

        rpm -qa

• RPM does not resolve package dependencies by itself
  • Tools to resolve RPM dependencies
    • yum (Red Hat, Fedora), up2date (Red Hat Network), autoupdate

• See previous description
• widely used
• Many popular, third party applications (firefox, google-chrome) are available now in both RPM and DEB format.

• FreeBSD ports system
  • automatically download/compile/install from source
• NetBSD tgz packages
  • pkgsrc system
• Mac OS X
  • fink
  • macports
  • homebrew
• Gentoo Linux
  • Uses a BSD ports-like system

• Scripting languages have had their own module management systems for a while.
  • Perl modules can be installed via CPAN.
  • Python modules can be installed using easy_install or pip.
  • Ruby modules can be installed using RubyGems.
  • Normal users can use these systems without admin intervention, at the cost of possibly using more disk space per user and causing version conflicts.

• conflicts between packages are supposed to be resolved
• package maintainers work with each other and the package maintainer community to resolve file naming conflicts
  • official Red Hat RPM repository
  • official Debian deb repository
    • assures quality control and conflict resolution

• The GNU build system (autoconf/automake)
  • Software installs from source can often be reduced to a simple series of commands
    • the './configure; make; make install' routine
      • usually installs to the '/usr/local' directory tree
  • Newer alternatives to the GNU build system exist
    • Any type of scripted configuration/compilation system is preferable to having to deal with raw Makefiles or hand-editing the source code.

• Source-installed software sandboxing systems
  • sandboxing: each program exists only in its own separate subdirectory (and only one subdirectory)
  • GNU stow
    • user-controlled sandboxing
  • BSD/Gentoo ports, pkgsrc, fink, macports, homebrew system may also use sandboxing systems of their own.

• making executables available
  • Add new bin directories to global $PATH in /etc/profile

• making libraries available (Linux)
  • Add new lib directories to /etc/ld.so.conf & run ldconfig (Linux)
  • Add new lib directories to LD_LIBRARY_PATH in /etc/profile (old)

• Other environment variables that need to be globally set
  • MANPATH, CLASSPATH (Java)

• Licenses
• Ethical issues
  • Buy single user license and use for a whole class
    • Legal? Ethical?

• License daemons
  • Run in background to ensure that license is not violated
    • enforce per user licenses
    • enforce connection limits to an OS or service

• Making sure all machines have same software and same versions of software and get upgraded/patched at the same time
  • cssh and similar solutions have their uses but can require a lot of screen real estate
    • They have an advantage that you can see what's going on on each machine.
    • Mostly suited to labs and clusters in which the machines use the same OS on the same or similar hardware.
  • simple shell script that visits each machine via ssh and runs a job in the background as root
    • a “push” solution
    • requires every machine to be up and running, else miss an update (as with cssh-like solutions)
      • wake-on-lan can take care of machines that are powered off
        • but can't help machines that are locked up/crashed
  • a scheduled update script run via cron that downloads and runs an update script at bootup or nightly
    • a “pull” solution
  • much more sophisticated and flexible “configuration management systems”
  • “imaging” software, exemplified by software such as Norton Ghost, in which a group of machines are made to be in sync with a “golden image” (a machine on which a desired and set system configuration and software are installed).
    • good for lab environments on which you want to return all lab machines to a desired state after a day of student usage
    • also good for major system upgrades

• How should upgrades be performed?
  • Questions that should be considered:
    • When is it appropriate to upgrade software?
      • Is the upgrade needed now or can it wait?
        • How critical is the upgrade?
      • Is there a maintenance window?
        • How long will the upgrade take?
    • Has the upgrade been sufficiently tested?
    • Is there a backout path in case the upgrade causes problems or goes wrong?
      • Is there a reliable backup of the system?
    • Also see Software section of System Administration Principles.

Install the Google Chrome web browser on your virtual Linux systems.

• Record the details of the installation in your admin journals.
• Download the appropriate package from http://www.google.com/chrome.
• Note the software license that is used by Google Chrome. Also, see the EULA and fine print.
  • Is there an open-source alternative to or version of Google Chrome?
• Where does Google Chrome install itself?
  • Can this information be found in the package file you downloaded?
  • Note also the software repository changes that the Google Chrome installation made.

Install Rootkit Hunter on your virtual Linux systems.

• Record the details of the installation in your admin journals.
• Download the source code from http://rkhunter.sourceforge.net to a Downloads directory.
  • You can use the following wget command:
    • 'wget https://sourceforge.net/projects/rkhunter/files/latest/download?source=files -O rkhunter-1.4.6.tar.gz'
  • Extract the source code from the downloaded archive and note the software license used.
• Run rkhunter.
• An older version of Rootkit Hunter is available for installation via apt-get on your Linux VMs. In the case of this software package, why might downloading and running from the source code preferable?

Install the drjava and bluej java IDEs on your virtual Linux systems.

• Download the most recent packages from http://drjava.org and http://bluej.org. (Link to drjava jar file)
  • Neither of these software packages is available for download using apt-get.
• See the Linux lab machines on which both drjava and bluej are installed.
• Record the details of the installation in your admin journals.

Install the puppet and puppetmaster packages on your virtual Linux systems (VMs). Install just the puppet package on your Linux containers.