Thursday, January 26, 2012

Linux Package Manager Command Line Comparison

SkyHi @ Thursday, January 26, 2012
This page pulls heavily from openSUSE's Software Management Command Line Comparison. It has been simplified and has added Arch to the comparison, as well as modified the order in which each distribution exists for the benefit of Arch users.
Users from other Linux distributions can benefit from pacman by using a simple wrapper: pacapt. The script could also be intended for Arch users having to temporarily deal with another distribution.
Actionarchredhat/fedoradebian/ubuntuold suseopensusegentoo
Install a package(s) by namepacman -Syum installapt-get installrug installzypper install zypper inemerge [-a]
Remove a package(s) by namepacman -Ryum remove/eraseapt-get removerug remove/erasezypper remove zypper rmemerge -C
Search for package(s) by searching the expression in name, description, short description. What exact fields are being searched by default varies in each tool. Mostly options bring tools on par.pacman -Ssyum searchapt-cache searchrug searchzypper search zypper se [-s]emerge -S
Upgrade Packages - Install packages which have an older version already installedpacman -Syuyum updateapt-get upgraderug updatezypper update zypper upemerge -u world
Upgrade Packages - Another form of the update command, which can perform more complex updates -- like distribution upgrades. When the usual update command will omit package updates, which include changes in dependencies, this command can perform those updates.pacman -Syuyum distro-syncapt-get dist-upgradezypper dupemerge -uDN world
Reinstall given Package - Will reinstall the given package without dependency hassle.pacman -Syum reinstallapt-get install --reinstallzypper install --forceemerge [-a]
Installs local package file, e.g. app.rpm and uses the installation sources to resolve dependenciespacman -Uyum localinstalldpkg -i && apt-get install -fzypper in /path/to/local.rpmemerge
Updates package(s) with local packages and uses the installation sources to resolve dependenciespacman -Uyum localupdaten/aemerge
Use some magic to fix broken dependencies in a systempacman dep level - testdb, shared lib level - findbrokenpkgs or ldddpackage-cleanup --problemsapt-get --fix-brokenrug* solvedepszypper verifyrevdep-rebuild
Only downloads the given package(s) without unpacking or installing thempacman -Swyumdownloader (found in yum-utils package)apt-get --download-onlyzypper --download-onlyemerge --fetchonly
Remove dependencies that are no longer needed, because e.g. the package which needed the dependencies was removed.pacman -Qdtq | pacman -Rs -package-cleanup --leavesapt-get autoremoven/aemerge --depclean
Downloads the corresponding source package(s) to the given package name(s)Use ABS && makepkg -oyumdownloader --sourceapt-get sourcezypper source-installemerge --fetchonly
Remove packages no longer included in any repositories.package-cleanup --orphans
Install/Remove packages to satisfy build-dependencies. Uses information in the source package.automaticyum-builddepapt-get build-depzypper si -demerge -o
Add a package lock rule to keep its current state from being changed${EDITOR} /etc/pacman.conf
modify IgnorePkg array
yum.conf <--”exclude” option (add/amend)echo "$PKGNAME hold" | dpkg --set-selectionsrug* lock-addPut package name in /etc/zypp/locks/etc/portage/package.mask
Delete a package lock ruleremove package from IgnorePkg line in /etc/pacman.confyum.conf <--”exclude” option (remove/amend)echo "$PKGNAME install" | dpkg --set-selectionsrug* lock-deleteRemove package name from /etc/zypp/locks/etc/portage/package.mask (or package.unmask)
Show a listing of all lock rulescat /etc/pacman.confyum.conf (research needed)/etc/apt/preferencesrug* lock-listView /etc/zypp/lockscat /etc/portage/package.mask
Add a checkpoint to the package system for later rollback(unnecessary, done on every transaction)rug* checkpoint-addn/a
Remove a checkpoint from the systemN/AN/Arug* checkpoint-removen/a
Provide a list of all system checkpointsN/Ayum history listrug* checkpointsn/a
Rolls entire packages back to a certain date or checkpoint.N/Ayum history rollbackrug* rollbackn/a
Undo a single specified transaction.N/Ayum history undon/a
Package information management
Get a dump of the whole system information - Prints, Saves or similar the current state of the package management system. Preferred output is text or XML. One version of rug dumps information as a sqlite database. (Note: Why either-or here? No tool offers the option to choose the output format.)(see /var/lib/pacman/local)(see /var/lib/rpm/Packages)apt-cache statsrug dumpn/aemerge --info
Show all or most information about a package. The tools\' verbosity for the default command vary. But with options, the tools are on par with each other.pacman -[S|Q]iyum list or infoapt-cache showpkg apt-cache showrug infozypper info zypper ifemerge -S; emerge -pv; eix
Search for package(s) by searching the expression in name, description, short description. What exact fields are being searched by default varies in each tool. Mostly options bring tools on par.pacman -Ssyum searchapt-cache searchrug searchzypper search zypper se [-s]emerge -S
Lists packages which have an update available. Note: Some provide special commands to limit the output to certain installation sources, others use options.pacman -Quyum list updates yum check-updateapt-get upgrade -> nrug list-updates rug summaryzypper list-updates zypper patch-check (just for patches)emerge -uDNp world
Display a list of all packages in all installation sources that are handled by the packages management. Some tools provide options or additional commands to limit the output to a specific installation source.pacman -Slyum list availableapt-cache dumpavail apt-cache dump (Cache only) apt-cache pkgnamesrug packageszypper packagesemerge -ep world
Displays packages which provide the given exp. aka reverse provides. Mainly a shortcut to search a specific field. Other tools might offer this functionality through the search command.pkgfile yum whatprovides yum providesapt-file search rug what-provideszypper what-provides    zypper wpequery belongs (only installed packages); pfl
Display packages which require X to be installed, aka show reverse/ dependencies. rug\'s what-requires can operate on more than just package names.pacman -Qiyum resolvedepapt-cache rdependsrug what-requiresIN PROGRESSequery depends
Display packages which conflict with given expression (often package). Search can be used as well to mimic this function. rug\'s what-conflicts function operates on more than just package names(none)repoquery --whatconflictsrug info-conflicts rug what-conflictsIN PROGRESS
List all packages which are required for the given package, aka show dependencies.pacman -[S|Q]iyum deplistapt-cache dependsrug info-requirementsIN PROGRESSemerge -ep
List what the current package providesyum providesrug info-providesIN PROGRESS
List the files that the package holds. Again, this functionality can be mimicked by other more complex commands.pacman -Ql $pkgname
pkgfile -l
yum providesapt-file listrug* file-listIN PROGRESSequery files
List all packages that require a particular packagerepoquery --whatrequires [--recursive]
Search all packages to find the one which holds the specified file. auto-apt is using this functionality.pkgfile -syum provides yum whatprovidesapt-file searchrug* package-file rug what-providesIN PROGRESSequery belongs
Display all packages that the specified packages obsoletes.yum list obsoletesapt-cache / greprug info-obsoletesIN PROGRESS
Verify dependencies of the complete system. Used if installation process was forcefully killed.testdbyum deplistapt-get check ? apt-cache unmetrug verify rug* dangling-requiresn/aemerge -uDN world
Generates a list of installed packagespacman -Qyum list installedapt-cache --installedzypperemerge -ep world
List packages that are installed but are not available in any installation source (anymore).pacman -Qmyum list extrasn/a
List packages that were recently added to one of the installation sources, i.e. which are new to it. Note: Synaptic has this functionality, however apt doesn\'t seem to be the provider.(none)yum list recentn/a
Show a log of actions taken by the software /var/log/pacman.logyum history cat /var/log/yum.logcat /var/log/dpkg.logrug historycat /var/log/zypp/historylocated in /var/log/portage
Clean up all local caches. Options might limit what is actually cleaned. Autoclean removes only unneeded, obsolete information.pacman -Sc
pacman -Scc
yum cleanapt-get clean apt-get autocleanzypper cleaneclean distfiles
Add a local package to the local package cache mostly for debugging purposes.cp $pkgname /var/cache/pacman/pkg/apt-cache addn/acp $srcfile /usr/portage/distfiles
Display the source package to the given package name(s)repoquery -sapt-cache showsrcn/a
Generates an output suitable for processing with dotty for the given package(s).apt-cache dottyn/a
Set the priority of the given package to avoid upgrade, force downgrade or to overwrite any default behavior. Can also be used to prefer a package version from a certain installation source.${EDITOR} /etc/pacman.conf
Modify HoldPkg and/or IgnorePkg arrays
yum-plugin-priorities and yum-plugin-protect-packages/etc/apt/preferences smart priority –setzypper mr -p${EDITOR} /etc/portage/package.keywords
Add a line with =category/package-version
Remove a previously set priority/etc/apt/preferences smart priority --removezypper mr -p${EDITOR} /etc/portage/package.keywords
remove offending line
Show a list of set priorities.apt-cache policy /etc/apt/preferences smart priority --shown/acat /etc/portage/package.keywords
Ignores problems that priorities may trigger.n/a
Installation sources management${EDITOR} /etc/pacman.conf${EDITOR} /etc/yum.repos.d/${REPO}.repo
Add an installation source to the system. Some tools provide additional commands for certain sources, others allow all types of source URI for the add command. Again others, like apt and yum force editing a sources list. apt-cdrom is a special command, which offers special options design for CDs/DVDs as source.${EDITOR} /etc/pacman.conf${EDITOR} /etc/yum.repos.d/${REPO}.repoapt-cdrom addrug service-add rug mount /local/dirzypper service-addlayman, overlays
Refresh the information about the specified installation source(s) or all installation sources.pacman -Syyum clean expire-cache && yum check-updateapt-get updaterug refreshzypper refresh zypper reflayman -f
Prints a list of all installation sources including important information like URI, alias /etc/pacman.d/mirrorlistcat /etc/yum.repos.d/*rug service-listzypper service-list
Disable an installation source for an operationyum --disablerepo=${REPO}
Download packages from a different version of the distribution than the one installed.yum --releasever=${VERSION}
Other commands
Start a shell Start a shell to enter multiple commands in one sessionyum shellapt-config shellzypper shell
Package Verification
Single packagerpm -V debsumsrpm -V rpm -V equery check
All packagesrpm -Vadebsumsrpm -Varpm -Vaequery check
Package Querying
List installed local packages along with versionpacman -Qrpm -qadpkg-query -lemerge -e world
Display package information: Name, version, description, etc.pacman -Qirpm -qidpkg-query -pemerge -pv and emerge -S
Display files provided by packagepacman -Qlrpm -ql (installed only) or repoquery -l (everything)dpkg-query -Lequery files
Query the package which provides FILEpacman -Qorpm -qf (installed only) or yum whatprovides (everything)dpkg-query -Sequery belongs
Query a package supplied on the command line rather than an entry in the package management databasepacman -Qprpm -qpdpkg-deb -I
Show the changelog of a packagepacman -Qcrpm -q --changelogequery changes -f
Search within installed packagespacman -Qsrpm -qa | grep fooeix -I
Building Packages
Build a packagemakepkg -srpmbuild -ba (normal) mock (in chroot)dpkg-buildpkgrpmbuild -barpmbuild -ba
Check for possible packaging issuesrpmlintlintian
List the contents of a package filerpmls rpm -qplrpm -qplrpm -qpl
Extract a packagetar -Jxvfrpm2cpio | cpio -vidar vx | tar -zxvf data.tar.gzrpm2cpio | cpio -vidrpm2cpio | cpio -vid
Query a package supplied on the command line rather than an entry in the package management databasepacman -Qprpm -qp


Wednesday, January 25, 2012

Set Up Rsyslog and LogAnalyzer on CentOS Linux 5.5 for Centralized Logging

SkyHi @ Wednesday, January 25, 2012
LogAnalyzer is a web based program that allows you to view event messages from a syslog source within your web browser.  Rsyslog is a drop in replacement for the syslog daemon that among other things allows syslog messages to be saved in a MySQL database.  Combining these two great programs and directing other network devices to forward syslog messages to a central server allows for a very powerful solution for searching and archiving event messages that occur throughout your network environment.  In this example I will install rsyslog on a CentOS Linux 5.5 server to aggregate and collect syslog messages and configure LogAnalyzer on the same server to allow for a user friendly interface for viewing and searching through these messages.
First we need to install some required RPM’s.  Since I am running LogAnalyzer, Rsyslog, and MySQL all on the same server I will install these required packages:

# yum install httpd php mysql php-mysql mysql-server wget rsyslog rsyslog-mysql

Now we’ll make sure MySQL and Apache are configured to start automatically and start them up:

# chkconfig mysqld on
# chkconfig httpd on
# service mysqld start
# service httpd start

By default the MySQL root database user is blank so for security we should set it now:

# mysqladmin -u root password NewPassword

Now let’s import the database schema for the rsyslog database into MySQL.  You may need to adjust the path to your “createDB.sql” file below if the rsyslog version has been updated.

# mysql -u root -p < /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql

It is best practice to limit database access for applications, so now we’ll set up a user specifically for LogAnalyzer and rsyslog that we’ll use to access the newly created rsyslog database.  For even greater security you may want to set up separate accounts for both rsyslog and LogAnalyzer, since LogAnalyzer is only viewing the rsyslog database fewer privileges like select should be needed.  For my environment using the same user is adequate.  Notice with MySQL you can make access very granular and specify to only allow the rsyslog user database access from the localhost.  Also we’ll execute the “flush privileges” MySQL command to activate our permissions changes immediately.

# mysql -u root -p mysql
mysql> GRANT ALL ON Syslog.* TO rsyslog@localhost IDENTIFIED BY 'Password';
mysql> flush privileges;
mysql> exit

Now it is time to edit the”/etc/rsyslog.conf” file.  We’ll include information that will allow us to log syslog messages from rsyslog into the MySQL database.  The first line loads the MySQL driver.  The second line allows us to specify to log messages from the “authpriv” facility with all severities, which includes most log in/out messages and switch user events.  If I wanted to log all messages to MySQL I would specify *.*.  I have identified the MySQL database server to log to as, Syslog is the name of the MySQL database, and finally I have specified my MySQL rsyslog username and password.  To specify additional syslog facility/severity combinations add them to the front of the second line and separate each combination with a semicolon (mail.*;authpriv.* :ommysql…).  Remember that when you specify a severity that is the minimum level which will be logged, anything with a higher severity will also be logged.  Add the code to the top of the file:

$ModLoad ommysql
authpriv.* :ommysql:,Syslog,rsyslog,Password

Now it’s time to shut down and disable the existing syslog daemon and enable and start up rsyslog:

# chkconfig syslog off
# service syslog stop
# chkconfig rsyslog on
# service rsyslog start

It is now time to go out to the web and download LogAnalyzer.  To find information on the latest release go to
Or to download directly to your Linux server the version I am using enter this (wget is required):

# cd ~
# wget

Unzip and untar the LogAnalyzer files:

# tar zxvf loganalyzer-3.0.0.tar.gz

Now it is time to move various files and subdirectories to your Apache web document root.  In this example I am assuming that this is still the Apache default of “/var/www/html”.

# mv loganalyzer-3.0.0/src /var/www/html/loganalyzer
# mv loganalyzer-3.0.0/contrib/* /var/www/html/loganalyzer/

Change to new LogAnalyzer web subdirectory, modify the file permissions on two scripts, and run the script.  This will create a blank config.php file which will be have information added during the web portion of the configuration.

# cd /var/www/html/loganalyzer
# chmod u+x
# ./

(Page 2)
Now some additional configuration of LogAnalyzer is required in the web browser.  Point your browser out to your server and the LogAnalyzer subdirectory, in my case it ishttp://web1/loganalyzer.
In the middle under Critical Error click “here” in the “Click here to Install” line.
Click Next.
Click Next.
Click Next unless you want to set different display options.
Now you’ll need to specify the Database Host, Name, Tablename, User and Password to give LogAnalyzer access to the rsyslog table created in MySQL.  Click Next when you’ve specified the correct information.
Finally click Finish.
If you have specified everything correctly you will now be presented with the main LogAnalyzer page that will list the syslog messages as they are received.  You may need to generate some messages for something to be displayed.  In my case since I am logging everything from the “authpriv” facility, simply logging in/out of the Linux console or run switch user (su) on this server and some new messages should appear on the screen (you may need to refresh the page).

(Page 3)
Configuring Rsyslog for Remote Logging
Now we’ll configure our rsyslog server to allow acceptance of syslog messages from other network devices.  First we need to configure the firewall to allow inbound traffic on port 514.  In this example I will add two rules to allow traffic via TCP and UDP.  Syslog by default only allows for message transmission through UDP but rsyslog adds TCP for more reliable message transmission.  Add these rules to “/etc/sysconfig/iptables”:

-A RH-Firewall-1-INPUT -p udp -m udp --dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 514 -j ACCEPT

Now restart the iptables firewall:

# service iptables restart

We need to add code to allow rsyslog to accept messages from remote syslog hosts.  Basically we’ll specify to accept messages via TCP and UDP from the localhost and hosts on the subnet.  Add these lines near the top of the “/etc/rsyslog.conf” file above the code that we added previously related to MySQL.

$AllowedSender UDP,,
$AllowedSender TCP,,

At one point there was a bug in rsyslog which prevented the above lines from working and syslog messages were accepted from all senders.  This appears to be corrected now.  Another possibility to limit accepted senders is to place limits through the port 514 rule sets that we defined earlier in the iptables firewall configuration file.
Don’t forget to restart rsyslog on the central server:

# service rsyslog restart

Now we need to configure a remote client to send messages to our new centralized rsyslog server.  If the client is also running rsyslog, add an entry like this to it’s “/etc/rsyslog.conf” file.  In this case I will specify again to send all messages from the “authpriv” facility to my rsyslog server, who’s IP address I have also entered.

authpriv.*                                              @

Restart rsyslog on the client and log in/out or switch user in the console of the Linux client machine.  With luck the syslog messages from the client will appear on the LogAnalyzer web page!