The Top 10 WordPress Security Tips


With WordPress running on one in five websites, it comes as no surprise that these sites are a popular wordpress hosting target for experienced hackers and script-kiddies alike.

WordPress sites are notoriously lacking when it comes to security, often due to the insufficient security expertise of the developer, or the use of the many potentially insecure plugins available. For example, in 2013, around 90,000 WordPress sites were hijacked for use in a botnet. They are also a popular target for malware.

The following are the top 10 measures that can be taken to address some basic security holes or malpractices that are commonly present in thousands of WordPress sites today:

1. Run the Latest Version of WordPress

Running the latest version of any software is probably the most obvious security measure that should be taken. However, with over 86% of WordPress installations running outdated versions, this point can’t be stressed enough. Each update not only brings with it new features, but more importantly, bug fixes and security fixes. These help your site remain safe against easy-to-exploit vulnerabilities.

2. Run the Latest Versions of Themes and Plugins

However, running the latest version of WordPress is not enough – your site’s plugins and themes blogging could still contain vulnerabilities that can compromise security. Recently, for example, an older version of Slider Revolution, a very popular WordPress plugin that is used by a virtual private servers large number of WordPress themes sold on the Envato Market, allowed malicious users to steal database credentials.

3. Be Selective When Choosing Plugins and Themes

Plugin enumeration easily allows attackers to discover what plugins your WordPress site is using. By avoiding the installation of unnecessary plugins you automatically reduce your site’s attack surface. When choosing which plugins and themes to use, be selective. Before installation, read up and check how many downloads they have and when they were last updated.

4. Remove Inactive Users

Users, especially administrators and others which have the ability to modify content, are among the weakest points of any site because, unfortunately, most users choose weak passwords. If you absolutely need to keep inactive users in your WordPress database, change their role to ‘subscriber’ in order to limit their actions.

“Running the latest version of WordPress is not enough – your site’s plugins and themes could still contain vulnerabilities”

5. Prevent Directory Listing

Directory listing occurs when the web server does not find an index file (i.e. an index.php or index.html) – and, if directory listing is turned on, the server will display an HTML page listing its contents. This could be used to exploit a vulnerability in a WordPress plugin, theme, or even the web server itself.

6. Use Complex Security Keys

WordPress makes use of a set of long, random and complex security keys. A security key functions similarly to a very strong password or passphrase and should contain elements that make it harder to generate enough options to crack. You can either make your own random keys, or you can use web hosting WordPress’ online key generator.

7. Restrict Access to wp-admin Directory

Password protecting your WordPress admin area through a layer of HTTP authentication is an effective measure to thwart attackers attempting to guess users’ passwords.

8. Disable File Editing

By default, WordPress allows administrative users to edit PHP files of plugins and themes inside the admin interface. This is often the first thing an attacker would look for if they manage to gain access to an administrative account since this functionality allows code execution on the server, so disabling it enhances security.

9. Enable HTTPS for all Logins and wp-admin

HTTPS is usually synonymous with shopping carts and internet banking, but in reality, it should be used whenever a user is passing sensitive information to the web server and vice-versa. TLS/SSL may significantly consume server resources depending on traffic, consequently it is not required for the entire site. However, WordPress’ login form and admin area are probably the most sensitive areas of a site and therefore it is strongly advised that TLS/SSL is enforced here.

10. Restrict Direct Access to Plugin and Theme PHP files

Allowing direct access to PHP files can be dangerous. Some plugins and PHP files can contain PHP files that are not designed to be called directly, causing the PHP interpreter to display errors or warnings which may lead to information disclosure. Additionally, restricting direct access to PHP files prevents attackers from bypassing security measures (such as authentication) when code is split up into smaller files.

Aim to follow these basic measures to keep your WordPress sites safe – they are a good starting point in making security a top, domain names and ongoing, priority.

Top 10 WordPress Tips


With wordpress WordPress running on one in five websites, it comes as no surprise that these sites are a popular target for experienced hackers and script-kiddies alike.

WordPress sites are notoriously lacking when it comes to security, often due to the insufficient security expertise of the developer, or web hosting the use of the many potentially insecure plugins available. For example, in 2013, around 90,000 WordPress sites were hijacked for use in a botnet. They are also a popular target for malware.

The following are the top 10 measures that can be taken to address some basic security holes or malpractices that are commonly present in thousands of WordPress sites today:

1. Run the Latest Version of WordPress

Running the latest version of any software is probably the most obvious security measure that should be taken. However, with over 86% of WordPress installations running outdated versions, this point can’t be stressed enough. Each update not only brings with it new features, but more importantly, bug fixes and security fixes. These help your site remain safe against easy-to-exploit vulnerabilities.

2. Run the Latest Versions of Themes and Plugins

However, running the latest version of WordPress is not enough – your site’s plugins and themes could still contain vulnerabilities that can compromise security. Recently, for example, an older version of Slider Revolution, a very popular WordPress cloud hosting plugin that is used by a large number of WordPress themes sold wordpress on the Envato Market, allowed malicious users to steal database credentials.

3. Be Selective When Choosing Plugins and Themes

Plugin enumeration easily allows attackers to discover what plugins your WordPress site is using. By avoiding the installation of unnecessary plugins you automatically reduce your site’s attack surface. When choosing which plugins and themes to use, be selective. Before installation, read up and check how many downloads they have and when they were last updated.

4. Remove Inactive Users

Users, especially administrators and others which have the ability to modify content, are among the weakest points of any site because, unfortunately, most users choose weak passwords. If you absolutely need to keep inactive users in your WordPress database, change their role to ‘subscriber’ in order to limit their actions.

“Running the latest version of WordPress is not enough – your site’s plugins and themes could still contain vulnerabilities”

5. Prevent Directory Listing

Directory listing occurs when the web server does not find an index file (i.e. an index.php or index.html) – and, if directory listing is turned on, the server will display an HTML page listing its contents. This could be used to exploit a vulnerability in a WordPress plugin, theme, or even the web server itself.

6. Use website hosting Complex Security Keys

WordPress makes use of a set of long, random and complex security keys. A security key functions similarly to a very strong password or passphrase and should contain elements that make it harder to generate enough options to crack. You can either make your own random keys, or you can use WordPress’ online key generator.

7. Restrict Access to wp-admin Directory

Password protecting your WordPress admin area through a layer of HTTP authentication is an effective measure to thwart attackers attempting to guess users’ passwords.

8. Disable File Editing

By default, WordPress allows administrative users to edit PHP files of plugins and themes inside the admin interface. This is often the first thing an attacker would look for if they manage to gain access to an administrative account since this functionality allows code execution on the server, so disabling it enhances security.

9. Enable HTTPS for all Logins and wp-admin

HTTPS is usually synonymous with shopping carts and internet banking, but in reality, it should be used whenever a user is passing sensitive information to the web server and vice-versa. TLS/SSL may significantly consume server resources depending on traffic, consequently it is not required for the entire site. However, WordPress’ login form and admin area are probably the most sensitive areas of a site and therefore it is strongly advised that TLS/SSL is enforced here.

10. Restrict Direct Access to Plugin and Theme PHP files

Allowing direct access to PHP files can be dangerous. Some plugins and PHP files can contain PHP files that are not designed to be called directly, causing the PHP interpreter to display errors or warnings which may lead to information disclosure. Additionally, restricting direct access to PHP files prevents attackers from bypassing security measures (such as authentication) when code is split up into smaller files.

Aim to follow these basic measures to keep your WordPress sites safe – they are a good starting virtual private servers point in making security a top, and ongoing, priority.

Using the apt Command

Debian based systems (including Ubuntu) uses apt-* commands for managing packages from the command line.

In this article, using Apache 2 installation as an example, let us review how to use apt-* commands to view, install, remove, or upgrade packages.

1. apt-cache search: Search Repository Using Package Name

If you are installing Apache 2, you may guess that the package name is apache2.  To verify whether it is a valid package name, you may want to search the repository for that particular package name as shown below.

The following example shows how to search the repository for a specific package name.

$ apt-cache search ^apache2$
apache2 - Apache HTTP Server metapackage

2. apt-cache search: Search Repository Using Package Description

If you don’t know the exact name of the package, you can still search using the package description as shown below.

$ apt-cache search "Apache HTTP Server"
apache2 - Apache HTTP Server metapackage
apache2-doc - Apache HTTP Server documentation
apache2-mpm-event - Apache HTTP Server - event driven model
apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
apache2-mpm-worker - Apache HTTP Server - high speed threaded model
apache2.2-common - Apache HTTP Server common files

3. apt-file search: Search Repository Using a Filename from the Package

Sometimes you may know the configuration file name (or) the executable name from the package that you would like to install.

The following example shows that apache2.conf file is part of the apache2.2-common package. Search the repository with a configuration file name using apt-file command as shown below.

$ apt-file search apache2.conf
apache2.2-common: /etc/apache2/apache2.conf
apache2.2-common: /usr/share/doc/apache2.2-common/examples/apache2/apache2.conf.gz

4. apt-cache show: Basic Information About a Package

Following example displays basic information about apache2 package.

$ apt-cache show apache2
Package: apache2
Priority: optional
Maintainer: Ubuntu Core Developers
Original-Maintainer: Debian Apache Maintainers
Version: 2.2.11-2ubuntu2.3
Depends: apache2-mpm-worker (>= 2.2.11-2ubuntu2.3)
 | apache2-mpm-prefork (>= 2.2.11-2ubuntu2.3)
 | apache2-mpm-event (>= 2.2.11-2ubuntu2.3)
Filename: pool/main/a/apache2/apache2_2.2.11-2ubuntu2.3_all.deb
Size: 46350
Description: Apache HTTP Server metapackage
 The Apache Software Foundation's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software.
Homepage: http://httpd.apache.org/

5. apt-cache showpkg: Detailed Information About a Package

“apt-cache show” displays basic information about a package. Use “apt-cache showpkg” to display detailed information about a package as shown below.

$ apt-cache showpkg apache2
Package: apache2
Versions:
2.2.11-2ubuntu2.3 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_jaunty-updates_main_binary-i386_Packages) (/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_jaunty-security_main_binary-i386_Packages)
 Description Language:
                 File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_jaunty-updates_main_binary-i386_Packages
                  MD5: d24f049cd70ccfc178dd8974e4b1ed01
Reverse Depends:
  squirrelmail,apache2
  squid3-cgi,apache2
  phpmyadmin,apache2
  mahara-apache2,apache2
  ipplan,apache2
Dependencies:
  2.2.11-2ubuntu2.3 - apache2-mpm-worker (18 2.2.11-2ubuntu2.3) apache2-mpm-prefork (18 2.2.11-2ubuntu2.3) apache2-mpm-event (2 2.2.11-2ubuntu2.3)
  2.2.11-2ubuntu2 - apache2-mpm-worker (18 2.2.11-2ubuntu2) apache2-mpm-prefork (18 2.2.11-2ubuntu2) apache2-mpm-event (2 2.2.11-2ubuntu2)
Provides:
  2.2.11-2ubuntu2.3 -
  2.2.11-2ubuntu2 -
Reverse Provides:
  apache2-mpm-itk 2.2.6-02-1build4.3
  apache2-mpm-worker 2.2.11-2ubuntu2.3
  apache2-mpm-prefork 2.2.11-2ubuntu2.3
  apache2-mpm-prefork 2.2.11-2ubuntu2
  apache2-mpm-event 2.2.11-2ubuntu2

6. apt-file list: List all the Files Located Inside a Package

Use “apt-file list” to display all the files located inside the apache2 package as shown below.

$ apt-file list apache2 | more
apache2: /usr/share/bug/apache2/control
apache2: /usr/share/bug/apache2/script
apache2: /usr/share/doc/apache2/NEWS.Debian.gz
apache2: /usr/share/doc/apache2/README.Debian.gz
apache2: /usr/share/doc/apache2/changelog.Debian.gz
...

7. apt-cache depends: List all Dependent Packages

Before installation, if you like to view all the dependent packages, use “apt-cache depends” as shown below.

$ apt-cache depends apache2
apache2
 |Depends: apache2-mpm-worker
 |Depends: apache2-mpm-prefork
  Depends: apache2-mpm-event

8. dpkg -l: Is the Package Already Installed?

Before installing a package, you may want to make sure it is not already installed as shown below using dpkg -l command.

$ dpkg -l | grep -i apache

9. apt-get install: Install a Package

Finally, install the package using “apt-get install” as shown below.

$ sudo apt-get install apache2
[sudo] password for ramesh: 

The following NEW packages will be installed:
  apache2 apache2-mpm-worker apache2-utils apache2.2-common libapr1
  libaprutil1 libpq5

0 upgraded, 7 newly installed, 0 to remove and 26 not upgraded.

10. dpkg -l : Verify Whether the Package got Successfully Installed

After installing the package, use “dpkg -l” to make sure it got installed successfully.

$ dpkg -l | grep apache
ii  apache2             2.2.11-2ubuntu2.3  Apache HTTP Server metapackage
ii  apache2-mpm-worker  2.2.11-2ubuntu2.3  Apache HTTP Server - high speed threaded mod
ii  apache2-utils       2.2.11-2ubuntu2.3  utility programs for webservers
ii  apache2.2-common    2.2.11-2ubuntu2.3  Apache HTTP Server common files

11. apt-get remove: Delete a Package

Use “apt-get purge” or “apt-get remove” to delete a package as shown below.

$ sudo apt-get purge apache2

(or)

$ sudo apt-get remove apache2

The following packages were automatically installed and are no longer required:
  apache2-utils linux-headers-2.6.28-11 libapr1 apache2.2-common
  linux-headers-2.6.28-11-generic apache2-mpm-worker libpq5 libaprutil1

Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
  apache2
0 upgraded, 0 newly installed, 1 to remove and 26 not upgraded.
Removing apache2 ...
  • apt-get remove will not delete the configuration files of the package
  • apt-get purge will delete the configuration files of the package

12. apt-get -u install: Upgrade a Specific Package

The following example shows how to upgrade one specific package.

$ sudo apt-get -u install apache2
Reading package lists... Done
Building dependency tree
Reading state information... Done
apache2 is already the newest version.
The following packages were automatically installed and are no longer required:
  linux-headers-2.6.28-11 linux-headers-2.6.28-11-generic
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 26 not upgraded.

13. apt-get -u upgrade: Upgrade all Packages

To upgrade all the packages to it’s latest version, use “apt-get -u upgrade” as shown below.

$ sudo apt-get -u upgrade
The following packages will be upgraded:
  libglib2.0-0 libglib2.0-data libicu38 libsmbclient libwbclient0
  openoffice.org-base-core openoffice.org-calc openoffice.org-common
  openoffice.org-core openoffice.org-draw openoffice.org-emailmerge
  openoffice.org-gnome openoffice.org-gtk openoffice.org-impress
  openoffice.org-math openoffice.org-style-human openoffice.org-writer
  python-uno samba-common smbclient ttf-opensymbol tzdata
26 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Using the netstat Command

Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc.,

In this article, let us review 10 practical unix netstat command examples.

1. List All Ports (both listening and non listening ports)

List all ports using netstat -a

# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:30037         *:*                     LISTEN
udp        0      0 *:bootpc                *:*                                

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     6135     /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     5140     /var/run/acpid.socket

List all tcp ports using netstat -at

# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:30037         *:*                     LISTEN
tcp        0      0 localhost:ipp           *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN

List all udp ports using netstat -au

# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 *:bootpc                *:*
udp        0      0 *:49119                 *:*
udp        0      0 *:mdns                  *:*

2. List Sockets which are in Listening State

List only listening ports using netstat -l

# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:ipp           *:*                     LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN
udp        0      0 *:49119                 *:*

List only listening TCP Ports using netstat -lt

# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:30037         *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN

List only listening UDP Ports using netstat -lu

# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 *:49119                 *:*
udp        0      0 *:mdns                  *:*

List only the listening UNIX Ports using netstat -lx

# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     6294     private/maildrop
unix  2      [ ACC ]     STREAM     LISTENING     6203     public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     6302     private/ifmail
unix  2      [ ACC ]     STREAM     LISTENING     6306     private/bsmtp

3. Show the statistics for each protocol

Show statistics for all ports using netstat -s

# netstat -s
Ip:
    11150 total packets received
    1 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    11149 incoming packets delivered
    11635 requests sent out
Icmp:
    0 ICMP messages received
    0 input ICMP message failed.
Tcp:
    582 active connections openings
    2 failed connection attempts
    25 connection resets received
Udp:
    1183 packets received
    4 packets to unknown port received.
.....

Show statistics for TCP (or) UDP ports using netstat -st (or) -su

# netstat -st

# netstat -su

4. Display PID and program names in netstat output using netstat -p

netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.

# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        1      0 ramesh-laptop.loc:47212 192.168.185.75:www        CLOSE_WAIT  2109/firefox
tcp        0      0 ramesh-laptop.loc:52750 lax:www ESTABLISHED 2109/firefox

5. Don’t resolve host, port and user name in netstat output

When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.

This also speeds up the output, as netstat is not performing any look-up.

# netstat -an

If you don’t want only any one of those three items ( ports, or hosts, or users ) to be resolved, use following commands.

# netsat -a --numeric-ports

# netsat -a --numeric-hosts

# netsat -a --numeric-users

6. Print netstat information continuously

netstat will print information continuously every few seconds.

# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 ramesh-laptop.loc:36130 101-101-181-225.ama:www ESTABLISHED
tcp        1      1 ramesh-laptop.loc:52564 101.11.169.230:www      CLOSING
tcp        0      0 ramesh-laptop.loc:43758 server-101-101-43-2:www ESTABLISHED
tcp        1      1 ramesh-laptop.loc:42367 101.101.34.101:www      CLOSING
^C

7. Find the non supportive Address families in your system

netstat --verbose

At the end, you will have something like this.

	netstat: no support for `AF IPX' on this system.
	netstat: no support for `AF AX25' on this system.
	netstat: no support for `AF X25' on this system.
	netstat: no support for `AF NETROM' on this system.

8. Display the kernel routing information using netstat -r

# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     *               255.255.255.0   U         0 0          0 eth2
link-local      *               255.255.0.0     U         0 0          0 eth2
default         192.168.1.1     0.0.0.0         UG        0 0          0 eth2

Note: Use netstat -rn to display routes in numeric format without resolving for host-names.

9. Find out on which port a program is running

# netstat -ap | grep ssh
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        1      0 dev-db:ssh           101.174.100.22:39213        CLOSE_WAIT  -
tcp        1      0 dev-db:ssh           101.174.100.22:57643        CLOSE_WAIT  -

Find out which process is using a particular port:

# netstat -an | grep ':80'

10. Show the list of network interfaces

# netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
eth2       1500 0     26196      0      0 0         26883      6      0      0 BMRU
lo        16436 0         4      0      0 0             4      0      0      0 LRU

Display extended information on the interfaces (similar to ifconfig) using netstat -ie:

# netstat -ie
Kernel Interface table
eth0      Link encap:Ethernet  HWaddr 00:10:40:11:11:11
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Memory:f6ae0000-f6b00000

Using the RPM command

RPM command is used for installing, uninstalling, upgrading, querying, listing, and checking RPM packages on your Linux system.

RPM stands for Red Hat Package Manager.

With root privilege, you can use the rpm command with appropriate options to manage the RPM software packages.

In this article, let us review 15 practical examples of rpm command.

Let us take an rpm of Mysql Client and run through all our examples.

1. Installing a RPM package Using rpm -ivh

RPM filename has packagename, version, release and architecture name.

For example, In the MySQL-client-3.23.57-1.i386.rpm file:

  • MySQL-client – Package Name
  • 3.23.57 – Version
  • 1 – Release
  • i386 – Architecture

When you install a RPM, it checks whether your system is suitable for the software the RPM package contains, figures out where to install the files located inside the rpm package, installs them on your system, and adds that piece of software into its database of installed RPM packages.

The following rpm command installs Mysql client package.

# rpm -ivh  MySQL-client-3.23.57-1.i386.rpm
Preparing...                ########################################### [100%]
   1:MySQL-client           ########################################### [100%]

rpm command and options

  • -i : install a package
  • -v : verbose
  • -h : print hash marks as the package archive is unpacked.

You can also use dpkg on Debian, pkgadd on Solaris, depot on HP-UX to install packages.

2. Query all the RPM Packages using rpm -qa

You can use rpm command to query all the packages installed in your system.

# rpm -qa
cdrecord-2.01-10.7.el5
bluez-libs-3.7-1.1
setarch-2.0-1.1
.
.
  • -q query operation
  • -a queries all installed packages

To identify whether a particular rpm package is installed on your system, combine rpm and grep command as shown below. Following command checks whether cdrecord package is installed on your system.

# rpm -qa | grep 'cdrecord'

3. Query a Particular RPM Package using rpm -q

The above example lists all currently installed package. After installation of a package to check the installation, you can query a particular package and verify as shown below.

# rpm -q MySQL-client
MySQL-client-3.23.57-1

# rpm -q MySQL
package MySQL is not installed

Note: To query a package, you should specify the exact package name. If the package name is incorrect, then rpm command will report that the package is not installed.

4. Query RPM Packages in a various format using rpm –queryformat

Rpm command provides an option –queryformat, which allows you to give the header tag names, to list the packages. Enclose the header tag with in {}.

# rpm -qa --queryformat '%{name-%{version}-%{release} %{size}\n'
cdrecord-2.01-10.7 12324
bluez-libs-3.7-1.1 5634
setarch-2.0-1.1 235563
.
.

#

5. Which RPM package does a file belong to? – Use rpm -qf

Let us say, you have list of files and you would want to know which package owns all these files. rpm command has options to achieve this.

The following example shows that /usr/bin/mysqlaccess file is part of the MySQL-client-3.23.57-1 rpm.

# rpm -qf /usr/bin/mysqlaccess
MySQL-client-3.23.57-1
  • -f : file name

6. Locate documentation of a package that owns file using rpm -qdf

Use the following to know the list of documentations, for a package that owns a file. The following command, gives the location of all the manual pages related to mysql package.

# rpm -qdf /usr/bin/mysqlaccess
/usr/share/man/man1/mysql.1.gz
/usr/share/man/man1/mysqlaccess.1.gz
/usr/share/man/man1/mysqladmin.1.gz
/usr/share/man/man1/mysqldump.1.gz
/usr/share/man/man1/mysqlshow.1.gz
  • -d : refers documentation.

7. Information about Installed RPM Package using rpm -qi

rpm command provides a lot of information about an installed pacakge using rpm -qi as shown below:

# rpm -qi MySQL-client
Name        : MySQL-client                 Relocations: (not relocatable)
Version     : 3.23.57                           Vendor: MySQL AB
Release     : 1                             Build Date: Mon 09 Jun 2003 11:08:28 PM CEST
Install Date: Mon 06 Feb 2010 03:19:16 AM PST               Build Host: build.mysql.com
Group       : Applications/Databases        Source RPM: MySQL-3.23.57-1.src.rpm
Size        : 5305109                          License: GPL / LGPL
Signature   : (none)
Packager    : Lenz Grimmer
URL         : http://www.mysql.com/
Summary     : MySQL - Client
Description : This package contains the standard MySQL clients.

If you have an RPM file that you would like to install, but want to know more information about it before installing, you can do the following:

# rpm -qip MySQL-client-3.23.57-1.i386.rpm
Name        : MySQL-client                 Relocations: (not relocatable)
Version     : 3.23.57                           Vendor: MySQL AB
Release     : 1                             Build Date: Mon 09 Jun 2003 11:08:28 PM CEST
Install Date: (not installed)               Build Host: build.mysql.com
Group       : Applications/Databases        Source RPM: MySQL-3.23.57-1.src.rpm
Size        : 5305109                          License: GPL / LGPL
Signature   : (none)
Packager    : Lenz Grimmer
URL         : http://www.mysql.com/
Summary     : MySQL - Client
Description : This package contains the standard MySQL clients.
  • -i : view information about an rpm
  • -p : specify a package name

8. List all the Files in a Package using rpm -qlp

To list the content of a RPM package, use the following command, which will list out the files without extracting into the local directory folder.

$ rpm -qlp ovpc-2.1.10.rpm
/usr/bin/mysqlaccess
/usr/bin/mysqldata
/usr/bin/mysqlperm
.
.
/usr/bin/mysqladmin
  • q : query the rpm file
  • l : list the files in the package
  • p : specify the package name

You can also extract files from RPM package using rpm2cpio as we discussed earlier.

9. List the Dependency Packages using rpm -qRP

To view the list of packages on which this package depends,

# rpm -qRp MySQL-client-3.23.57-1.i386.rpm
/bin/sh
/usr/bin/perl

10. Find out the state of files in a package using rpm -qsp

The following command is to find state (installed, replaced or normal) for all the files in a RPM package.

# rpm -qsp MySQL-client-3.23.57-1.i386.rpm
normal        /usr/bin/msql2mysql
normal        /usr/bin/mysql
normal        /usr/bin/mysql_find_rows
normal        /usr/bin/mysqlaccess
normal        /usr/bin/mysqladmin
normal        /usr/bin/mysqlbinlog
normal        /usr/bin/mysqlcheck
normal        /usr/bin/mysqldump
normal        /usr/bin/mysqlimport
normal        /usr/bin/mysqlshow
normal        /usr/share/man/man1/mysql.1.gz
normal        /usr/share/man/man1/mysqlaccess.1.gz
normal        /usr/share/man/man1/mysqladmin.1.gz
normal        /usr/share/man/man1/mysqldump.1.gz
normal        /usr/share/man/man1/mysqlshow.1.gz

11. Verify a Particular RPM Package using rpm -Vp

Verifying a package compares information about the installed files in the package with information about the files taken from the package metadata stored in the rpm database. In the following command, -V is for verification and -p option is used to specify a package name to verify.

# rpm -Vp MySQL-client-3.23.57-1.i386.rpm
S.5....T c        /usr/bin/msql2mysql
S.5....T c        /usr/bin/mysql
S.5....T c        /usr/bin/mysql_find_rows
S.5....T c        /usr/bin/mysqlaccess

The character in the above output denotes the following:

  • S file Size differs
  • M Mode differs (includes permissions and file type)
  • 5 MD5 sum differs
  • D Device major/minor number mismatch
  • L readlink(2) path mismatch
  • U User ownership differs
  • G Group ownership differs
  • T mTime differs

12. Verify a Package Owning file using rpm -Vf

The following command verify the package which owns the given filename.

# rpm -Vf /usr/bin/mysqlaccess
S.5....T c /usr/bin/mysql
#

13. Upgrading a RPM Package using rpm -Uvh

Upgrading a package is similar to installing one, but RPM automatically un-installs existing versions of the package before installing the new one. If an old version of the package is not found, the upgrade option will still install it.

# rpm -Uvh MySQL-client-3.23.57-1.i386.rpm
Preparing... 			########################################### [100%]
1:MySQL-client          ###########################################

14. Uninstalling a RPM Package using rpm -e

To remove an installed rpm package using -e as shown below. After uninstallation, you can query using rpm -qa and verify the uninstallation.

# rpm -ev MySQL-client

15. Verifying all the RPM Packages using rpm -Va

The following command verifies all the installed packages.

# rpm -Va
S.5....T c /etc/issue
S.5....T c /etc/issue.net
S.5....T c /var/service/imap/ssl/seed
S.5....T c /home/httpd/html/horde/ingo/config/backends.php
.
.
S.5....T c /home/httpd/html/horde/ingo/config/prefs.php
S.5....T c /etc/printcap

Australian Web Hosting at its finest

You’ve successfully registered a new AUSWEB web hosting account.

logo

Founded in 2002, AUSWEB connects thousands of Australian businesses to the internet, with our services ranging from shared web hosting to virtual private servers, dedicated servers and Enterprise Cloud Solutions.
With all our servers and network based in a Sydney TIER3 Data Center (Equinix/Alexandria), AUSWEB provides a reliable local alternative to your online business needs.

Whether you are just getting started with your first website or are an IT Professional, you’ll appreciate the speed and features we offer with our range of plans with the ability to manage all aspects of your web hosting from the popular and user friendly cPanel Hosting Control Panel.

Our web hosting solutions are targeted to the Australian online market and our Australian servers provide the fastest connection speeds possible, whilst our 99.9% uptime guarantee provides peace of mind.

Why host in Australia?

australia-amag-tags-225x300With an increase of developers and small business looking at offshore alternatives to house their websites, we felt compelled to be frank about the reasons why you should choose an Australian host.

The 4 main pointers are:

  1. Latency
  2. SEO
  3. Support
  4. Economy

1. Latency

What is latency?

As defined by the Freedictionary.com:

latency – the time that elapses between a stimulus and the response to it

The speed of downloading or uploading data is dictated by a sequence of handovers of data between various networks starting at your device.

Your device, via your ISP connects to the server, demands the data from the remote server and receives the data, which is then relayed back to you by a route from the server’s ISP back to you via your ISP in the same manner as the initial connection.

In other words, it is one big daisy chain, which wraps around the Earth. That photo you upload to a social network does trips around the world faster than Superman, before you can ask “What exactly did I do last weekend?”.

Often you may wonder why downloading information from your local ISP is so fast (often reaching the ISP’s advertised speed…it is possible!) whilst downloads of half the size from an overseas FTP site might sluggishly drag along for hours? This is because the physical connection to your local server is shorter – just like the way it is with your phone landline!

If your small and static website is hosted overseas, latency is minimal as the volume of information relayed to and from you and the server is quite small, even though noticeable.

However, imagine hosting a large-scale CRM solution, or perhaps an elaborate Java application, which uses high quantities of bandwidth to run. The amount of data sent to and from the server increases, creating a time lag/delay which may often be problematic enough to cause packet loss or timeouts for users accessing it.

In a mission critical scenario, this is something which no business can afford to experience.

2. SEO

Your address is in Australia, your phone number is in Australia. You advertise in Australia to Australian customers. You’ve launched your shiny new site and put on your cork hat…but wait! Google knows your site is in America and naively assumes that yankees are going to want to purchase your novelty BBQ aprons with the boxing kangaroo.

Having your site hosted either in Australian or overseas is going to be detrimental to your carefully planned and fine-tuned SEO.

3. Support

We all know that calling technical support is everybody’s least favourite thing to do during the day!

Should anything go wrong, you would want to get help from somebody who does business when you do business and speaks the way in which you do. No more staying up until 4am to get a remote reboot, or password reset. Voila.

Timezones and proximity to the data center are crucial when things go pearshaped and the last thing one needs is extended periods of downtime because the datacenter is remote to the callcenter. Or yet worse, when the datacenter staff are in another timezone and sound asleep as you are ringing tech support to report peak-hour downtime in Australia!

Ausweb offers support with the confidence of a 24/7, 365 days a year monitoring of servers located in a Sydney city Datacenter, managed and supported from a Sydney city office, entirely by Sydney city staff.

4. Economy

Encouragement of healthy competition is crucial in our home soil and for competition to thrive, Australian web hosts must thrive too. We support you as an Australian business – we are one ourselves!

That and we eat our own brand of “dogfood”. The speed at which you have been able to access this very page is a testimony to the speed our clients appreciate daily as after all, this is just another website powered by Ausweb’s server cluster.

Get started today with some helpful links below: