Sometimes when running a ‘yum update’ there are certain packages you may be running which you wish to remain static, or which can potentially cause errors with running a ‘yum update’. In these situations it is useful to force yum to exclude certain packages from being updated under CentOS.

Yum uses a configuration file located at /etc/yum/yum.conf or /etc/yum.conf

If you wish to exclude packages you need to define a list for exclusion from updates or installs. This should be a space separated list. (Shell globs using wildcards * and ?) are allowed).

How do I exclude php and kernel packages when I use “yum update”?

Open /etc/yum.conf file:
# vi /etc/yum.conf

Append following line under [main] section, enter:

exclude=php* kernel*

At the end, it should look like as follows:

[main]
cachedir=/var/cache/yum
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
distroverpkg=redhat-release
tolerant=1
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
exclude=php* kernel*

# Note: yum-RHN-plugin doesn’t honor this.
metadata_expire=1h

# Default.
# installonly_limit = 3

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
yum –exclude command line option

Finally, you can skip yum command updates on command line itself using following syntax:

# yum –exclude=package* update
# yum –exclude=php* update
# yum –exclude=kernel* update

Setting multiple file permissions can be a chore, especially if you’re doing so via FTP or a web interfance like the cPanel File Manager. However, if you’ve got shell access it certainly doesn’t need to be.

If you need to set permissions for a large number of files & folders simply cd to the right parent directly and type:

chmod -R 755 *

The -R flag will recursively set permissions for all files & sub-directories, just replace 755 with your desired permission.

Sometimes it is also desirable to set specific permissions for directories only, normally 755. You can do this with the following command:

find . -type d -exec chmod 755 {} ;

This will find all directories and exec the chmod command to change their permissions recursively beneath the parent.

Exim is a Message Transfer Agent (MTA) developed at the University of Cambridge for Unix based systems.

It is extremely important to keep your Mail Server Security settings in check and the first step is making sure your MTA is up to date.

As of 10th December 2010 a nasty root access exploit has been published which exploits a vulnerability present in Exim versions 4.69 and earlier.

You can view a cPanel advisory regarding this exploit here:

http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html

In order to see which version of Exim your server is running:

rpm -qa | grep exim

As cPanel keeps its own release tree for Exim, you can upgrade by performing the following via SSH:

/scripts/eximup

or to force a reinstall:

/scripts/eximup –force

If you are not running cPanel/WHM, consult the relevant documentation & release advisories for your Linux distribution.