Kernel version

General support questions including new installations
Post Reply
tim_13kh
Posts: 5
Joined: 2017/11/30 14:45:48

Kernel version

Post by tim_13kh » 2017/11/30 15:11:26

Hi All. Can you help me please, im a little bit confused. Cannot understand which version is this.
1. first output:
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.6 (Tikanga)


2. second output :
cat /etc/issue
CentOS release 5.6 (Final)


What is the right version (RH or CentOS) ?

also i need to know what is the different between these kernels:
2.6.18-238.9.1.el5 and 2.6.18-419.el5

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel version

Post by TrevorH » 2017/11/30 16:29:33

Red Hat Enterprise Linux Server release 5.6 (Tikanga)
That's not CentOS, that's RHEL.
CentOS release 5.6 (Final)
And that's severely out of date, 5.6 came out in January 2011 so it's now nearly 7 years out of date.
also i need to know what is the different between these kernels:
2.6.18-238.9.1.el5 and 2.6.18-419.el5
2.6.18-238 is a 5.6 kernel. 2.6.18-419 is the final and last 5.11 kernel. According to rpm -qp --changelog http://vault.centos.org/5.11/updates/x8 ... x86_64.rpm there are around 4800 lines in the changelog between 2.6.18-419 and 2.6.18-238 and grepping that for CVE shows a count of 208. That's 208 security vulnerabilities.

You should know that CentOS 5 is completely out of support and has been since March 2017. RHEL 5 is also out of support unless you pay for an EUS subscription and then only the most severe security patches will be available. Migrate to a newer version ASAP.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tim_13kh
Posts: 5
Joined: 2017/11/30 14:45:48

Re: Kernel version

Post by tim_13kh » 2017/11/30 16:57:08

Thank you Trevor for the quick answer. I am aware of that CentOS out of date. But at this moment we cannot replace it.
Why im asking this, because output on different CentOS confused me. more details:

This is the first machine
[root@be-build-rd-02 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.6 (Tikanga)
[root@be-build-rd-02 ~]# cat /etc/issue
CentOS release 5.6 (Final)
Kernel \r on an \m

[root@be-build-rd-02 ~]# uname -r
2.6.18-238.9.1.el5

I assume that this is CentOS, but why first output is Red Hat and second is CentOS
And this is the second:
[root@mec-qa-rbs-03 ~]# cat /etc/redhat-release
CentOS release 5.6 (Final)
[root@mec-qa-rbs-03 ~]# cat /etc/issue
CentOS release 5.6 (Final)
Kernel \r on an \m

[root@mec-qa-rbs-03 ~]# uname -r
2.6.18-419.el5

And here it saying that it is CentOS 5.6, but follow the documentation, kernel is of CentOS 5.11
What is the truth?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel version

Post by TrevorH » 2017/11/30 17:11:18

For the machine with RHEL in its /etc/redhat-release, this is a common workaround for broken third party installation scripts that check if you are running on RHEL (which they support) and CentOS (which they don't). The way to bypass the check is to edit that file and make it look like it's from a RHEL machine then the installation scripts work. It's been a long time since I needed to do that bypass but iirc it was required for some HP packages and possibly some from Oracle too - though there may be others.

The other machine hasn't had that altered but it has had its kernel updated to the latest version while leaving the centos-release package at 5.6. You can look in /var/log/yum.log* to see what other packages were also installed at the same time. Or use rpm -qa --last | less to see the package installation dates/times in descending order.

With 208 CVE's just in the older kernel - let alone all the other packages you have installed on the system - you should at the very least update to 5.11 while you investigate how to replace the machines. Or install RHEL and buy EUS subscriptions and then you can be supported until (I think) 2020 or so.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tim_13kh
Posts: 5
Joined: 2017/11/30 14:45:48

Re: Kernel version

Post by tim_13kh » 2017/11/30 18:39:58

Many Thanks Trevor for explanation. Right on the first machine Oracle db is installed that is why file has been changed to Red Hat release.
On the second machine i have updated centos-release package and it shows right version of CentOS.
[root@mec-qa-rbs-03 ~]# cat /etc/issue
CentOS release 5.11 (Final)

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel version

Post by TrevorH » 2017/12/01 10:10:07

On the second machine i have updated centos-release package and it shows right version of CentOS.
Updating just the centos-release package does not get you to 5.11. You need to run yum update and apply all packages to do that.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tim_13kh
Posts: 5
Joined: 2017/11/30 14:45:48

Re: Kernel version

Post by tim_13kh » 2017/12/01 10:23:18

Updating just the centos-release package does not get you to 5.11. You need to run yum update and apply all packages to do that.
But kernel is of CentOS 5.11, and probably has pulled all needed dependencies. do i still need to update all packages. We using third party tool to apply only critical patches (IBM BigFix).

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel version

Post by TrevorH » 2017/12/01 12:18:49

The whole thing is insecure and should be scrapped ASAP but to get as secure as you can be you need to apply all updates. We have never tested or supported the cherry picking of updates - the only tests that get run are run on a fully updated machine. There are security vulnerabilities in all and any package so updating the kernel will not fix problems in e.g. openssl or httpd or ...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tim_13kh
Posts: 5
Joined: 2017/11/30 14:45:48

Re: Kernel version

Post by tim_13kh » 2017/12/01 13:07:21

Yes, sure. I understand that. But we install only patches where were security issues fixed.
Thanks for your help.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel version

Post by TrevorH » 2017/12/01 13:34:57

Then you should probably consult https://access.redhat.com/errata/#/?q=& ... _version=5 and filter on security where you'll find somewhere around 75 *pages* of security related updates since 2011.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply