
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
62
|
Chapter 3: Hardening Linux and Using iptables
which expands to the CPU family of your system (in the sense of what binaries they
can run—Athlons are considered part of “i386” in this context).
The /etc/yum.conf file installed by your Yum RPM will probably work fine, but you
should augment each default URL (i.e., http://download.fedora.redhat.com... in
Example 3-7) with at least one mirror-site URL to minimize the chance that your
updates fail due to any one server being unavailable. Just be sure to use your favorite
web browser to “test-drive” any URL you add to yum.conf to make sure that it suc-
cessfully resolves to a directory containing a directory named headers. Also, make
sure your URL ends with a trailing slash.
The other thing worth noting in Example 3-7 is that one important
[server] option
is missing:
gpgcheck. Example 3-8 shows a corrected [base] block that uses this
option (links specified in baseurl are subject to change):
Setting
gpgcheck=1 causes Yum to check the GnuPG signature in each RPM it down-
loads. For this to work, you’ll need the appropriate GnuPG keys incorporated into
your RPM database. On Fedora Core 2 systems, these keys were installed on your
system as part of the fedora-release package. To copy them into your RPM database,
execute this command:
rpm --import ...