amazon linux 2 yum missing update (AWS Security Center) - amazon-web-services

AWS security advisory https://alas.aws.amazon.com/AL2/ALAS-2021-1674.html is causing my security scan to fail. The advice is to yum update httpd to install httpd-2.4.48-2.amzn2.x86_64. However when I do this AWS yum repo only has an old version of this package (httpd-2.4.46-2.amzn2.x86_64).
yum update httpd
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
No packages marked for update
yum install httpd
Loaded plugins: extras_suggestions, kernel-livepatch, langpacks, priorities, update-motd
amzn2-core | 3.7 kB 00:00:00
Package httpd-2.4.46-2.amzn2.x86_64 already installed and latest version
Nothing to do
This is a brand new unmodified AWS linux 2 instance. I have tried everything I could find online (making sure I can access yum repo and clearing cache)
Can anyone else using amazon linux 2 see this new package? (2.4.48) or even better have any suggestions how to proceed?

Worked it out - AWS Elastic Beanstalk in all their wisdom append a "-$guid" to the YUM repo list on an instance, which must be stuck in their CDN as was returning an out of date package list. I have resolved via:
sed 's/-$guid//g' /etc/yum.repos.d/amzn2-core.repo -i

AWS security advisory Link mention that we have to do "yum update httpd". If it still does not work I would say we have to update yum repo.

Related

Unable to install packages using yum in ec2 instance

I am new to AWS and wanted to create an ec2 instance and tried to install httpd package (yum install httpd). Unfortunately, I was not able to do that and getting the following thing everytime. I tried some of the things like Allowing all outbound trafic, but no use. Any help on this?
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Could not retrieve mirrorlist https://amazonlinux-2-repos-us-east-1.s3.dualstack.us-east-1.amazonaws.com/2/core/latest/x86_64/mirror.list error was
12: Timeout on https://amazonlinux-2-repos-us-east-1.s3.dualstack.us-east-1.amazonaws.com/2/core/latest/x86_64/mirror.list: (28, 'Resolving timed out after 5000 milliseconds')
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum --disablerepo=<repoid> ...
4. Disable the repository permanently, so yum won't use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use --enablerepo for temporary usage:
yum-config-manager --disable <repoid>
or
subscription-manager repos --disable=<repoid>
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
Cannot find a valid baseurl for repo: amzn2-core/2/x86_64

How to resolve "No packages marked for update" problem for amzn2-core in ec2 linux machine?

I cannot use yum commands like sudo yum update in Amazon EC2 instance.
[ec2-user#ip-***-***-*** /]$ sudo yum update
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core | 3.7 kB 00:00:00
No packages marked for update
I tried all of the stuff writing on net but I couldn't solved it.
Lastly I tried:
sudo sed 's/-$guid//g' /etc/yum.repos.d/amzn2-core.repo -i
Is there any way to solve it?

I can't install PHP on AWS EC2

I'm pretty new in AWS, I've tried to install PHP on my virtual machine, but it doesn't works, I get the error:
[root#ip-xxx-xxx-xxx-xxx user]# yum install apache2 libapache2-mod-php5 php5 mysql-
server php5-mysql
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
No package apache2 available.
No package libapache2-mod-php5 available.
No package php5 available.
No package mysql-server available.
No package php5-mysql available.
Error: Nothing to do
I don't know the reason of this, I already tried the comamnd yum update, but it doesn't help, please help me
PHP5 is quite old and is probably not available anymore in the YUM package manager.
Also I think the tutorial you are using is Debian/Ubuntu based.
Apache2 is called httpd24 in yum for instance.
That would look something like this:
sudo yum install -y httpd24 php72 mysql57-server php72-mysqlnd
Or if you are using the Amazon Linux 2 image, then use this command:
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
To find out which specific image you are running:
cat /etc/system-release
Please check out the AWS documentation for an up-to-date tutorial on howto deploy your own LAMP-server:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-LAMP.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-lamp-amazon-linux-2.html

Installing and Enabling PHP7.1 on AWS Elastic beanstalk

Most PHP vital libraries have been mandating PHP7.1 in their releases lately and I happen to have an API staged on AWS elastic beanstalk PHP7.0 platform that I'd like to make compliant with this recent change.
Seeing as Amazon has greatly delayed this shift since December 1, 2016 release of PHP7.1, I've tried so many things to make PHP7.1 available on this AWS Elastic beanstalk platform originally intended for PHP7.0
Below is my sample upgrade script:
sudo su
yum -y remove php70
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sudo rpm -Uvh remi-release-6*.rpm
yum-config-manager --enable remi-php71
wget ftp://195.220.108.108/linux/epel/6/x86_64/scl-utils-20120229-1.el6.x86_64.rpm
rpm -Uvh scl-utils-20120229-1.el6.x86_64.rpm
yum -y install php71
source /opt/remi/php71/enable
yum -y install php71-php-soap php71-php-bcmath php71-php-devel php-71-php-intl php71-php-mbstring php71-php-mcrypt php71-php-mysqlnd php71-php-opcache php71-php-pgsql php71-php-odbc php71-php-pecl-uuid php71-php-pecl-memcache php71-php-igbinary php71-php-oauth php71-php-xml php71-php-xmlrpc php71-php-process php71-php-apcu
But unless I run the source /opt/remi/php71/enable every time, I can't seem to get PHP71 by default as the PHP cli runtime.
In a bid to fix that, I did yum remove php70* to clean up the old PHP7.0 installation but that led to a problem with the AWS EBS deployment hook scripts.
Right now, I'm in a fix and it seems like I have to be forced to work with PHP7.0 and downgrade most of my PHP libraries. I just want to know if anyone can get me out of this messed up state.
Thank you.
Remi repository provides 2 way to install PHP 7.1
base packages (php-*) 1 repository by version, single version allowed, so you need remi-php71 repository enabled
SCL packages (php71-php-*) designed for parallel installation in remi-safe repository (which you have installed)
As explain in the FAQ.
Also see the Wizard instructions.
Amazon released a new version of Elastic beanstalk with PHP 7.1 support.
Upgrade your environment to use this configuration.

yum update from wrong repository i

I am running a AWS Linux AMI in AWS, it seems to be RHEL under the covers and uses yum (kernel 3.4.62-53.42.amzn1.x86_64) . The amazon repo includes nginx 1.4.2 which is out of date so I removed it and re-installed using the repo given at nginx website. I did this as such:
sudo yum remove nginx*
sudo yum --disablerepo="*" --enablerepo="nginx" install nginx
Note that yum priorities are disabled. I tried messing around with setting priority= in the repo files but decided disabling priorities made sense after reading up on it.
/etc/yum.repos.d files :
amzn-main.repo contains:
[amzn-main]
name=amzn-main-Base
mirrorlist=http://repo.us-east-1.amazonaws.com/$releasever/main/mirror.list
mirror_expire=300
metadata_expire=300
priority=10
failovermethod=priority
fastestmirror_enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
enabled=1
retries=5
timeout=10
report_instanceid=yes
[amzn-main-debuginfo]
name=amzn-main-debuginfo
mirrorlist=http://repo.us-east-1.amazonaws.com/$releasever/main/debuginfo/mirror.list
mirror_expire=300
metadata_expire=300
priority=10
failovermethod=priority
fastestmirror_enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
enabled=0
retries=5
timeout=10
report_instanceid=yes
nginx.repo contains:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/6/$basearch/
gpgcheck=0
enabled=1
priority=1
Now doing the update once nginx 1.4.3 is installed, it tries to install the old version from the amazon main repo:
$ sudo yum update
Loaded plugins: update-motd, upgrade-helper
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 0:1.4.3-1.el6.ngx will be updated
---> Package nginx.x86_64 1:1.4.2-1.12.amzn1 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
So not sure why its picking up the older version. Is there a way to configure yum to only update if the version is newer than currently installed? If there is no way, is there a way to skip nginx package when I do a general update and then update nginx using another command as described above that disables all repos and uses only nginx repo, here it is again:
sudo yum --disablerepo="*" --enablerepo="nginx" install nginx
To ignore any specific package in a single yum repository, one may add the following line to their /etc/yum.repos.d/${amazonreponame}.repo configuration file:
exclude=package_name*
Example:
[amzn-main]
name=amzn-main-Base
mirrorlist=http://repo.us-east-1.amazonaws.com/$releasever/main/mirror.list
mirror_expire=300
metadata_expire=300
priority=10
failovermethod=priority
fastestmirror_enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
enabled=1
retries=5
timeout=10
report_instanceid=yes
exclude=nginx*
The exclude=* option may also be added globally (i.e., all repos) to /etc/yum.conf