Kroko

Install Phusion Passenger (mod_rails) on cPanel Server

admin — Sat, 09 Jan 2010 22:49:34 +0000

Although cPanel has built in support for running Ruby or Rails apps, it uses Mongrel as the server and doesn’t allow more than one instance per user. That makes it pretty useless for any application that gets even a moderate amount of traffic. Instead we can install Phusion Passenger (a.k.a mod_rails), which in my opinion is a much nicer solution anyway.

First we need to make sure Ruby is installed via a cpanel script:

sudo /scripts/installruby

Now we can install the passenger gem:

sudo gem install passenger

Next, compile the apache2 module

sudo passenger-install-apache2-module

The installer may tell you that the the Apache development headers are needed and will suggest ‘yum install httpd-devel’. Since cPanel compiles it’s own version of apache, yum is configured to ignore that package. That is OK, because the program we need is already installed, we just have to tell Passenger where to find it.

APXS2=/usr/local/apache/bin/apxs PATH=$PATH:/usr/local/apache/bin passenger-install-apache2-module

Everything should go OK this time, and the installer will give you a few lines to add to your apache config file. It’s best practice with cPanel not to put these in your main httpd.conf, but rather the pre_main_global.conf:

vi /usr/local/apache/conf/includes/pre_main_global.conf

LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-X.X.X/ext/apache2/mod_passenger.so

PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-X.X.X

PassengerRuby /usr/bin/ruby

Now we need to setup passenger to run on a per virtual host basis. Open up the httpd.conf file and find the virtual host you want to run a Rails app and add this line:

Include ”/usr/local/apache/conf/userdata/std/2/username/domain_name/*.conf”

Replace username with the username of the account.

Now we need to create the directory we just specified, and also create a configuration file letting passenger know it should load for this host:

mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain_name/ vi /usr/local/apache/conf/userdata/std/2/username/domain_name/rails.conf

PassengerAppRoot /home/username/railsapp

RailsBaseURI /

To make sure those files load, run this:

/scripts/ensure_vhost_includes –user=username

We need to make sure cPanel records the changes we have for when it rebuilds those files, so run the following two commands:

/usr/local/cpanel/bin/apache_conf_distiller –update /usr/local/cpanel/bin/build_apache_conf

We can now restart apache:

/etc/init.d/httpd restart

Since by default the Apache Document Root for each host is /home/username/public_html, you will probably need to symlink that to your applications public directory:

ln -s /home/username/railsapp/public /home/username/public_html

To restart that application, you just need to touch the restart.txt file:

touch /home/username/railsapp/tmp/restart.txt

And there you have it, a working high performance rail application server on cPanel! For more information on tuning the Passenger configuration, read the complete docs.

PS:

I just modified few lines from this article after i installed passenger on my cpanel server.

original source of this article is: http://jetpackweb.com/blog/2009/07/21/install-phusion-passenger-a-k-a-mod_rails-on-cpanel-server/

How to virus scan FTP uploads

admin — Fri, 11 Dec 2009 12:53:25 +0000

To help protect your server, you may want to scan your users FTP uploads. Here is a great way of doing this, if you are using Pure-FTP and ClamAV. Pure-FTP has an option to run a file after an upload, called the pure-uploadscript. What you do, is tie the virus scanner into this script, so that when a file gets uploaded, it will get scanned. As long as you have your virus scanner up to date, this will pick up most of the main stream virii, as well as the dreaded php shell scripts.

Here is how we do it. We first need to ssh into our server, and then switch user to root. Now, execute the following from the command line:

echo \#\!/bin/sh > /etc/pure-ftpd/upload-check.sh

This command will create a file called upload-check.sh, and place an interpreter call on the first line. Next, we add the action line to the file, by executing this command:

echo /usr/bin/clamdscan –move=/root/badfiles/ –quiet –no-summary –log=/var/log/clamscan.log “\$1″ >> /etc/pure-ftpd/upload-check.sh

This will insert the second line in the upload-check script. This line calls the virus scanner, clamdscan, and passes some information to it. The first one, tells the scanner to move the file, if it has found a problem with it. I always find it usefull to see what people are trying to upload, instead of just deleting the file as soon as its scanned. The other important parameter here, is the log value. We are telling the scanner to log all activity to the clamscan.log file, which is usefull to view every so often, to see if anyone was trying to upload something nasty. Now, chmod the script:

chmod 700 /etc/pure-ftpd/upload-check.sh

The next step, is to ensure that when your server starts up, that the pure-uploadscript binary is running, using the newly created upload-check.sh script:

echo /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-check.sh >> /etc/rc.d/rc.local

This places a line at the bottom of your rc.local file, telling it to run the pure-uploadscript, with the parameters you have assigned to it.

Next, we tell pure-ftpd to use the upload scanner, use what ever editor you prefer:

vi /etc/pure-ftpd.conf

Search for – CallUploadScript, and uncomment the line. Save your changes, and exit.

Now, all we need to do, is start the pure-uploadscript daemon, and restart pure-ftpd:

/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-check.sh

service pure-ftpd restart

Once done, you should now be scanning all files uploaded through ftp. To check if you have found any virii, you can check the log file, running this command only displays the lines that have reported a virus:

tail -n 1000 /var/log/clamscan.log | grep FOUND

The files found to have virii’s, will also have been moved to /root/badfiles, so that you can take a look at them, and if it is a false positive, move the file back to the users directory.

text from http://solidservers.ca/2009/04/how-to-virus-scan-ftp-uploads/

no sound for flash in google chrome

admin — Sun, 29 Nov 2009 22:46:38 +0000

1. While in Google Chrome, use the following keyboard shortcut: Shift+Esc.

2. The Task Manager will appear. Select the “Plugin: Shockwave Flash”, click end process, refresh page (F5) or from the menu

This is what you need to do:

1. While in Google Chrome, use the following keyboard shortcut: [Shift] + [Esc].

2. The Task Manager will appear. Select the “Plugin: Shockwave Flash”, click end process, now try again.

Facebook 3.0 for iPhone

admin — Fri, 28 Aug 2009 07:27:51 +0000

Muhaha .. Facebook 3.0 for iPhone The long-anticipated (by Facebook and iPhone lovers, at least) Facebook 3.0 for iPhone hits the App Store today. Even if you’re not a big Facebook fan, it’s undeniably a great mobile application. It’s not showing up as new just yet in the App Store (either in iTunes or on my iPhone), so if you’re not seeing it as an update, go ahead and download anyway (on your iPhone, you’ll have to delete your old install before downloading a new one.

Total Commander: how to use the ssl/tls feature for secure ftp

admin — Wed, 19 Aug 2009 00:24:44 +0000

This is from: http://www.ghisler.ch/board/viewtopic.php?t=12105

Here is some information on how to use the ssl/tls feature. Because of the Swiss crypto export laws, I cannot include the openssl dlls in the install package.

1. Get the compiled OpenSSL package from the LibCurl library:
http://curl.haxx.se/download.html
Please scroll down to the section named “Win32 – Generic”
and download the following package (or a newer one):
Win32 2000/XP 7.19.0 libcurl SSL enabled Günter Knauf 1.54 MB

2. Copy the two dlls libssl32.dll and libeay32.dll from the “bin” subdir of the archive to the Total Commander directory.
3. Now you can make connections with prefix ftps:// and https://

There will appear a red open locker for connections because the root certificates are missing. To get the root certificates of Verisign, Thawte etc, do the following:
1. Start Internet Explorer and open its configuration dialog
2. Go to the page “Content”
3. Click on “Certificates”
4. Go to the last page “Trusted root certificate authorities”
5. Select all certificates
6. Click on”Export”
7. As name, enter: rootcerts
8. Confirm with Next/OK. This creates a file rootcerts.p7b
9. Issue the following two commands to convert to openssl format:

openssl pkcs7 -inform DER -in rootcerts.p7b -print_certs -out unfiltered.pem
openssl x509 -in unfiltered.pem -out rootcert.pem

10. Put the file rootcert.pem in the Total Commander directory

XP Automatic Update Nagging

admin — Wed, 29 Jul 2009 00:08:04 +0000

Windows XP’s automatic update facility is clearly a good thing. Except when an update is installed that requires a reboot and you’re working on the computer at the time. Then you get this lovely dialog:

As if I needed another reason to hate dialog boxes. This is perhaps the Naggiest. Dialog. Box. Ever. It can’t be dismissed. You get two choices– Restart Now, or Restart Later.If you click Restart Later, it pops up again ten minutes later, like clockwork. It belongs to wuauclt.exe, part of the Microsoft automatic update provider. I tried killing wuauclt.exe, and like a bad zombie movie, it keeps coming back.

I want automatic updates, but I also want to restart my computer when I feel like it. Is there any way to turn off this incredibly annoying nag dialog? UPDATE: Thanks to the many commenters, we now have at least two ways to disable Mister Naggy McNaggerson:

1. Stop the “Automatic Updates” service.

Navigate to Control Panel | Administrative Tools | Services:

Right click the Automatic Updates service and stop it. You can also do the same thing at the command line by typing:
net stop wuauserv
or you can type this, which does the same thing, and is a little easier to remember:
net stop "automatic updates"
After the service is stopped, the nag message stops, too. Then you can reboot when you have time. The service will restart when you reboot.

2. Modify Group Policy settings.

Start, Run “gpedit.msc” to bring up the group policy editor. Then navigate to the folder
Local Computer Policy
  Computer Configuration
    Administrative Templates
      Windows Components
        Windows Update
There are two settings and both will work, so it’s your choice. Either enable No auto-restart for schedule Automatic Updates installations or set Re-prompt for restart with scheduled installations to a long time interval, like 1440 minutes.

Remote Access Service (RAS) Error Code List

admin — Fri, 15 May 2009 07:23:32 +0000

This article lists the error codes that Remote Access Service (RAS) reports in Windows NT 4.0, Windows 98, and Windows 95.

MORE INFORMATION

   Error   Messages
   -------------------------------

   600     An operation is pending.
   601     The port handle is invalid.
   602     The port is already open.
   603     Caller's buffer is too small.
   604     Wrong information specified.
   605     Cannot set port information.
   606     The port is not connected.
   607     The event is invalid.
   608     The device does not exist.
   609     The device type does not exist.
   610     The buffer is invalid.
   611     The route is not available.
   612     The route is not allocated.
   613     Invalid compression specified.
   614     Out of buffers.
   615     The port was not found.
   616     An asynchronous request is pending.
   617     The port or device is already disconnecting.
   618     The port is not open.
   619     The port is disconnected.
   620     There are no endpoints.
   621     Cannot open the phone book file.
   622     Cannot load the phone book file.
   623     Cannot find the phone book entry.
   624     Cannot write the phone book file.
   625     Invalid information found in the phone book.
   626     Cannot load a string.
   627     Cannot find key.
   628     The port was disconnected.
   629     The port was disconnected by the remote machine.
   630     The port was disconnected due to hardware failure.
   631     The port was disconnected by the user.
   632     The structure size is incorrect.
   633     The port is already in use or is not configured for Remote
           Access dialout.
   634     Cannot register your computer on the remote network.
   635     Unknown error.
   636     The wrong device is attached to the port.
   637     The string could not be converted.
   638     The request has timed out.
   639     No asynchronous net available.
   640     A NetBIOS error has occurred.
   641     The server cannot allocate NetBIOS resources needed to support
           the client.
   642     One of your NetBIOS names is already registered on the remote
           network.
   643     A network adapter at the server failed.
   644     You will not receive network message popups.
   645     Internal authentication error.
   646     The account is not permitted to log on at this time of day.
   647     The account is disabled.
   648     The password has expired.
   649     The account does not have Remote Access permission.
   650     The Remote Access server is not responding.
   651     Your modem (or other connecting device) has reported an error.
   652     Unrecognized response from the device.
   653     A macro required by the device was not found in the device .INF
           file section.
   654     A command or response in the device .INF file section refers to
           an undefined macro
   655     The  macro was not found in the device .INF file
           section.
   656     The  macro in the device .INF file section contains
           an undefined macro
   657     The device .INF file could not be opened.
   658     The device name in the device .INF or media .INI file is too
           long.
   659     The media .INI file refers to an unknown device name.
   660     The device .INF file contains no responses for the command.
   661     The device .INF file is missing a command.
   662     Attempted to set a macro not listed in device .INF file section.
   663     The media .INI file refers to an unknown device type.
   664     Cannot allocate memory.
   665     The port is not configured for Remote Access.
   666     Your modem (or other connecting device) is not functioning.
   667     Cannot read the media .INI file.
   668     The connection dropped.
   669     The usage parameter in the media .INI file is invalid.
   670     Cannot read the section name from the media .INI file.
   671     Cannot read the device type from the media .INI file.
   672     Cannot read the device name from the media .INI file.
   673     Cannot read the usage from the media .INI file.
   674     Cannot read the maximum connection BPS rate from the media .INI
           file.
   675     Cannot read the maximum carrier BPS rate from the media .INI
           file.
   676     The line is busy.
   677     A person answered instead of a modem.
   678     There is no answer.
   679     Cannot detect carrier.
   680     There is no dial tone.
   681     General error reported by device.
   682     ERROR WRITING SECTIONNAME
   683     ERROR WRITING DEVICETYPE
   684     ERROR WRITING DEVICENAME
   685     ERROR WRITING MAXCONNECTBPS
   686     ERROR WRITING MAXCARRIERBPS
   687     ERROR WRITING USAGE
   688     ERROR WRITING DEFAULTOFF
   689     ERROR READING DEFAULTOFF
   690     ERROR EMPTY INI FILE
   691     Access denied because username and/or password is invalid on the
           domain.
   692     Hardware failure in port or attached device.
   693     ERROR NOT BINARY MACRO
   694     ERROR DCB NOT FOUND
   695     ERROR STATE MACHINES NOT STARTED
   696     ERROR STATE MACHINES ALREADY STARTED
   697     ERROR PARTIAL RESPONSE LOOPING
   698     A response keyname in the device .INF file is not in the
           expected format.
   699     The device response caused buffer overflow.
   700     The expanded command in the device .INF file is too long.
   701     The device moved to a BPS rate not supported by the COM driver.
   702     Device response received when none expected.
   703     ERROR INTERACTIVE MODE
   704     ERROR BAD CALLBACK NUMBER
   705     ERROR INVALID AUTH STATE
   706     ERROR WRITING INITBPS
   707     X.25 diagnostic indication.
   708     The account has expired.
   709     Error changing password on domain.
   710     Serial overrun errors were detected while communicating with
           your modem.
   711     RasMan initialization failure. Check the event log.
   712     Biplex port is initializing. Wait a few seconds and redial.
   713     No active ISDN lines are available.
   714     Not enough ISDN channels are available to make the call.
   715     Too many errors occurred because of poor phone line quality.
   716     The Remote Access IP configuration is unusable.
   717     No IP addresses are available in the static pool of Remote
           Access IP addresses.
   718     PPP timeout.
   719     PPP terminated by remote machine.
   720     No PPP control protocols configured.
   721     Remote PPP peer is not responding.
   722     The PPP packet is invalid.
   723     The phone number, including prefix and suffix, is too long.
   724     The IPX protocol cannot dial-out on the port because the
           computer is an IPX router.
   725     The IPX protocol cannot dial-in on the port because the IPX
           router is not installed..
   726     The IPX protocol cannot be used for dial-out on more than one
           port at a time.
   727     Cannot access TCPCFG.DLL.
   728     Cannot find an IP adapter bound to Remote Access.
   729     SLIP cannot be used unless the IP protocol is installed.
   730     Computer registration is not complete.
   731     The protocol is not configured.
   732     The PPP negotiation is not converging.
   733     The PPP control protocol for this network protocol is not
           available on the server.
   734     The PPP link control protocol terminated..
   735     The requested address was rejected by the server..
   736     The remote computer terminated the control protocol.
   737     Loopback detected..
   738     The server did not assign an address.
   739     The remote server cannot use the Windows NT encrypted password.
   740     The TAPI devices configured for Remote Access failed to
           initialize or were not installed correctly.
   741     The local computer does not support encryption.
   742     The remote server does not support encryption.
   743     The remote server requires encryption.
   744     Cannot use the IPX net number assigned by the remote server.
           Check the event log.
   752     A syntax error was encountered while processing a script.

Kill Frozen Windows Apps Easily

admin — Thu, 30 Apr 2009 10:35:34 +0000

If you’ve used Windows for any amount of time, you’ve already had to deal with the dreaded (Not Responding) frozen application—so instead of using task manager, why not create a shortcut to auto-kill them?

The HaxAttack weblog writes up a great tip to create a batch file that automatically kills any applications with a status of Not Responding, but you can actually just create a shortcut directly, omitting the batch file altogether.
To create your own quick-killing mechanism, just create a new shortcut anywhere, using this as the location:

taskkill.exe /f /fi "status eq not responding"

Once you are done, you can change the icon, or even assign a shortcut key in the properties dialog—just make sure the shortcut is on your desktop or in the start menu if you want the hotkey to work, since Windows hotkeys don’t work in the Quick Launch. Thanks, Cyrus!

For more, check out how to kill runaway processes with Task Killer, previously mentioned ClickGone, or simply use the very powerful Process Explorer.

Tip: Easy Kill Apps That Freeze [HaxAttack]

RUNNING A SECURE DDNS SERVICE WITH BIND

admin — Sun, 29 Mar 2009 14:22:08 +0000

Posted on March 12, 2007, 21:54, by Julien.

Last updated on January 17, 2009, 12:11.

This article will give you a short introduction to DDNS, and will only apply to a precise example. I will not detail the reasons of my choice. However, the links provided at the end of the document will allow you further understand the uses that can be made of DDNS.

REQUIREMENTS

2 machines running GNU/Linux: one at home with a dynamic IP, the other elsewhere with a fix IP
BIND 9.2.0 or newer should be installed on the external machine (and act as primary DNS for your domain – the setup won’t be detailed here)
the nsupdate utility on your router at home. This comes as part of the dnsutilsDebian package.

GENERATING THE KEY

Updates being initiated from the client, the process needs to be secured by a TSIG key:”(TSIG keys are symmetric HMAC-MD5 keys; although asymmetric SIG keys can also be used, the set up is a bit more complicated)”:.

On the external machine running BIND 9, run as root:

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST

where should be replaced by a whatever name you want, and 512 is the key size (512 is the maximum with the HMAC-MD5 algorithm).

This will generate 2 files like Kkeyname.+157+12505.key andKkeyname.+157+12505.private. Both files should remain private (remember, we work with symmetric key).

ON THE SERVER SIDE

Both files created before do contain the secret key, which needs to be set up on the BIND configuration file (eg.named.conf or named.conf.local in Debian) as follows:

key "keyname." {
  algorithm hmac-md5;
  secret "v9BhsbwDu4q95g/Gf/EiXA==";
};

Once this is defined, you can start using this shared secret in the definition of your zone:

zone "example.com" {
  type master;
  file "master/db.example.com";
  allow-update { key "keyname."; };
};

The BIND service should obviously be reloaded to start using the new configuration:

# /etc/init.d/bind9 reload

ON THE CLIENT SITE

UPDATING THE ZONE WHEN YOUR DSL PROVIDER IP CHANGES – NSUPDATE

If you can’t get a fix IP address from your xDSL provider and still want to host your server at home, you can use third services companies like DynDNS.org or Zonedit.com, but did you know you can set up a secure DDNS service using the BIND DNS server and the nsupdate utility. Still, you need to have control on a machine with a static IP somewhere on the public Internet.

nsupdate is the tool needed to update the IP on the DNS server. You can use it manually whenever you want (see manpage for additional information), or in scripts run automatically by cron or, better, directly by ppp through the ppp-ip facilty.

In Debian, save the following script as /etc/ppp/ip-up.d/ddupdate, change the options at the top of the file and make it executable:

#!/bin/bash
# Script to update DNS zones on a remote server
# Copyright © 2005-2007 - Julien Valroff 
# Parts of the script Copyright © 2001-2002 - Dag Wieers 

KEY="/root/Kkeyname.+157+29630.private"
SERVER="ns.domain.com"
LOGFILE="/var/log/syslog"
PPP_IFACE="ppp0"

if [ "$PPP_LOCAL" != '' ]; then
   if [ "$PPP_IFACE" != "$PPP_IFACE" ]; then
      echo "$(LANG=C date +'%b %e %X') $(hostname) ddupdate[$$]: ABORTED: Not updating dynamic IP \
        address $PPP_LOCAL (already done for $(ip addr show $PPP_IFACE | awk '/inet/ { print $2 }'))" >>$LOGFILE 2>&1
      exit 0
   fi
   IPADDR=$PPP_LOCAL
   sleep 3
else
   IPADDR=$(ip addr show $PPP_IFACE | awk '/inet/ { print $2 }')
fi

(
cat <<EOF | nsupdate -k "$KEY"
server $SERVER
zone example.com
update delete example.com. A
update add example.com. 60 A $IPADDR
update delete mail.example.com. A
update add mail.example.com. 60 A $IPADDR
send
EOF

  RC=$?

  if [ $RC != 0 ]; then
    echo "$(LANG=C date +'%b %e %X') $(hostname) ddupdate[$$]: FAILURE: Updating dynamic IP $IPADDR on $SERVER failed (RC=$RC)"
    (
        echo "Subject: DDNS update failed"
        echo
        echo "Updating dynamic IP $IPADDR on $SERVER failed (RC=$RC)"
    ) | /usr/sbin/sendmail root
  else
    echo "$(LANG=C date +'%b %e %X') $(hostname) ddupdate[$$]: SUCCESS: Updating dynamic IP $IPADDR on $SERVER succeeded"
  fi
) >>$LOGFILE 2>&1

exit $RC

Next time your connection will be restarted, the IP will be updated on your DNS server, and you’ll see an entry in your log file:
Mar 12 18:43:26 athena ddupdate[14507]: SUCCESS: Updating dynamic IP 81.13.52.124 on ns.domain.com succeeded
An e-mail will alert the system administrator in case the update fails.

Remember to use low TTL for the zone which is meant to be updated, 60 seconds seems to be a good value.

UPDATING THE DNS WITH DYNAMIC IP ON YOUR LOCAL NETWORK – DHCPD

DDNS can also be used in conjunction with dhcpd to dynamically update the DNS when a machine is given an IP. A very detailed article was written by Adam Trickett for debian-administration.org to explain this setup.

COMBINE BOTH METHODS WITH A ROADWARRIOR CLIENT

I plan to combine the methods described earlier to allow a roadwarrior to be reachable by its name wherever it is located.

When out of the company, the roadwarrior is connected to the network through a secureOpenVPN tunnel. Thanks to the --client-connect and --client-disconnectdirectives, the OpenVPN server can update the DNS entry for the given host (cf.ifconfig_pool_remote_ip and common_name environmental variables in OpenVPN man page).

When directly connected to the local network, the roadwarrior gets an IP from the DHCP server which updates the DNS.

I haven’t yet worked on this setup, and am not sure it would be very useful, but this is an example of use of dynamic DNS.

OTHER (MORE DETAILED) ARTICLES ON DDNS

As usual, here are some external resources which helped me writing this article, and which will allow you to study the DDNS methods in details:

ISC BIND homepage: www.isc.org/index.pl?/sw/bind/
ISC DHCP homepage: www.isc.org/index.pl?/sw/dhcp/
www.oceanwave.com/technical-resources/unix-admin/nsupdate.html
ops.ietf.org/dns/dynupd/secure-ddns-howto.html
dag.wieers.com/howto/bits/bind-ddns.php
linux.yyz.us/nsupdate/

install yum into virtuozzo centos 5.2 vps

admin — Mon, 09 Feb 2009 22:40:27 +0000

run this :

rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/elfutils-libs-0.125-3.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/gmp-4.1.4-10.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/readline-5.1-1.1.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/python-2.4.3-21.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/libxml2-2.6.26-2.1.2.1.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/libxml2-python-2.6.26-2.1.2.1.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/expat-1.95.8-8.2.1.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/python-elementtree-1.2.6-5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/sqlite-3.3.6-2.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/python-sqlite-1.1.7-1.2.1.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/elfutils-0.125-3.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/rpm-python-4.4.2-48.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/m2crypto-0.16-6.el5.2.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/python-urlgrabber-3.1.0-2.noarch.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/yum-metadata-parser-1.1.2-2.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/yum-3.2.8-9.el5.centos.1.noarch.rpm
yum -y update