Updating
Before updating check the https://trac.clarin.eu/wiki/SystemAdministration#Updates table for any pending updates which must be included.
Update cache:
yum makecache fast
Update packages with the following command (excluding docker and kernel updates)):
yum update --exclude=docker* --exclude=kernel*
Run a yum update to check if there are docker and/or kernel updates:
yum update
This can be made permanent by editing /etc/yum.conf as follows:
[main] cachedir=/var/cache/yum/$basearch/$releasever keepcache=0 debuglevel=2 logfile=/var/log/yum.log exclude=kernel* redhat-release* <====
Reference: https://access.redhat.com/solutions/10185
Firewall
We use iptables (firewalld should be disabled).
SELinux
Searching audit log
Check for any denials:
ausearch -m avc #all denials ausearch -m avc -ts today #denials for that today ausearch -m avc -ts recent #denials from the last 10 minutes
Check entries for a specific service:
ausearch -c docker #all audit entries for the docker service ausearch -m avc -c docker #all denials for the docker service
Reference: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html