Updating

Before updating check the https://trac.clarin.eu/wiki/SystemAdministration#Updates table for any pending updates which must be included.

Update cache:

yum makecache fast

Update packages with the following command (excluding docker and kernel updates)):

yum update --exclude=docker* --exclude=kernel*

Run a yum update to check if there are docker and/or kernel updates:

yum update

This can be made permanent by editing /etc/yum.conf as follows:

[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exclude=kernel* redhat-release*                           <==== 

Reference: ​https://access.redhat.com/solutions/10185

Firewall

We use iptables (firewalld should be disabled).

SELinux

Searching audit log

Check for any denials:

ausearch -m avc                              #all denials	
ausearch -m avc -ts today              #denials for that today	
ausearch -m avc -ts recent             #denials from the last 10 minutes	

Check entries for a specific service:

ausearch -c docker                      #all audit entries for the docker service
ausearch -m avc -c docker          #all denials for the docker service

Reference: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html