== Updating ==
Before updating check the https://trac.clarin.eu/wiki/SystemAdministration#Updates table for any pending updates which '''must''' be included.

Update cache:

{{{
yum makecache fast
}}}
Update packages with the following command (excluding docker and kernel updates)):

{{{
yum update --exclude=docker* --exclude=kernel*
}}}
Run a yum update to check if there are docker and/or kernel updates:

{{{
yum update
}}}
This can be made permanent by editing /etc/yum.conf as follows:

{{{
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exclude=kernel* redhat-release*                           <==== 
}}}
Reference: https://access.redhat.com/solutions/10185

== Firewall ==
We use iptables (firewalld should be disabled).

== SELinux ==

=== Searching audit log ===

Check for any denials:
{{{
ausearch -m avc                              #all denials	
ausearch -m avc -ts today              #denials for that today	
ausearch -m avc -ts recent             #denials from the last 10 minutes	
}}}

Check entries for a specific service:
{{{
ausearch -c docker                      #all audit entries for the docker service
ausearch -m avc -c docker          #all denials for the docker service
}}}

Reference: !https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html