Red Hat Enterprise Linux

Installation
.

Partitioning
Example of LVM-based partitioning:

Disk /dev/sda: 1 GiB   (dedicated to boot) Disk /dev/sdb: 40 GiB  (LVM)

Filesystem                       Size  Mounted on /dev/sda1                         200M   /dev/sda2                        800M  /boot /dev/mapper/system-root          4.0G  / /dev/mapper/system-swap          4.0G /dev/mapper/system-home          2.0G  /home /dev/mapper/system-tmp           2.0G  /tmp /dev/mapper/system-var           1.0G  /var /dev/mapper/system-crash         2.0G  /var/crash /dev/mapper/system-cache_yum     3.0G  /var/cache/yum /dev/mapper/system-var_log       3.0G  /var/log /dev/mapper/system-var_log_audit 1.0G  /var/log/audit /dev/mapper/system-opt           4.0G  /opt

Post-installation
.

Registration
Register a server: subscription-manager register --type=system subscription-manager refresh

Attach a subscription: subscription-manager attach --auto

Enable common repositories: subscription-manager repos --enable rhel-7-server-extras subscription-manager repos --enable rhel-7-server-optional-rpms subscription-manager repos --enable rhel-7-server-supplementary-rpms subscription-manager repos --enable rhel-7-server-thirdparty-oracle-java-rpms

To check the available components: subscription-manager list --consumed subscription-manager list --installed

To check the available repositories: yum repolist all yum repolist enabled

Unregistration
To unregister a server: subscription-manager remove --all subscription-manager unregister subscription-manager clean

Service Pack Installation
To update the system to the last SP: package-cleanup -y --oldkernels --count=1 yum -y clean all rm -rf /var/cache/yum yum -y check-update yum -y update yum -y clean all shutdown -r now

EPEL - Extra Packages for Enterprise Linux
VER=$(rpm --eval %{rhel}) yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-${VER}.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-${VER}

IUS - Inline with Upstream Stable
VER=$(rpm --eval %{rhel}) yum -y install https://repo.ius.io/ius-release-el${VER}.rpm rpm --import /etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY yum -y install yum-plugin-replace
 * 1) yum replace php --replace-with php73u

RHEL 6 to RHEL 7
This is the procedure to go from RHEL 6 to RHEL 7: yum update -y subscription-manager repos --enable rhel-6-server-extras subscription-manager repos --enable rhel-6-server-optional-rpms yum -y install preupgrade-assistant preupgrade-assistant-el6toel7 yum -y install redhat-upgrade-tool yum-utils preupg -v redhat-upgrade-tool --network 7.8 --force shutdown -r now yum update -y

SELinux
To view the context of a file or directory: ls -dZ PATH

To reset the context of a file or directory: restorecon -RF "PATH"

To view all defined contexts: semanage fcontext -l

To define a new context: semanage fcontext -a -t TYPE_t "PATH(/.*)?"

To display the SELinux "booleans": getsebool -a

To set a SELinux "booleans": setsebool -P BOOLEAN 1

To view all defined ports: semanage port -l

To check what is blocked by SELinux: ausearch --interpret --success no

To verify the need to create policy rules: cat /var/log/audit/audit.log | audit2why

To create a module containing policy rules: mkdir -p /etc/semodules cd /etc/semodules grep PROBLEM /var/log/audit/audit.log | audit2allow -M PROBLEM semodule -i /etc/semodules/PROBLEM.pp

Compliance
To list the available profiles: VER=$(rpm --eval %{rhel}) oscap info /usr/share/xml/scap/ssg/content/ssg-rhel${VER}-ds.xml | egrep "Title: |_profile_"

Title: PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 8 Id: xccdf_org.ssgproject.content_profile_pci-dss Title: OSPP - Protection Profile for General Purpose Operating Systems Id: xccdf_org.ssgproject.content_profile_ospp

To evaluate a profile (eg.PCI-DSS): VER=$(rpm --eval %{rhel}) oscap xccdf eval \ --profile xccdf_org.ssgproject.content_profile_pci-dss \ --results /tmp/pci-scan-xccdf-results_$(hostname -s).xml \ --report /tmp/pci-scan-xccdf-results_$(hostname -s).html \ /usr/share/xml/scap/ssg/content/ssg-rhel${VER}-ds.xml

Links

 * Product Documentation for Red Hat Enterprise Linux
 * Red Hat Product Downloads
 * Red Hat Subscription Management
 * Red Hat CVE Database
 * Anaconda's documentation