RHEL 7 RHCE EXAM OBJECTIVE SOLUTION - Network Port Security SELinux

In the RHEL 7 exam, you are expected to know how to use SELinux as an additional layer (and it is required while SELinux is in enforcing mode) for security.
TIP: Make sure you have selinux-policy-devel package installed for this exercise.

Let's use a simple example and a common configuration of changing the port that SSHD listens on. Change the "PORT" from 22 to 2222.

RHEL 7 RHCE EXAM OBJECTIVE SOLUTION - LINK AGGREGATION TEAMING AND BRIDGING

Link Aggregation Teaming and Bridging
TIP: It is always a good idea to install the bash-completion package so you don't have to remember every command.

TEAMING
You can easily perform the Teaming exercise using Network Manager. However, Network Manager does not know how to handle Bridging. You will have to disable Network Manager and perform manual steps for Bridging.

First, make sure you have three network interfaces to work with. I have enp0s3,8, and 9. If you are using virtualbox, just add two additional NICs to your VM.

The certificate /usr/share/rhn/RHNS-CA-CERT is expired - Solved

Red Hat Enterprise Linux 6 rhn_register reports "The certificate /usr/share/rhn/RHNS-CA-CERT is expired" error message.

There are references on the internet that point to some bitly like link to fix, but I've found you can correct the problem by updating the serverURL entry in the /etc/sysconfig/rhn/up2date. Reset the value for serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC.

Cloned Virtual Machine ESX network card issue

Sometimes when you clone a VM on ESX, you get extra network cards each time you clone. To level set our VM's back to eth0, you need to check and do the following:
Change directory into the network scripts and confirm what ethX you are on:
cd /etc/sysconfig/network-scripts
ls
output can be:
ifcfg-eth5

Change the name and device name to eth0 in /etc/sysconfig/network-scripts/ifcfg-eth5 and rename to ifcfg-eth0

Redhat 6 Kernel Panic not syncing Pid:1 Dell Poweredge Perc rdloaddriver=mptsas,lpfc 2.6.32-431.20.3.el6.x86_64

Server panics on boot after kernel update to RHEL6.5, FC-SAN devices attached to the server.
https://access.redhat.com/solutions/1149323
Server works on Red Hat Enterprise Linux 6.4 (kernel-2.6.32-358.14.1.el6.x86_64) and then panics on Red Hat Enterprise Linux 6.5 (2.6.32-431.20.3.el6.x86_64)

FC-SAN devices are attached to the server.

Linux Audit Control to Monitor Read Write Execute and Delete events

On most Linux system, Audit Control (auditd) is enabled by default, but not configured. The default settings are below. They may need adjusted based on the amount of objects audited.

Audit Status
#>auditctl -s
AUDIT_STATUS: enabled=1 flag=1 pid=3455 rate_limit=0 backlog_limit=320 lost=0 backlog=0

Show current configured rules (but necessarily permanent)
#>dzdo auditctl -l
No Rules

Audit Control to monitor a directory
#>auditctl -w /path/to/directory/to/monitor

Improving Linux Bash History

The History file isn’t something you can completely rely on. However, it can be improved with a few additional items to /etc/profile. When two users are logged in as root at the same time, the history gets written at different times, but can be handled better with some of these:

#Make sure you have date and time stamps
export HISTTIMEFORMAT="%F %T "

#Increase the history size. HISTSIZE=1000 (1000 commands) in the history never seems like it is enough.
HISTSIZE=5000

Dell DRAC commands to create a second root level account

The Dell examples for creating a new user on DRACs use -i 2, which is the default root user -i (index) value. If you follow those examples, you will overwrite the default root user and cause yourself extra work to recover.

Create a new user that has the same permissions as the root.

The commands to create this account and give it permissions for any new DRAC’s over ssh are:

Create the username at index (i) 3: