Red Hat 7.x – Applying Security Updates

This article describes how we can generate several information regarding security update on the Red Hat system. One of the important task that might a system administrator need to have is system security awareness. Red Hat provides several tools in order to manage it security information. At the beginning let’s start with yum updateinfo command.

Β Β Β root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ yum updateinfo
Loaded plugins: langpacks, product-id, subscription-manager
rhel-7-server-openstack-10-tools-debug-rpms/7Server/x86_64                                 | 3.8 kB  00:00:00     
rhel-7-server-openstack-10-tools-rpms/7Server/x86_64                                       | 4.0 kB  00:00:00     
rhel-7-server-openstack-10-tools-source-rpms/7Server/x86_64                                | 3.8 kB  00:00:00     
rhel-7-server-rpms/7Server/x86_64                                                          | 3.5 kB  00:00:00     
rhel-7-server-rt-beta-rpms/x86_64                                                          | 4.0 kB  00:00:00     
rhel-7-server-rt-rpms/7Server/x86_64                                                       | 4.0 kB  00:00:00     
rhel-ha-for-rhel-7-server-rpms/7Server/x86_64                                              | 3.4 kB  00:00:00     
rhel-rs-for-rhel-7-server-rpms/7Server/x86_64                                              | 3.4 kB  00:00:00     
Updates Information Summary: available
    279 Security notice(s)
         44 Critical Security notice(s)
         95 Important Security notice(s)
        119 Moderate Security notice(s)
         21 Low Security notice(s)
    784 Bugfix notice(s)
    117 Enhancement notice(s)
updateinfo summary done

From above output we have a brief information regarding security, bugfix and Enhancement notices. You may obtain more information regarding the list by using command yum updateinfo list. Since it have a long list I was ommitted some ouputs.

Β Β Β root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ yum updateinfo list
Loaded plugins: langpacks, product-id, subscription-manager
.......
RHEA-2016:2556 enhancement    ModemManager-1.6.0-2.el7.x86_64
RHBA-2014:0726 bugfix         NetworkManager-1:0.9.9.1-22.git20140326.4dba720.el7_0.x86_64
RHSA-2014:0741 Critical/Sec.  firefox-24.6.0-1.el7_0.x86_64
.......
updateinfo list done

From the output you may see Red Hat notice such as RHEA, RHBA and RHSA code. Use the code name like below example if you want to gain more detail information from each notices provided.

Β Β Β root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ yum updateinfo RHSA-2014:0741
Loaded plugins: langpacks, product-id, subscription-manager
.......    

===============================================================================
  Critical: firefox security update
===============================================================================
  Update ID : RHSA-2014:0741
    Release : 
       Type : security
     Status : final
     Issued : 2014-06-10 00:00:00
       Bugs : 1107399 - CVE-2014-1533 Mozilla: Miscellaneous memory safety hazards (rv:24.6) (MFSA 2014-48)
	    : 1107421 - CVE-2014-1538 Mozilla: Use-after-free and out of bounds issues found using Address Sanitizer (MFSA 2014-49)
	    : 1107424 - CVE-2014-1541 Mozilla: Use-after-free with SMIL Animation Controller (MFSA 2014-52)
       CVEs : CVE-2014-1541
	    : CVE-2014-1533
	    : CVE-2014-1538
Description : Mozilla Firefox is an open source web browser. XULRunner
            : provides the XUL Runtime environment for Mozilla
            : Firefox.
            : 
            : Several flaws were found in the processing of
            : malformed web content. A web page containing
            : malicious content could cause Firefox to crash or,
            : potentially, execute arbitrary code with the
            : privileges of the user running Firefox.
            : (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
            : 
            : Red Hat would like to thank the Mozilla project
            : for reporting these issues. Upstream acknowledges
            : Gary Kwong, Christoph Diehl, Christian Holler,
            : Hannes Verschore, Jan de Mooij, Ryan VanderMeulen,
            : Jeff Walden, Kyle Huey, Abhishek Arya, and Nils as
            : the original reporters of these issues.
            : 
            : For technical details regarding these flaws, refer
            : to the Mozilla security advisories for Firefox
            : 24.6.0 ESR. You can find a link to the Mozilla
            : advisories in the References section of this
            : erratum.
            : 
            : All Firefox users should upgrade to these updated
            : packages, which contain Firefox version 24.6.0
            : ESR, which corrects these issues. After installing
            : the update, Firefox must be restarted for the
            : changes to take effect.
   Severity : Critical
updateinfo info done

As an additional information, you may check Common Vulnerabilities and Exposures (CVE) web site to obtain detail information regarding the CVEs that mentioned on the above output.

Contributor:

Ananto Yudi Hendrawan
Network Engineer - CCIE Service Provider #38962, RHCE, VCP6-DCV
nantoyudi@gmail.com
Advertisements

Change Red Hat 7.x/CentOS 7.x SSH Default Port (SELinux Involved)

This article describes how to change your SSH port on Linux system (in this excercise we use CentOS 7.3) to listen to non default SSH port (TCP Port 22). We will involve SELinux modification to accomodate this change.

1. At the first time let’s verify default configuration and output of sshd service.

    1.1 Verify sshd_config for port configuration.

[root@system1 ~]# cat /etc/ssh/sshd_config | grep "Port 22"  
#Port 22

          Even port 22 is being commented, By default it will use port 22.

    1.2 Confirm that system is now listening on port 22.

[[root@server ~]# ss -tulpn | grep sshd
tcp    LISTEN     0      128       *:22            *:*                   users:(("sshd",pid=5485,fd=3))
tcp    LISTEN     0      128      :::22           :::*                   users:(("sshd",pid=5485,fd=4))

    1.3 SELinux should on Enforcing mode. If not go to /etc/sysconfig/selinux and change the SELinux mode.

[root@system1 ~]# getenforce 
Enforcing

2. Change the default SSH port and restart the service.

    2.1 Modify sshd_config file to use port 20002 as the default port.

[root@system1 ~]# vim /etc/ssh/sshd_config  
...........
Port 20002
...........

    2.2 Restart sshd service.

[root@server ~]# systemctl restart -l sshd
Job for sshd.service failed because a configured resource limit was exceeded. See "systemctl status sshd.service" and "journalctl -xe" for details.
[root@server ~]# systemctl status -l sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: resources) since Sun 2017-02-26 23:43:51 WIB; 6s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
  Process: 5534 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 5485 (code=exited, status=0/SUCCESS)

Feb 26 23:43:51 server.mylab.com systemd[1]: sshd.service never wrote its PID file. Failing.
Feb 26 23:43:51 server.mylab.com systemd[1]: Failed to start OpenSSH server daemon.
Feb 26 23:43:51 server.mylab.com systemd[1]: Unit sshd.service entered failed state.
Feb 26 23:43:51 server.mylab.com systemd[1]: sshd.service failed.

          You may see the service was failed to start. The easiest thing to troubleshoot this issue is to disable the SELinux (setenforce 0) to get an idea whether it is the reason why it block the sshd service. In this excercise we are going to identify using sealert to get more information regarding it.

    2.3 Check if SELinux is blocking sshd from binding to port 20002/TCP.

[root@server ~]# sealert -a /var/log/audit/audit.log 
100% done
found 3 alerts in /var/log/audit/audit.log
...
SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 20002.

*****  Plugin bind_ports (92.2 confidence) suggests   ************************

If you want to allow /usr/sbin/sshd to bind to network port 20002
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 20002
    where PORT_TYPE is one of the following: ssh_port_t, vnc_port_t, xserver_port_t.

*****  Plugin catchall_boolean (7.83 confidence) suggests   ******************

If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.

Do
setsebool -P nis_enabled 1

*****  Plugin catchall (1.41 confidence) suggests   **************************

If you believe that sshd should be allowed name_bind access on the port 20002 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'sshd' --raw | audit2allow -M my-sshd
# semodule -i my-sshd.pp


Additional Information:
Source Context                system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context                system_u:object_r:unreserved_port_t:s0
Target Objects                port 20002 [ tcp_socket ]
Source                        sshd
Source Path                   /usr/sbin/sshd
Port                          20002
Host                          
Source RPM Packages           openssh-server-6.6.1p1-33.el7_3.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-102.el7_3.13.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     server.mylab.com
Platform                      Linux server.mylab.com 3.10.0-514.6.1.el7.x86_64
                              #1 SMP Wed Jan 18 13:06:36 UTC 2017 x86_64 x86_64
Alert Count                   5
First Seen                    2017-02-26 23:43:47 WIB
Last Seen                     2017-02-26 23:44:33 WIB
Local ID                      b4e40db1-4036-4c63-b35e-6ea5f7bb01c8
...

          sealert output gives us a complete information regarding the issue we are facing. Several important information we have highlighted above can be the clue to fix the issue.

    2.4 Verify SELinux port for ssh and do a necessary changes.

[root@server ~]# semanage port -l | grep ssh
ssh_port_t                     tcp      22

          by default SELinux port for ssh is bind to port 22. Add non default port on it.

[root@server ~]# semanage port -a -t ssh_port_t -p tcp 20002
[root@server ~]# semanage port -l | grep ssh
ssh_port_t                     tcp      20002, 22

    2.5 Restart sshd service.

[root@server ~]# systemctl restart sshd
[root@server ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2017-02-26 23:46:43 WIB; 5s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
  Process: 5689 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 5690 (sshd)
   CGroup: /system.slice/sshd.service
           └─5690 /usr/sbin/sshd

Feb 26 23:46:43 server.mylab.com systemd[1]: Starting OpenSSH server daemon...
Feb 26 23:46:43 server.mylab.com systemd[1]: PID file /var/run/sshd.pid not readable (yet?) after start.
Feb 26 23:46:43 server.mylab.com sshd[5690]: Server listening on 0.0.0.0 port 20002.
Feb 26 23:46:43 server.mylab.com sshd[5690]: Server listening on :: port 20002.
Feb 26 23:46:43 server.mylab.com systemd[1]: Started OpenSSH server daemon.

4. Confirm that system is now listening on port 20002.

[root@server ~]# ss -tulpn | grep sshd
tcp    LISTEN     0      128       *:20002                 *:*              users:(("sshd",pid=5690,fd=3))
tcp    LISTEN     0      128      :::20002                :::*              users:(("sshd",pid=5690,fd=4))

5. Add firewall rule to allow other system accessing this system on port 20002/TCP.

    5.1 Verify current firewall rule.

[root@server ~]# firewall-cmd  --permanent --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client https samba ssh
  ports: 3260/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules:

          You may see ssh service already allowed, but do notice that this is for ssh with default TCP port ( port 22). Hence you need to add port 20002.

    5.2 Add port 20002 on the firewall and verify it.

[root@server ~]# firewall-cmd --permanent --add-port=20002/tcp
success
[root@server ~]# firewall-cmd --reload
success
[root@server ~]# firewall-cmd  --permanent --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client https samba ssh
  ports: 20002/tcp 3260/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules:

Happy labbing!!!

Source: Red Hat System Administration III

Contributor:

Ananto Yudi Hendrawan
Network Engineer - CCIE Service Provider #38962, RHCE, VCP6-DCV
nantoyudi@gmail.com

Reset Root Password on Red Hat7.x/CentOS7.x

Recovering the root password is a trivial task while still logged in as an administrator or a user with full sudo access, but is slightly more involved when an administrator is not logged in. To recover the root password, use the following procedure:

  1. Reboot the system, press e to edit the selected entry. Move the cursor to the kernel command line (the line that starts with linux16). Append rd.break (this will break just before control is handed from the init ramfs to the actual system). Press Crtl+x to boot with the changes. At this point, a root shell will be presented, with the root file system for the actual system mounted read-only on /sysroot.
  2. Remount /sysroot as read-write.
    switch_root:/# mount -oremount,rw /sysroot
  3. Switch into a chroot jail, where /sysroot is treated as the root of the file system tree.
    switch_root:/# chroot /sysroot
  4. Set a new root password
    sh-4.2# passwd root
  5. Make sure that all unlabeled files (including /etc/shadow at this point) get relabeled during boot.
    sh-4.2# touch /.autorelabel
  6. Type exit twice. The first will exit the chroot jail, and the second will exit the initramfs debug shell.

source:
Red Hat System Administration III

Contributor:

Ananto Yudi Hendrawan
Network Engineer - CCIE Service Provider #38962, RHCE, VCP6-DCV
nantoyudi@gmail.com

Register and subscribe Red Hat 7.3 Packages

This article discribes how to register your Red Hat system to Red Hat subscription manager, enable some repositories and verify it. In this article I am using Red Hat Enterprise Linux 7.3 on virtual environment. You can acquire account for this subscription process on Red Hat portal as a Red Hat developer.

Now login to your system and check your subcriptions status. At this point you will see your system is not registered to any Red Hat subscription packages.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ yum repolist
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
repolist: 0

Register your system to Red Hat subscription management. Use the following command followed by the credential you acquired from the developer portal.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ subscription-manager register --username=mymail@email.com --password=mypassword
Registering to: subscription.rhsm.redhat.com:443/subscription
The system has been registered with ID: abcdefg-hijkl-mnop-bf16-cfa2dfcebbb4

Once you were registered to the subscription management, you may see the available subscription you may use on your system. Use the following command.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ subscription-manager list --available
+-------------------------------------------+
    Available Subscriptions
+-------------------------------------------+
Subscription Name:   Red Hat Enterprise Linux Developer Suite
Provides:            Red Hat Software Collections (for RHEL Server)
                     Red Hat Container Development Kit
                     MRG Realtime
                     Red Hat EUCJP Support (for RHEL Server) - Extended Update Support
                     Red Hat Enterprise Linux Server - Extended Update Support
                     Red Hat Beta
                     Oracle Java (for RHEL Server) - Extended Update Support
                     Red Hat Enterprise Linux High Performance Networking (for RHEL Compute Node)
                     dotNET on RHEL Beta (for RHEL Server)
                     Red Hat Enterprise Linux High Performance Networking (for RHEL Server) - Extended Update
                     Support
                     Red Hat Enterprise Linux Resilient Storage (for RHEL Server)
                     Oracle Java (for RHEL Server)
                     Red Hat Container Images
                     Red Hat Enterprise Linux for Real Time
                     dotNET on RHEL (for RHEL Server)
                     Red Hat Enterprise Linux Atomic Host
                     Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
                     Red Hat Enterprise Linux Scalable File System (for RHEL Server)
                     Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support
                     Red Hat Enterprise Linux Atomic Host Beta
                     Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support
                     Red Hat Container Images Beta
                     Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended Update Support
                     Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended Update Support
                     Red Hat Enterprise Linux Server
                     Red Hat Enterprise Linux High Availability (for RHEL Server)
                     Red Hat Software Collections Beta (for RHEL Server)
                     Red Hat Enterprise Linux Load Balancer (for RHEL Server)
                     Red Hat Enterprise Linux High Performance Networking (for RHEL Server)
                     Red Hat Developer Toolset (for RHEL Server)
SKU:                 RH2262474
Contract:            11293058
Pool ID:             8a85f9815af00aed015af02fffbe5bb4
Provides Management: Yes
Available:           100
Suggested:           1
Service Level:       Self-Support
Service Type:        L1-L3
Subscription Type:   Standard
Ends:                03/21/2018
System Type:         Virtual

Type yum repolist to check if we run a registered system. At this point, you may see your system is registered but is not receiving any updates. It is because you are not subcribe to any subscription package list.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ yum repolist
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is registered to Red Hat Subscription Management, but is not receiving updates. You can use subscription-manager to assign subscriptions.
repolist: 0

Enable subscription on your system use the following command followed by the pool ID from the subscription list.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ subscription-manager subscribe --pool=8a85f9815af00aed02846f7sffbe5bb4
Successfully attached a subscription for: Red Hat Enterprise Linux Developer Suite

To check your enabled subscription briefly, you may use the following command.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ subscription-manager list

+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Enterprise Linux Server
Product ID:     69
Version:        7.3
Arch:           x86_64
Status:         Subscribed
Status Details: 
Starts:         03/21/2017
Ends:           03/21/2018

To check detail information on your enabled subscription, use the following command.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ subscription-manager list --consumed
+-------------------------------------------+
   Consumed Subscriptions
+-------------------------------------------+
Subscription Name:   Red Hat Enterprise Linux Developer Suite
Provides:            Red Hat Enterprise Linux High Performance Networking (for RHEL Server) - Extended Update
                     Support
                     Oracle Java (for RHEL Server)
                     Red Hat EUCJP Support (for RHEL Server) - Extended Update Support
                     dotNET on RHEL Beta (for RHEL Server)
                     Red Hat Beta
                     Red Hat Enterprise Linux Resilient Storage (for RHEL Server)
                     MRG Realtime
                     Red Hat Developer Toolset (for RHEL Server)
                     Red Hat Enterprise Linux Atomic Host Beta
                     Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended Update Support
                     Red Hat Enterprise Linux for Real Time
                     Red Hat Enterprise Linux Load Balancer (for RHEL Server)
                     Red Hat Container Images Beta
                     Red Hat Enterprise Linux High Availability (for RHEL Server)
                     Red Hat Container Development Kit
                     Red Hat Enterprise Linux High Performance Networking (for RHEL Compute Node)
                     Red Hat Enterprise Linux Server - Extended Update Support
                     Red Hat Enterprise Linux Server
                     Red Hat Enterprise Linux Atomic Host
                     Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support
                     Oracle Java (for RHEL Server) - Extended Update Support
                     Red Hat Software Collections (for RHEL Server)
                     dotNET on RHEL (for RHEL Server)
                     Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support
                     Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended Update Support
                     Red Hat Software Collections Beta (for RHEL Server)
                     Red Hat Enterprise Linux Scalable File System (for RHEL Server)
                     Red Hat Container Images
                     Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
                     Red Hat Enterprise Linux High Performance Networking (for RHEL Server)
SKU:                 RH2262474
Contract:            11293058
Account:             5920534
Serial:              7701382153394857656
Pool ID:             8a85f9815af00aed02846f7sffbe5bb4
Provides Management: Yes
Active:              True
Quantity Used:       1
Service Level:       Self-Support
Service Type:        L1-L3
Status Details:      Subscription is current
Subscription Type:   Standard
Starts:              03/21/2017
Ends:                03/21/2018
System Type:         Virtual

Type yum repolist to confirm that now we have some repositories source for the system.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ yum repolist
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
repo id                                        repo name                                                    status
!rhel-7-server-rpms/7Server/x86_64             Red Hat Enterprise Linux 7 Server (RPMs)                     14,050
!rhel-7-server-rt-beta-rpms/x86_64             Red Hat Enterprise Linux for Real Time Beta (RHEL 7 Server)      15
!rhel-7-server-rt-rpms/7Server/x86_64          Red Hat Enterprise Linux for Real Time (RHEL 7 Server) (RPMs    185
!rhel-ha-for-rhel-7-server-rpms/7Server/x86_64 Red Hat Enterprise Linux High Availability (for RHEL 7 Serve    291
!rhel-rs-for-rhel-7-server-rpms/7Server/x86_64 Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Serve    359
repolist: 14,900

Type yum repolist all to see all repository avalilable on this subscription.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ yum repolist all
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
repo id                                                             repo name                      status
rh-gluster-3-client-for-rhel-7-server-debug-rpms/7Server/x86_64     Red Hat Storage Native Client  disabled
...............
!rhel-7-server-rpms/7Server/x86_64                                  Red Hat Enterprise Linux 7 Ser enabled: 14,050
...............
!rhel-7-server-rt-beta-rpms/x86_64                                  Red Hat Enterprise Linux for R enabled:     15
...............
!rhel-7-server-rt-rpms/7Server/x86_64                               Red Hat Enterprise Linux for R enabled:    185
...............
!rhel-ha-for-rhel-7-server-rpms/7Server/x86_64                      Red Hat Enterprise Linux High  enabled:    291
...............
!rhel-rs-for-rhel-7-server-rpms/7Server/x86_64                      Red Hat Enterprise Linux Resil enabled:    359
...............
repolist: 14,900

You may enable or disable spesific repository with the following command. Enable or disable the repo from the available repository list.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ subscription-manager repos --disable=rhel-ha-for-rhel-7-server-rpms
Repository 'rhel-ha-for-rhel-7-server-rpms' is disabled for this system.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ subscription-manager repos --enable=rhel-7-server-extras-rpms
Repository 'rhel-7-server-extras-rpms' is enabled for this system.

You may use command yum repolist to refresh the repository lists that we are using.

   root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ yum repolist
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
repo id                                repo name                                                            status
!rhel-7-server-extras-rpms/x86_64      Red Hat Enterprise Linux 7 Server - Extras (RPMs)                       432
!rhel-7-server-rpms/7Server/x86_64     Red Hat Enterprise Linux 7 Server (RPMs)                             14,050
!rhel-7-server-rt-beta-rpms/x86_64     Red Hat Enterprise Linux for Real Time Beta (RHEL 7 Server) (RPMs)       15
!rhel-7-server-rt-rpms/7Server/x86_64  Red Hat Enterprise Linux for Real Time (RHEL 7 Server) (RPMs)           185
repolist: 14,682

Once all set, you may need to update your system to receive latest update for each package from Red Hat Subscription Management.

    root:redhat.mylab.com in /root
πŸ˜ƒ  ➀ yum update
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
rhel-7-server-extras-rpms                                                               | 3.4 kB  00:00:00     
rhel-7-server-rpms                                                                      | 3.5 kB  00:00:00     
rhel-7-server-rt-beta-rpms                                                              | 4.0 kB  00:00:00     
rhel-7-server-rt-rpms                                                                   | 4.0 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package openjpeg-libs.x86_64 0:1.5.1-10.el7 will be updated
---> Package openjpeg-libs.x86_64 0:1.5.1-16.el7_3 will be an update
---> Package tzdata.noarch 0:2017a-1.el7 will be updated
---> Package tzdata.noarch 0:2017b-1.el7 will be an update
---> Package tzdata-java.noarch 0:2017a-1.el7 will be updated
---> Package tzdata-java.noarch 0:2017b-1.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved



============================================================================================================

 Package               Arch                Version                     Repository                       Size


============================================================================================================

Updating:
 openjpeg-libs         x86_64              1.5.1-16.el7_3              rhel-7-server-rpms               86 k
 tzdata                noarch              2017b-1.el7                 rhel-7-server-rpms              443 k
 tzdata-java           noarch              2017b-1.el7                 rhel-7-server-rpms              182 k

Transaction Summary


============================================================================================================

Upgrade  3 Packages

Total download size: 711 k
Is this ok [y/d/N]: y
Downloading packages:
No Presto metadata available for rhel-7-server-rpms
(1/3): openjpeg-libs-1.5.1-16.el7_3.x86_64.rpm                                          |  86 kB  00:00:01     
(2/3): tzdata-java-2017b-1.el7.noarch.rpm                                               | 182 kB  00:00:01     
(3/3): tzdata-2017b-1.el7.noarch.rpm                                                    | 443 kB  00:00:03     


-----------------------------------------------------------------------------------------------------------

Total                                                                          183 kB/s | 711 kB  00:00:03     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Updating   : tzdata-2017b-1.el7.noarch                                                               1/6 
  Updating   : tzdata-java-2017b-1.el7.noarch                                                          2/6 
  Updating   : openjpeg-libs-1.5.1-16.el7_3.x86_64                                                     3/6 
  Cleanup    : tzdata-2017a-1.el7.noarch                                                               4/6 
  Cleanup    : tzdata-java-2017a-1.el7.noarch                                                          5/6 
  Cleanup    : openjpeg-libs-1.5.1-10.el7.x86_64                                                       6/6 
rhel-7-server-extras-rpms/x86_64/productid                                              | 2.1 kB  00:00:00     
rhel-7-server-rpms/7Server/x86_64/productid                                             | 2.1 kB  00:00:00     
rhel-7-server-rt-beta-rpms/x86_64/productid                                             | 2.1 kB  00:00:00     
rhel-7-server-rt-rpms/7Server/x86_64/productid                                          | 2.1 kB  00:00:00     
  Verifying  : openjpeg-libs-1.5.1-16.el7_3.x86_64                                                     1/6 
  Verifying  : tzdata-java-2017b-1.el7.noarch                                                          2/6 
  Verifying  : tzdata-2017b-1.el7.noarch                                                               3/6 
  Verifying  : tzdata-java-2017a-1.el7.noarch                                                          4/6 
  Verifying  : openjpeg-libs-1.5.1-10.el7.x86_64                                                       5/6 
  Verifying  : tzdata-2017a-1.el7.noarch                                                               6/6 

Updated:
  openjpeg-libs.x86_64 0:1.5.1-16.el7_3     tzdata.noarch 0:2017b-1.el7     tzdata-java.noarch 0:2017b-1.el7    

Complete!



Contributor:

Ananto Yudi Hendrawan
Network Engineer - CCIE Service Provider #38962, RHCE, VCP6-DCV
nantoyudi@gmail.com