yum-security

yum-security is a plugin to the Red Hat Entreprise Linux package manager yum. It helps installing only security updates (RHSA) (as opposed to bug fixes (RHBA) or enhancements (RHEA)).
Explanation of RHSA, RHBA and RHEA advisories

RHEL 7 : yum-security is part of yum

RHEL 6 : yum install yum-plugin-security

    List all available erratas without installing them :

    yum updateinfo list available

    List all available security updates without installing them :

    yum updateinfo list security all
    yum updateinfo list sec

    List of the currently installed security updates :

    yum updateinfo list security installed

More examples are available in this Red Hat KB article

Red Hat Security Data API

Red Hat has been provided security information since January 2005 through different ways :
RHSA-Announce mailing list, Red Hat CVE database and Red Hat Product Errata

For a better access of their data, the Red Hat Product Security has just released a beta API. It provides more search options for accessing real-time data.

More details can be found in the post below :
Red Hat Security Blog post about their new Security Data API service
RedHat Security Data API

Getting more details about Red Hat Security Advisories and related CVEs

Two links for an in-depth explanation regarding Red Hat backporting security fixes process as well as compatibility between Red Hat security advisories and Mitre CVEs.

Backporting Security Fixes

Red Hat and CVE compatibility

Red Hat provides free access to two databases for errata and for CVE referenced in Red Hat products :

Red Hat Product Errata database

Red Hat CVE Database

Network interface disabled by default in CentOS 7

After a fresh installation of CentOS 7, your main network interface may be disabled. Its name may be enp0s3.

Check its status with :

nmcli dev status

To enable it permanently, look at its configuration file at /etc/sysconfig/network-scripts/ifcfg-enp0s3 and make the change from :

ONBOOT=no
to
ONBOOT=yes

Restart the network service :

systemctl restart NetworkManager

The network interface status should now be as connected :

nmcli dev status

Winbind does not reflect AD group membership change

Sometimes, Winbind does not reflect AD group membership change. How to recover from it ?
The below steps have been successfully tested on a Red Hat server :

Get OS version :
cat /etc/redhat-release

Get Winbind version :
wbinfo -V

Stop Winbind service :
service winbind stop

Flush any Winbind cache :
net cache flush

Delete all tdb files :
rm -rf /var/lib/samba/*.tdb

Restart Winbind service :
service winbind start

Look up details for a given user :
id username