CentOS check and install available security updates

1. To install the yum-security plugin

yum install yum-plugin-security

2. To list all available security updates without installing them

yum updateinfo list sec available

To get the count

yum updateinfo list sec available | wc -l

3. To install available security updates

yum -y update --security

To only install the packages that have a security errata use

yum update-minimal --security -y

To install a security update using a CVE reference

yum update --cve <CVE> (e.g. yum update --cve CVE-2008-0947)

Refer to:
https://access.redhat.com/solutions/10021
https://www.thegeekdiary.com/centos-rhel-6-how-to-list-or-install-only-security-updates-with-yum/

CentOS 配置源为 USTC

 CentOS 软件源：
https://mirrors.ustc.edu.cn/help/centos.html


EPEL 源：
http://mirrors.ustc.edu.cn/help/epel.html

Disable Firefox update notification

To add a policy, follow the steps:

1. Go to the firefox installation directory (for any supported OS).
2. Create a directory called distribution.
3. Change directory into distribution.
4. Create a file called policies.json. And paste this code

{
    "policies": {
        "DisableAppUpdate": true
    }
}

    Save the file, and quit the editor.

5. Restart Firefox if it's already running.
6. To confirm, you can go to the URL about:policies and check if there's an entry like this

Policy Name     Policy Value
DisableAppUpdate    true

RDP running over TLS v1.2

Part 1:

Disable other Protocols with IIS Crypto

Part 2:

1. Start the registry editor by clicking on Start and Run. Type in "regedit" into the Run field (without quotations).
2. Highlight Computer at the top of the registry tree.  Backup the registry first by clicking on File and then on Export.  Select a file location to save the registry file.
Note: You will be editing the registry.  This could have detrimental effects on your computer if done incorrectly, so it is strongly advised to make a backup.

3. Browse to the following registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
4. Right click on the Protocols folder and select New and then Key from the drop-down menu. This will create new folder.  Rename this folder to TLS 1.2.
5. Right click on the TLS 1.2 key and add two new keys underneath it.
6. Rename the two new keys as:
• Client
• Server
7. Right click on the Client key and select New and then DWORD (32-bit) Value from the drop-down list.
8. Rename the DWORD to DisabledByDefault.
9. Right-click the name DisabledByDefault and select Modify... from the drop-down menu.
10. Ensure that the Value data field is set to 0 and the Base is Hexadecimal.  Click on OK.


11. Create another DWORD for the Client key as you did in Step 7.
12. Rename this second DWORD to Enabled.
13. Right-click the name Enabled and select Modify... from the drop-down menu.
14. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.
15. Repeat steps 7 to 14 for the Server key (by creating two DWORDs, DisabledByDefault and Enabled, and their values underneath the Server key)
16. Reboot the server.