Would you like to know the command that fixed the issue?

ChatGPT said:

Absolutely — I’d like to know!
What command fixed it for you?

You said:

grubby –update-kernel ALL –remove-args selinux

ChatGPT said:

Ahhh — that makes perfect sense.
grubby updates the kernel command line directly in each installed kernel’s entry, which GRUB rebuilds sometimes fail to do if multiple kernels or boot locations exist.

Your command:

grubby --update-kernel=ALL --remove-args=selinux

removes selinux=0 (and any other selinux= args) from all bootable kernels, not just the default one.

Why this works when GRUB edits don’t

RHEL systems often have:

• Multiple installed kernels
• Multiple GRUB menu entries
• A mismatch between /etc/default/grub and what the system is actually booting
• Separate GRUB configs under /boot/efi/EFI/BOOT/ as well as /boot/efi/EFI/redhat/

grubby bypasses all that and updates the per-kernel command lines where they are actually stored.

Great find — and a good tool to remember

grubby --info ALL
is also useful to inspect the effective boot args.

If you want, I can help confirm SELinux is now fully active and enforcing.

yum (dnf) list updates

Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Fix:

1. vi /etc/dnf/plugins/subscription-manager.conf

Change enabled to 0

[main]
enabled=0

Option 2.

Register system with a Satellite server.

Active log file changed? No way!

[root@entbamboo01 logs]# tmpwatch –test –mtime +7 –nodirs /opt/bamboo/atlassian-bamboo-5.9.7/logs/*log
error: directory /opt/bamboo/atlassian-bamboo-5.9.7/logs/catalina.2015-10-20.log changed right under us!!!
error: this indicates a possible intrusion attempt

# service osad start
Starting osad: Invalid Cert Error:

ERROR: unhandled exception occurred: (Expired certificate /usr/share/rhn/RHNS-CA-CERT).
                                                           [FAILED]

# cd /usr/share/rhn
# wget http://satellite/pub/RHN-ORG-TRUSTED-SSL-CERT
# vi /etc/sysconfig/rhn/up2date

Change RHNS-CA-CERT to RHN-ORG-TRUSTED-SSL-CERT
#sslCACert=/usr/share/rhn/RHNS-CA-CERT
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

# service osad start
Starting osad:                                             [  OK  ]

# rpm -qa –qf “%{n}.%{arch}\n”
pciutils-devel.x86_64
pkgconfig.x86_64
libusb.x86_64
info.x86_64
desktop-file-utils.x86_64
m4.x86_64
ORBit2.x86_64
perl-Compress-Zlib.x86_64
mkisofs.x86_64
ttmkfdir.x86_64
…

# rpm -qa –qf “%{n}.%{arch}\n” | grep i386 | head
glib2.i386
libSM.i386
audiofile.i386
gmp.i386
pcsc-lite-libs.i386
libXrandr.i386
libXdamage.i386
pcsc-lite-devel.i386
libogg-devel.i386
db4-devel.i386
…

# yum list | grep i386 | head
GConf2.i386 2.14.0-9.el5 installed
NetworkManager.i386 1:0.7.0-13.el5 installed
NetworkManager-glib.i386 1:0.7.0-13.el5 installed
ORBit2.i386 2.14.3-5.el5 installed
OpenIPMI-libs.i386 2.0.16-16.el5 installed
aex-nsclt.i386 6.2-1378 installed
alsa-lib.i386 1.0.17-1.el5 installed
apr.i386 1.2.7-11.el5_6.5 installed
apr-util.i386 1.2.7-11.el5_5.2 installed
aspell.i386 12:0.60.3-13 installed