Tested with tmux-1.8-4.el7.x86_64.

Default /etc/tmux.conf for CentOS 7 to:

• Not use the current full pathname ($PS1) in the window title.
• Not use the working directory from the active window when creating a new window. (This is verry annoying when you had a man page open in the active window.)

set-option -g allow-rename off
set-option -g default-path ~/

Sources:

• stackoverflow - tmux window_name(#W) shows long path in windows-status-format
• man tmux

Tested on CentOS 8 with CentOS' version of PostgreSQL 10.14 and PostgreSQL 12.4 from postgresql.org RPM repository.

When installing a PostgreSQL version from the YUM repository at https://yum.postgresql.org/repopackages/ next to an existing PostgreSQL version from the CentOS official repositories the following warnings appear:

failed to link /usr/bin/psql -> /etc/alternatives/pgsql-psql: /usr/bin/psql exists and it is not a symlink
failed to link /usr/bin/clusterdb -> /etc/alternatives/pgsql-clusterdb: /usr/bin/clusterdb exists and it is not a symlink
failed to link /usr/bin/createdb -> /etc/alternatives/pgsql-createdb: /usr/bin/createdb exists and it is not a symlink
failed to link /usr/bin/createuser -> /etc/alternatives/pgsql-createuser: /usr/bin/createuser exists and it is not a symlink
failed to link /usr/bin/dropdb -> /etc/alternatives/pgsql-dropdb: /usr/bin/dropdb exists and it is not a symlink
failed to link /usr/bin/dropuser -> /etc/alternatives/pgsql-dropuser: /usr/bin/dropuser exists and it is not a symlink
failed to link /usr/bin/pg_basebackup -> /etc/alternatives/pgsql-pg_basebackup: /usr/bin/pg_basebackup exists and it is not a symlink
failed to link /usr/bin/pg_dump -> /etc/alternatives/pgsql-pg_dump: /usr/bin/pg_dump exists and it is not a symlink
failed to link /usr/bin/pg_dumpall -> /etc/alternatives/pgsql-pg_dumpall: /usr/bin/pg_dumpall exists and it is not a symlink
failed to link /usr/bin/pg_restore -> /etc/alternatives/pgsql-pg_restore: /usr/bin/pg_restore exists and it is not a symlink
failed to link /usr/bin/reindexdb -> /etc/alternatives/pgsql-reindexdb: /usr/bin/reindexdb exists and it is not a symlink
failed to link /usr/bin/vacuumdb -> /etc/alternatives/pgsql-vacuumdb: /usr/bin/vacuumdb exists and it is not a symlink

This is fine during a migration, but afterwards when the PostgreSQL version from the CentOS repositories is removed you are left with no PostgreSQL binaries in the path.

To create all pgsql-* alternatives symlinks for PostgreSQL run the following as root:

alternatives --list | grep ^pgsql | awk '{print $1}' | xargs -n 1 alternatives --auto

More info: Red Hat - Enable Sysadmin - Introduction to the alternatives command in Linux

Tested on CentOS 8.4.2105.

When your vulnerability scanner (e.g. GVM) complains that the SSH service on your CentOS/RHEL 8 server supports the weak aes128-cbc and aes256-cbc ciphers something more than just setting the Ciphers in sshd_config is required.

CentOS/RHEL 8 applies “system-wide cryptographic policies”. This means that by default the Ciphers setting in sshd_config is ignored.

To make sshd use a Ciphers setting in sshd_config we'll disable cryptographic policy support for sshd and set the Ciphers:

1. Open /etc/sysconfig/sshd in a text editor:

   vi /etc/sysconfig/sshd

2. Change the lines:

   # System-wide crypto policy:
   # To opt-out, uncomment the following line
   # CRYPTO_POLICY=

3. To:

   # System-wide crypto policy:
   # To opt-out, uncomment the following line
   CRYPTO_POLICY=

4. Open /etc/ssh/sshd_config in a text editor:

   vi /etc/ssh/sshd_config

5. Add or change the Ciphers option with comma-separated, without spaces, with a “-” prefix, the ciphers to disable:

   Ciphers -aes128-cbc,-aes256-cbc

6. Restart the sshd service:

   systemctl restart sshd

7. Check the status of sshd:

   systemctl status sshd

8. Test the connection with a disabled cipher:

   ssh -c aes256-cbc localhost

9. That should now fail:

   Unable to negotiate with ::1 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

Sources:

• ins3cure.com - Disabling weak ciphers in SSH (RHEL8)
• Red Hat - System-wide crypto policies in RHEL 8
• Red Hat - Red Hat Enterprise Linux 8 - Security hardening - Chapter 4. Using system-wide cryptographic policies

By default CentOS 8 stores journald logs in memory (/run/log/journal/) if /var/log/journal/ does not exist, and /var/log/journal/ does not exist by default.
This means that after a reboot the logs from before that reboot are lost.

To set systemd-journald to preserve logs across reboots by storing them on disk:

1. Install psmisc for 'killall':

   dnf install psmisc

2. Create the directory:

   mkdir /var/log/journal

3. Let systemd-tmpfiles set the permissions:

   systemd-tmpfiles --create --prefix /var/log/journal

4. Send journald a SIGUSR1 to preserve current log message in memory:

   killall -s SIGUSR1 systemd-journald

Sources:

• Kenno's Open Note - How to Enable Persistent Logging for Systemd Journal
• The Geek Search - How to configure the system journal to preserve the record of events when a server is rebooted (CentOS/RHEL)