Four part series published on Medium.com
Four part series published on Medium.com
A large number of storage controller drivers have been removed from RHEL 8.x, which means that the Dell R710/R610 with the H700 RAID controller, no longer supports RHEL 8.x natively. While this fact is unfortunate for a lot of hobbyists with their own homelabs, you can still install RHEL 8.x on these machines with the use of a driver update disk (DUD).
Using the link below, navigate and download the deprecated drivers.
For Dell the R710/R10, you are specifically looking for the megaraid_sas drivers. See output below from R610.
# dmesg | grep raid
[ 1.402339] megaraid_sas 0000:03:00.0: FW now in Ready state
[ 1.402346] megaraid_sas 0000:03:00.0: 64 bit DMA mask and 32 bit consistent mask
[ 1.402571] megaraid_sas 0000:03:00.0: irq 34 for MSI/MSI-X
[ 1.402593] megaraid_sas 0000:03:00.0: firmware supports msix : (0)
The specific DUD iso that you need for RHEL 8.1 is shown below.
The install process is as follows.
Special Note: In my testing (3 systems) the DUD was not automatically detected by Anaconda. I suggest using the method below.
When you burn your DUD a usb stick, that the usb drive’s volume label is OEMDRV. This was the default when I burned the iso. The RHEL installer (anaconda) will look for this label on any and all available disks and should automatically recognize the DUD and mount the usb drive.
However, if this does not occur during the install process, and the installer still does not see your disks, you may need to reboot and this time interrupt the installer with the TAB key and append the following to your boot options.
On my system, the DUD was /dev/sdb1 and the RHEL 8.1 install media was /dev/sda.
Red Hat Identity Management Server provides is a centralized identity management server for Linux, Mac, Windows.
In this post we are going to setup and configure a HA deployment of Red Hat IDM on two RHEL 7.x servers.
Red Hat Identity Management Server is based on the upstream project, FreeIPA.
Only a couple of prerequisites for a simple lab setup
In part 1 of this series we were introduced to OpenSCAP and the process of running scans via the SCAP workbench. In part 2, we explored concepts and components that define security/vulnerability scans. In this 3rd post we are going to dive into the command line operation.
Let’s get started with oscap.
In RHEL 7 oscap can be installed with the following command
# yum -y install scap-security-guide openscap-scanner
Content is installed under the following directory. Note that ssg is short for SCAP Security Guide.
Lets change directories to the one listed above and view the installed files.
Using oscap we can view more info on each file shown above. In this example we are going to inspect the ssg-rhel7-ds.xml file.
# oscap info ssg-rhel7-ds.xml
In part one of the OpenSCAP series we were introduced to the basic usage of the OpenSCAP toolset. In that post we learned how to run a basic scan via the scap-workbench in a desktop environment.
This post will focus on the Content, Profiles, and Targets.
All content will be installed in the directory shown below. The content in this directory will vary based on the installed OS (the content on my Fedora differs from RHEL for example).
The screenshot below contains a list of content installed by default on RHEL 7.
Additional content can be obtained and added to the content directory shown above. For example, NIST content can be downloaded directly from the NIST website. Link below.
In the screenshot below we have performed a search for all content that targets RHEL 7.6
OpenSCAP is a standardized compliance solution for Linux. It is comprised of policies (NIST, STIG, etc) and tooling (oscap, scap-workbench) that allow you to scan and evaluate Linux hosts in order to validate their compliance with industry defined standards.
In addition to providing industry standard compliance rules, OpenSCAP also allows administrators to create custom compliance standards using the scap-workbench.
Administrators can then generate remediation files in bash, ansible or puppet.
Let’s get familiar with OpenSCAP below.
Below is an overview of the “Getting Started” workflow. In this workflow we are gonna run through a very simple use-case, scanning your local Fedora workstation.
In the sections below we will walk through each of these steps in detail.
Red Hat Satellite consists of a number of running services. Restarting each service manually can be painful. Luckily you can use the commands below to easily restart all services.
Run the command below to view a list of all Satellite services that are started at boot.
# katello-service list
Redirecting to ‘foreman-maintain service’
Running Service List
List applicable services:
All services listed [OK]
The command below will check the status of all Satellite services. The output is similar to running a systemctl status on all Satellite specific services. The output can be quite verbose.
# katello-service status
Use the command below to stop all Satellite services.
# katello-service stop
Use the command below to start all Satellite services.
# katello-service start
The command below will restart all Satellite services.
# katello-service restart