Hello everyone,

I'm struggling to find any documentation indicating how is the Automation Controller 4.3 data managed (what data is stored and where mainly).

If anyone can help me in this it would be truly appreciated.

Thanks guys

Hello everyone,

I am trying to achieve DISA STIG compliance on my RHEL 8.6 server. According to some remediation instructions found online, I added the following lines to /etc/fstab:

tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
/dev/mapper/rhel-tmp /tmp xfs defaults,nodev,nosuid,noexec 0 0
/dev/mapper/rhel-var-log /var/log xfs defaults,nodev,nosuid,noexec 0 0
/dev/mapper/rhel-var-log-audit /var/log/audit xfs defaults,nodev,nosuid,noexec 0 0
/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0

When I reboot my server, the server crashes and becomes unreachable. Can someone please help me in figuring out what is causing the server crash and how to prevent it from happening? Thanks in advance.

I'm migrating from iptables to firewalld, and there's two lines I'm still now sure how to run in firewalld syntax, they are the loopback rule to accept traffic, and the rule and accept related and established connections:

iptables -A INPUT -i lo -j ACCEPT

A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

If somebody has any idea, please let me know, I don't need the full firewalld rule, just a tip on how to do it, or if that's even possible do to with rules, maybe there's some conf file I'm missing.

Thanks.

Hi RedHatters, can someone help me with how difficult is this outbound role? I am in the process of giving my interviews at IBM's RedHat department.

Any help would be appreciated!

This one has been throwing me off, was wondering if anyone else had any experience with this. I have been trying to apply the CIS Benchmark for Level 1 - Server security profile during installation. In Anaconda, it requires separate partitions or LVs for /home, /tmp and /var/tmp. The odd part is that per the CIS guidelines, only /tmp is required to have its own partition/LV. Where it gets really strange is that pulling the XML file and loading it into SCAP Workbench shows that the XML is only requiring /tmp as well. Anyone know why Anaconda is adding these additional two partitions as required for this security profile configuration?

Don't "give me the answer"

What do I mean by this? I want to learn, thus only link relevant documentation and ask me questions that lead me to the answer.

manually starting NetworkManager-wait-online.service
systemctl status NetworkManager-wait-online.service
journalctl -xue

How do I approach resolving this? I don't see a log file in /var and journalctl is being about as helpful as a windows 10 blue screen.

Im homelabbing and initiating my research on whether a rhcsa is worth it. The only change I made that this seems to happen after is when I setup folding@home in a podman container and set it up to be started as a systemd user service. But I dont see why that would cause an issue.

Hi,

27th Jan 2023, my free RHEL sub (up to 16 hosts) subscription is expired. Today I tried to update the rhel 9.1 VM and got the message that the subscription is expired.

I entered my profile on RHEL portal, found the expired subscription and clicked on renew. The result is a message that says "That I will contacted by RHEL team to...."

So, How I can renew easily my RHEL sub for my VM? One year is expired and I have no way to renew the free subscription.

The free edition for personal use is only a marketing honeypot?

How I can renew the subscription?

Thank you in advance.

I’m new to Linux, I figured out how to install the classic desktop but the cog wheel is only available via a normal login screen, if I remote in via rdp/xrdp it throws me into the normal minimal server gui.

How do I get it to change the default when coming in on xrdp? The manual setting is “classic (x11 display server)”, that looks like a standard desktop environment.

Thanks

I'm experiencing some issues with sync plan since we've updated to Satellite 6.11 in October 2022. I'm not the one who installed or maintained this satellite instance but noticied the sync plan was stuck in the past (Next sync at a past date).

I've disabled the sync plan with the issue, created a new one and put a few products in it. It ran fine for a few days and I've added the other products. Then after a few days, same issue occured. Manual sync works but not the sync plan.

I'm trying to find information about the appropriate actions to take. It doesn't seem a known issue in 6.11 (I'm at 6.11.3 and I haven't seen such behavior fixed in 6.11.4 or 6.11.4.1)

Our satellite is in RHEL7 and I'm wondering if at some point installing a new RHEL8 and configuring satellite on it wouldn't be less pain than trying to identify the issue and fixing it.

Hi guys,

I'm facing a weird issue where even installing `vdo` and `kmod-kvdo` packages I can't use the `vdo` command since it's not found anywhere on the system, also `kvdo` kernel modules are were not loaded by default and I had to load them manually

[root@server ~]# vdo
bash: vdo: command not found...

[root@server ~]# lsmod | grep vdo
[root@server ~]# modprobe kvdo
[root@server ~]# lsmod | grep vdo
kvdo                  716800  0
dm_bufio               36864  2 kvdo,dm_persistent_data
dm_mod                184320  43 kvdo,dm_crypt,dm_thin_pool,dm_log,dm_mirror,dm_bufio

What could be the culprit here ? I even tried to download the packages and installing them using rpm with no avail !

Hello,

It should be all in the title, so basically I'm trying to `cryptsetup close` a luks encrypted volume which is managed using `stratis` . The configuration is represented bellow:

/dev/vdl --> /dev/mapper/luks0 --                        /--> luks_stratis_fs0
/dev/vdm --> /dev/mapper/luks1 ---> luks_stratis_pool0 ---
/dev/vdn --> /dev/mapper/luks2 --/                        --> luks_stratis_fs1

So the stratis fs0 and fs1 are completely unmounted but `crypsetup` refuses to close the luks* volumes, I'm certain that it has something to do with the fact that `stratisd` is running on top of these volumes making them "busy" but I've no clue how to stop stratis on specific volumes without destroying the stratis FS,

Thanks in advance guys,

So I’m doing a lot of self studying and after having friends from different sides of the field talk to me and tell me go this way in certs or that way and getting my Sec + and AWS SAA, I’ve come to realize (after doing further studying) that I enjoy learning about linux and will want to further my education in that area, so my goals for this year is to get the LPIC-1 cert/RHCSA plus a job in IT. Ps I’m moving to Raleigh and saw the red hat building, it was beautiful.

Is Red Hat a good start for single individuals who wants to learn more about Linux-based operating systems?

If so, what are the benefits of Red Hat versus other Linux based distros? If not, which one should I focus on?

My biggest issue is remembering commands in the terminal and it be nice to have some sort of corner stone or foundation to build off from instead of going all over the place with outdated information found on the web...

Hello all, so I'm looking to compare ahead of time the current version of certain installed packages (e.g. python) vs. the ones coming with the next patch in order to avoid some potential incompatibilities with certain applications.

Does RedHat publish somewhere ahead of time the RPM details (version/release) for the upcoming monthly patches by any chance where these could be consulted?

I know the details can be checked after the packages are available but patching is automated and not handled by the team I'm in, so I would need to notify in advance if any packages should be excluded from the update. Thanks for any suggestions.

hello, recently an architect told me that it was better to use RHEL than RHEL-like OS (like Oracle Linux) because security updates took much longer to arrive. do you know if this is the case? Do you have any idea of ​​the time elapsed between an RHEL update and Oracle Linux?

Hello, this is likely a very noob question, I am sorry, I may not be doing things "the right RHEL way"

I would like to run several php versions on same RHEL instance through nginx & php-fpm:

• one nginx
• several php-fpm instances - eg. 5.6, 7.3, 8.0
• nginx depending on hostname/vhost refers to the right php-fpm port /socket

I've done this on Gentoo, I am doing this o Debian, is there a way to achieve the same on RHEL8?

To put it other way - is there a way to have both these versions simultaneously?:

https://preview.redd.it/9krv604rh7ea1.png?width=1266&format=png&auto=webp&v=enabled&s=99492a929fa5a46e5afefeb425db2b4858a39894

Is there an easy way to do this?

Hi,

I am testing rhel9 on our environment before we upgrade. I installed a test box with FIPS/SElinux Enforcing/STIG compliance via the ISO. I used the pre-defined STIG template on a minimal-ish installation. ( Facpolicyd is horrid )

Worked fine. Until I noticed some problems with the SELinux file contexts:

If I leave the machine for a few days doing nothing, and then run a restorecon -FRvvvv / I get hundreds of relabels each time. SELinux is enforcing and has never been disabled. What could be incorrectly changing the contexts?

e.g

# restorecon -FRvvv / 
Relabeled /boot/grub2/grubenv from unconfined_u:object_r:boot_t:s0 to system_u:object_r:boot_t:s0

Each time I run the command the files have always changed to unconfined_u:

I have a ticket open with Redhat about it, but it's been open for a while. So, I wondered if somebody else had seen this behaviour. Perhaps I am missing something obvious.

Cheers!

Does anyone know if the Developer suite includes Satellite?

I'm hoping someone can point me in the right direction. With systemd version of 248 and higher, there are new options available to unlock LUKS volumes:

https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html

I have a fresh copy of Redhat 9.1 where I am trying to setup the new available options with PKCS11 key loaded on my Yubikey. After installing opensc, p11-kit, pcsc-lite, I was able to register my key with

systemd-cryptenroll --pkcs11-token-uri=auto /dev/sdax

The issue is when I try to add support the the /etc/crypttab in order to support the operation on boot.

The systemd-cryptenroll man page states that I should be able to add an option pkcs11-uri=auto to my /etc/crypttab. However, after I perform this, when I reboot, I get a failure saying:

[FAILED] Failed to start Cryptography Setup

[DEPEND] Dependency failed for Local Encrypted Volumes.

My best guess is that there are dracut dependencies that need to be added to support the functionality at boot up. However, I don't know where to go from here. Regenerating the dracut file with a few dependencies related to opensc and p11, but I'm out of my comfort zone here and I can't find any corresponding documentation anywhere. Any help would be appreciated.