r/redhat

Got STIGs? I know what you don't got in RHEL 10!
▲ 20 r/redhat

Got STIGs? I know what you don't got in RHEL 10!

I'm already on a tirade over the STIG summary posts, so I might as well get it all out before someone sends me packing. :)

I finished working on my Ansible playbooks for remediating RHEL 10 now that we have a STIG, and when I got around to updating our "PKI and Active Directory" join stuff I stumbled upon something nasty.

RHEL 10 (and 9 as of 9.7?) have dropped the pam-ssh-agent package. It turns out that this change proposal for Fedora 42 passed back in 2024. I didn't join as a contributor until April 2024, but I am still sorry for having missed this critical event. I would have said something and engaged my account executive at the time. (Or maybe even have learned to package the thing myself and just kept it alive.)

The non-STIG afflicted folks out there are probably wondering what the big idea is. The pam-ssh-agent package was how we passed in our smart cards into a RHEL system over SSH, thus allowing us to do things like sudo without a password but still rely on our happy little two-factor proof of identity.

You might say "well, what about nopasswd?" There's a STIG prohibiting that.

"Ok, what about slinging around kerberos tokens since you're using AD anyhow?" Yeah, there's a STIG for that as well. Bonus, it also doesn't work reliably when your AD is STIG compliant as well. (They don't think about or test these things.)

"Ok, ok, ok. Just put in your password already!"

What password? We don't do that around here.

Now, if I find some other way that works, I'll let you guys know. It may very well come down to us documenting, compiling, packaging, and signing something in-house. It just never occurred to me that Red Hat would yank something that provides a critical feature and not provide a replacement. Even the RHEL 10 documentation on the topic is... Well, I think an AI wrote it, to be honest.

Oh, well. :)

u/Aggraxis — 3 hours ago
▲ 8 r/redhat

STIG change summaries? Here's what's up!

Hi gang!

It turns out my little community service project has triggered the ire of Reddit's filter gremlins. It's too much work to try to post them here in r/redhat. I reached out to the mods, but I haven't received a response, which is really too bad.

I haven't tried to post them somewhere adjacent like r/fedora where I am also active because the STIG content is definitely off-topic there.

So, enjoy the routine posts from folks looking for exam discounts, etc. It has been fun, but the life of a stiglord doesn't allow for these kinds of mundane distractions.

reddit.com
u/Aggraxis — 3 hours ago
▲ 4 r/redhat

About the length of the answer

Write a bash script to create XFS, ext4, and vfat file system structures in the logical volumes, respectively. Create mount points /mnt/xfs, /mnt/ext4, and /mnt/vfat, and mount the file systems. Include the df command with -h in the script to list the mounted file systems. (From Ghori's book)

The answer with the help of AI:

-------------

#!/bin/bash

set -euo pipefail

# Configuration

VG_NAME="vgscript"

LV_NAMES=("lvscript1" "lvscript2" "lvscript3")

MOUNT_POINTS=("/mnt/xfs" "/mnt/ext4" "/mnt/vfat")

FS_TYPES=("xfs" "ext4" "vfat")

# Colors for output

GREEN='\033[0;32m'

YELLOW='\033[1;33m'

RED='\033[0;31m'

NC='\033[0m'

print_status() {

echo -e "${GREEN}[INFO]${NC} $1"

}

print_warning() {

echo -e "${YELLOW}[WARN]${NC} $1"

}

print_error() {

echo -e "${RED}[ERROR]${NC} $1"

}

# Check root privileges

if [[ $EUID -ne 0 ]]; then

print_error "This script must be run as root"

exit 1

fi

# Verify logical volumes exist

print_status "Checking logical volumes..."

for lv in "${LV_NAMES[@]}"; do

lv_path="/dev/$VG_NAME/$lv"

if [[ ! -L "$lv_path" ]]; then

print_error "Logical volume $lv_path not found!"

print_error "Run the LVM creation script first."

exit 1

fi

print_status "Found: $lv_path ($(lvs --noheadings -o size "$lv_path" | tr -d ' '))"

done

# Create filesystems

print_status "\n=== Creating File Systems ==="

for i in "${!LV_NAMES[@]}"; do

lv_path="/dev/$VG_NAME/${LV_NAMES[$i]}"

fs_type="${FS_TYPES[$i]}"

print_status "Creating $fs_type filesystem on ${LV_NAMES[$i]}..."

case "$fs_type" in

xfs)

mkfs.xfs -f "$lv_path"

;;

ext4)

mkfs.ext4 -F "$lv_path"

;;

vfat)

mkfs.vfat -F 32 "$lv_path"

;;

esac

print_status "Created $fs_type on ${LV_NAMES[$i]}"

done

# Create mount points

print_status "\n=== Creating Mount Points ==="

for mp in "${MOUNT_POINTS[@]}"; do

if [[ ! -d "$mp" ]]; then

mkdir -p "$mp"

print_status "Created mount point: $mp"

else

print_warning "Mount point $mp already exists"

fi

done

# Mount filesystems

print_status "\n=== Mounting File Systems ==="

for i in "${!LV_NAMES[@]}"; do

lv_path="/dev/$VG_NAME/${LV_NAMES[$i]}"

mount_point="${MOUNT_POINTS[$i]}"

fs_type="${FS_TYPES[$i]}"

# Check if already mounted

if mountpoint -q "$mount_point"; then

print_warning "$mount_point is already mounted. Unmounting first..."

umount "$mount_point"

fi

mount "$lv_path" "$mount_point"

print_status "Mounted $lv_path ($fs_type) on $mount_point"

done

# Display results

print_status "\n=========================================="

print_status "FILE SYSTEMS CREATED AND MOUNTED."

print_status "=========================================="

echo -e "\n--- Filesystem Details ---"

for i in "${!LV_NAMES[@]}"; do

lv_path="/dev/$VG_NAME/${LV_NAMES[$i]}"

echo -e "\n${LV_NAMES[$i]}:"

blkid "$lv_path"

df -h "$lv_path"

done

echo -e "\n--- Mount Points ---"

mount | grep -E "xfs|ext4|vfat" | grep "/mnt/"

echo -e "\n--- Disk Free Space (df -h) ---"

df -h | grep -E "Filesystem|/mnt/xfs|/mnt/ext4|/mnt/vfat"

echo -e "\n--- Complete df -h Output ---"

df -h

print_status "\n=========================================="

print_status "Script completed successfully!"

print_status "=========================================="

print_status "Summary:"

print_status " /mnt/xfs -> lvscript1 (XFS)"

print_status " /mnt/ext4 -> lvscript2 (ext4)"

print_status " /mnt/vfat -> lvscript3 (VFAT)"

print_status "\n/etc/fstab has been updated for persistence."

print_status "Backup saved as /etc/fstab.backup.*"

-----------

Will we get the time to write such a long answer? What are the things here you think could have been avoided to make it shorter?

TIA

reddit.com
u/Abdullah715279 — 19 hours ago
▲ 3 r/redhat

Need advice on oppurtinites to look for after completing RHCSA ex200 certification

Hello Guys,

I am planning to give my second try for the red hat exam and i am pretty confidant that I will clear it. I have worked in tech support L1 level helpdesk for past 4 years and this is one of the first advanced certification(In my eyes at least) I am preparing for. Any tips on what direction should I take after completing the certification and what oppurtinities will be available based on this certificaton?

reddit.com
u/Kali1402 — 8 hours ago
▲ 8 r/redhat

Preparation

I’m 30s. Been studying and practicing rhel & networking in general, thought of getting into IT(somewhere someplace to start a life). It’s been months , took few very good advices (other Reddit posts) but still feel like near zero in it. Then and there I get a feel that certs not gonna land me in a job , or any projects that I may do later also won’t… it’s like a loop. I tried also very minimum task over a stretched period so as take it little one at a time, that too didn’t work. Feel like lost.

No clear idea here on

reddit.com
u/IndividualOpinion719 — 15 hours ago
▲ 8 r/redhat

EX294 Ansible-navigator

I passed EX294 about 2 years ago using RHEL 8. And i am preparing to recertify, I was watching a video on EX294 by Sander Van Vugt. Where he mentioned that knowledge of ansible-navigator was not required to pass exam. is this true?

reddit.com
u/oyesiji — 13 hours ago
▲ 4 r/redhat

Is RH442/EX442 RHEL Performance Tuning still very hard?

I've enrolled myself virtually in our partner tenant to follow this course, but saw online that it's conciderd one of the hardest exams to pass from RedHat. Is that still true?

reddit.com
u/Macley6969 — 14 hours ago
▲ 12 r/redhat+1 crossposts

Samba AD DC on Rhel9

I have been tasked to explore options to migrate from windows active directory to samba AD dc with minimal.

- most of my clients are windows machine

I belong to banking domain..

Wat are ur opinion on moving to samba AD dc and is rhel9 an good option or I need to look into debain or other ?

And is it easy to migrate after addding samba AD dc along Microsoft ad?

reddit.com
u/im_vatsa — 1 day ago
▲ 3 r/redhat

EX467 V2.5

Hi Everyone

Has anyone here perhaps taken the V2.5 version of the EX467 Exam?

I have the option to book the 2.5 or 2.2 version so just wanted to see if anyone has experience with the newer one.

v2.5 seems to follow a newer training course called AU-467

reddit.com
u/watomtevat — 12 hours ago
▲ 39 r/redhat

Excited to join Red Hat as a TAM

Hi everyone, I recently got an offer for a TAM role for Openshift at Red Hat and I’m really excited about it. Would love to hear from current or former Red Hatters on what to expect, how I can best prepare before joining, and any tips to succeed in the first few months. Appreciate any insights, thank you!

reddit.com
u/aiaiyoo — 1 day ago
▲ 3 r/redhat

RHCSA Exam in 72 Hours, any tips and pointers?

Like the title says, I scheduled my in-person exam for this week.

I have taken Ghada Atefs practice exams back and fourth, I have also done all of Sanders. So I think I am ready to take the exam.

Do you guys have anythings I should focus on or think about as I continue to prepare?

reddit.com
u/acidman390 — 1 day ago
▲ 7 r/redhat

What to expect from Red Hat Technical Interview process for Software Engineer?

I have an upcoming technical interview for Red Hat. Should I expect leetcode or what kind of interview? I have roughly 2 yoe.

reddit.com
u/papayon10 — 1 day ago
▲ 2 r/redhat

RHCSA in Lyon, France: Physical keyboard vs. Software layout?

Dear community,

Does somebody know which keyboard is used in the RHCSA exam in France? I will take it in two weeks in Lyon, but I think this can have a huge influence. Obviously the part I am concerned about is when a real virtual terminal is required, or when interacting with the grub menu. As far as I know, the keyboard layout will be english regardless of your physical keyboard.

I just left a message to their support service, but I would also like to hear your experience.

reddit.com
u/Aromatic-Raisin3911 — 14 hours ago
▲ 0 r/redhat

EX457 Info

I'm preparing for the EX457, I wonder if at the exam we have to install anything? Is there to configure something before starting, such as ansible.cfg or ansible-navigator.yml ? if yes, does red hat provide what we need to configure in it?
Thanks

reddit.com
u/ImaginaryDoor1400 — 11 hours ago
▲ 3 r/redhat

Question to redhat partner companies for certification and implementation etc, understanding why companies choose RedHat for consulting??

I am an anonymous guy.

I want to understand, the benefits/cons etc of being a redhat partner company.

From my perspective:

Pros:

  1. Easy client aquisition as there seems to be massive demand for certifications and implementing redhat consulted products (Sattelite and AAP and openshift(God knows why they wont use k3s or k8s or much simpler robust stuff-I feel they botched RHOSP though)).
  2. Lots of money.

Cons:

  1. Ecosystem lock in.
  2. No more self-identity. Will just be a redhat partner company.

But from my perspective I believe we can provide a much more robust, cheaper and better solutions at scale than redhat established software can.

And even maintain the software at a fraction of the cost.

So Question is, Why won't big companies in Europe or Middle East or Other countries choose companies out of India or south east Asia to maintain their infra and stuff with their own software? But when branded redhat partner they suddenly seem more attractive??

What are your thoughts?

Is it because they are American or some subtle racism thing or idk. Just wanna ask :)

Again my personal feeling is that the companies just want to blow the money and overcomplicate solutions to simple problems.

Does redhat give kickbacks to Point of Contacts or anything shady?

And after interacting with many of their(Redhat) Engineers, I do not think they are some out of earth godly devs either/consulting people either and make the routine mistakes any other one would. And with AI, anyone can do much better fancy uncomplicated documentation.

So the question stands, why do big companies believe redhat is special for consulting?

More directly, if you are a big company, why choose redhat? instead of one of the million other companies out of Asia?

Or is it a marketing thing?

And how to gain your trust, if you are a big company?

reddit.com
u/Rare_Purpose8099 — 22 hours ago
▲ 0 r/redhat

Here’s a Red Hat marketing document boasting about its AI technologies that enable users to “kill faster.”

Here’s a Red Hat marketing document boasting about its AI technologies that enable users to “kill faster.”

The Red Hat teams are currently cleaning up their website to remove all of this, but Archive.org has saved a copy.

It’s up to you to form your own opinion about Red Hat.

P.S.: Red Hat provides the developers, financial resources, and logistics to maintain the Fedora distribution.

https://web.archive.org/web/20260402155236/https://www.redhat.com/rhdc/managed-files/ve-compress-the-kill-cycle-detail-693397pr-202402-en_3.pdf

reddit.com
u/Heyla_Doria — 1 day ago
🔥 Hot ▲ 55 r/redhat

RHCEv10 Passed!

Woop! Passed with 233 out of 300 on second try, not great but a pass is a pass. Created my own practice labs with help from Claude and some online resources and it was just enough to pass. Don't give up!

reddit.com
u/maschine2014 — 3 days ago
▲ 2 r/redhat

Objective for Exam version 9.3

I can't find the original exam objectives for 9.3 and I just want to make sure I covered everything before my exam In June.
Edit: EX200

reddit.com
u/heyyou06 — 1 day ago