Initial Configuration of RHEL 8

Steps for initial configuration of RHEL 8

Configuration of IP Address & DNS

Modify /etc/sysconfig/network-scripts/ifcfg-ensxxx

vi /etc/sysconfig/network-scripts/ifcfg-ens192
  BOOTPROTO="none"
  DEVICE="ens192"
  ONBOOT="yes"
  IPADDR="192.168.1.231"
  PREFIX="24"
  GATEWAY="192.168.1.1"
  DNS1="192.168.1.230"
  DOMAIN="lab.aventislab.com"

Subscription Management

Login with valid credential registered in RedHat Portal

subscription-manager register --username yong510 --password P@ssw0rdXXXXXXX
   Registering to: subscription.rhsm.redhat.com:443/subscription
   The system has been registered with ID: 51d0c0da-xxxxxxxxxxxxxxxxxxxxxxxxx
   The registered system name is: rhel.lab.aventislab.com

Attached our system with Pool ID

subscription-manager list --available | grep "Pool ID"
  Pool ID:             8a85fxxxxxxxxxxxxxxxxxxxxxx

subscription-manager attach --pool=8a85xxxxxxxxxxxxxxxxxxxxxxxxxxx
  Successfully attached a subscription for: Red Hat Developer Subscription

Reference Link

Cockpit

Cockpit is a Web based server management tool

# Install
yum install cockpit -y
# Allow cockpit in Firewalld
firewall-cmd --add-service=cockpit --permanent
# Enable and Start cockpit
systemctl enable --now cockpit.socket
# Verify Cockpit is listening on Port 9090
ss -tulpn | grep :9090

Replace Default SSL Certificate in Cockpit

Convert the star.pfx file to cert & key file following Replace ESXi Self-signed Certificate

#Extract the private key from PFX 
openssl pkcs12 -in lab.pfx -nocerts -out lab.pem
Enter Import Password:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

#Extract Cert from PFX 
openssl pkcs12 -in lab.pfx -clcerts -nokeys -out lab.cert
Enter Import Password:

#Remove the passphase 
openssl rsa -in lab.pem -out lab.key
Enter pass phrase for lab.pem:
writing RSA key

Append the content of lab.key file to lab.cert

cat lab.key
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

vi lab.cert
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

Upload lab.cert to RHEL Server

# Upload to RHEL 
scp lab.cert root@192.168.1.231:/tmp
# Copy to/etc/cockpit/ws-certs.d
cp /tmp/lab.cert /etc/cockpit/ws-certs.d
# Restart Cockpit 
systemctl enable --now cockpit.socket
# Verify lab.cert is used for cockpit now
remotectl certificate
	certificate: /etc/cockpit/ws-certs.d/lab.cert

There is no more SSL Certificate error message prompted

initial configuration of RHEL 8

Reference Link

SSL/TLS Usage in Cockpit

Add User to Sudo Group

Create a new user called kwyong and assign as member of wheel group

#Create a new User
adduser kwyong
passwd kwyong
# Add User to sudo 
usermod -aG wheel kwyong

SSH Key-Based Authentication

Generate the SSH key from ubuntu desktop

kwyong@ubuntu1804:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kwyong/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/kwyong/.ssh/id_rsa.
Your public key has been saved in /home/kwyong/.ssh/id_rsa.pub.

copy id_rsa.pub (Public Key) to RHEL and authorized_keys is created in /home/kwyong/.ssh in RHEL

ssh-copy-id kwyong@192.168.1.231

Login with id_rsa (Private Key)

ssh -i /home/mobaxterm/.ssh/id_rsa kwyong@192.168.1.231

Disabled SSH Password Login

sudo vi /etc/ssh/sshd_config
	PasswordAuthentication no
# Restart SSH 
sudo systemctl restart sshd.service

Other users who are trying to login without the private key with get the error message as below

ssh kwyong@192.168.1.231
kwyong@192.168.1.231: Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

Software Management with DNF

Default DNF Repository

dnf repolist
Updating Subscription Management repositories.
Last metadata expiration check: 0:04:29 ago on Mon 30 Mar 2020 07:21:53 PM +08.
repo id                                       repo name                                                             status
rhel-8-for-x86_64-appstream-rpms              Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)              8,611
rhel-8-for-x86_64-baseos-rpms                 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)                 3,697

Some common commands for DNF

# Check version 
dnf --version 
# System Update
dnf update 
# Clear Cache 
dnf clean all 
# List installed package 
dnf list
# List Available package for installation 
dnf list available
dnf search nginx
# Install Package
dnf install nginx
dnf info nginx
dnf remove nginx
dnf list --recent 
# Check system update 
dnf check-update
dnf update 
# List available security update
dnf updateinfo list available sec --sec-severity Critical
dnf upgrade --sec-severity Critical:

Others

Open-vm-tools is installed by default

[root@rhel ~]# dnf install open-vm-tools
Package open-vm-tools-10.3.10-3.el8_1.1.x86_64 is already installed.

Scroll to Top