Interested in pursuing RHCSA

Levithan

Just a quick Q, I'm looking at going for the RHCSA myself. Seeing as I can buy a RHCSA 6 voucher until the 28th, would that be a better decision than going for the version 7? I currently have both the books by Jang and Tommasino, however haven't had the time to read them yet.

I'm only asking as I understand that many businesses are still using RHEL6, and it will be years until most of them have updated to R7. Any advice would be great!

brownwrap

We are finally pushing the last of the RHEL 5 machines out the back door. I don't see us rushing tp RHEL 7 anytime soon. Fairly shortly we will be one person short, but even beyond that we have enough to keep busy. Converting over a hundred desktop and servers is a big job and bound to break things. This is not like installing Windows 10 on a laptop. We are trying to implement SELinux and that is breaking stuff. I enabled it and couldn't log into my desktop because the GUI couldn't write to my home directory. Just waiting to see what happens to a server, and this is just one thing you can turn off or on.

JockVSJock

I bought my voucher for RHCA 6, however I realize that my next voucher for RHCE will be for Version 7.

Not sure how difficult this is going to be.

brownwrap

I read yesterday, I don't remember where, that the adoption of RHEL 7 has been the slowest of any previous release.

JockVSJock

I know our shops is going to hold onto RHEL 5 till the very bitter end, because it is technology that is proven, not bleeding edge stuff.

JockVSJock

brownwrap wrote: »

We are finally pushing the last of the RHEL 5 machines out the back door. I don't see us rushing tp RHEL 7 anytime soon.

I can't remember, I think you said you work for the Fed Gov't, right?

If so RHEL 5 has STIGs for it, is that the same case for RHEL 6? I don't see any documentation for it online, like I do for RHEL 5

https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

Mitechniq

There is a STIG for RH6 but right now it is a manual documentation instead of using a tool like SCAP.

Red Hat

brownwrap

Not only is there a STIG, but we are implementing SELinux.

JockVSJock

brownwrap wrote: »

but we are implementing SELinux.

Not sure what you mean by implemeting SELinux? I thought it came turned on by default...?

brownwrap

There is more than more mode. Check out /etc/selinux/config. We had been in permissive, which just flags thing, now we are slowly moving to enforced and targeted. I enabled it on my workstation and couldn't login via the gui because it was trying to write thing to my home directory.

aftereffector

Mitechniq wrote: »

There is a STIG for RH6 but right now it is a manual documentation instead of using a tool like SCAP.

Red Hat

There actually is a SCAP for RHEL6!

Main SCAP page (iase.disa.mil):
http://iase.disa.mil/stigs/scap/Pages/index.aspx


SCAP 1.1 content for RHEL 6:
http://iase.disa.mil/stigs/Documents/U_RedHat_6_V1R6_STIG_SCAP_1-1_Benchmark.zip


SCAP tools (i686 and x86 64) for RHEL:
https://powhatan.iiie.disa.mil/stigs/downloads/zip/SCC_3.1.2_rhel_i686.zip
https://powhatan.iiie.disa.mil/stigs/downloads/zip/SCC_3.1.2_rhel_x86_64.zip

runlevl4

JockVSJock wrote: »

I know our shops is going to hold onto RHEL 5 till the very bitter end, because it is technology that is proven, not bleeding edge stuff.

Yup. We're just now planning an upgrade to 6.5 from 5.x.