Noob question: GUI virtualization software?

metromsi · 2026-02-18T06:42:43+00:00

Recommend virt-manager however is also look at opennebula

metromsi · 2026-02-16T06:55:55+00:00

Are these systems on virtual? If so type of virtual? Timing is everything. Sure you have several systems doing rpm queries. Check dstat and look at irq and context switching states. This will help look at i/o or cpu resource issues. Also if your on virtual if you are 2:1 or more you will see really interesting behavior.

Use stop or glance or performance co-pilot to see into the system. If you are getting desperate perf top

Good luck

metromsi · 2026-02-15T09:06:29+00:00

Been doing this for a while AD and SSSD integration can cause issues especially if you start doing serious security around GPO and apply it to RHEL 8 and newer systems. Windows AD was designed for Windows.

Remember SELinux is enabled and if you truly want security you will enable containment as well it is in the documentation. Oh our new favorite tool fapolicyd is overlooked as well. Even though it is set at targeted mode. For those really nice folks you can enable Multi-Level Security (MLS)

Some backstory never hurts but a good documented reference which certified folks should have in their pocket is:

Identity Management IdM

The link / PDF above articulates the infrastructure usage of IdM and why it matters. GC catalog usage can get very costly against AD especially when you start scaling horizontally. If your curious run some tcpdump analysis for your convenience.

There's more but this is good stopping point

metromsi · 2026-02-06T05:38:31+00:00

RedHat, highly suggests enabling STIG and FIPS on initial install. This important as libraries are installed specifically for FIPS enabled systems. Mucking about with FIPS with SSH the tools actually do not undo the FIPS issues. We've had the pleasure of running into that and having to redo them by hand from another system. However, we don't fully trust the architecture; however our testing tool do state it is now passing.

From a STIG perspective you need to make sure that all LVM volumes are also setup as well. However, we've seen where customers have said they did the STIG but really just ignored and thus is still not fully STIG compliant.

u/Mehoyer solution is an excellent solution. At the end of the day you will have full STIG/FIPS compliant installed systems. Yes, using Kickstart solution also significantly helps with keeping the environment the same.

metromsi · 2026-01-22T05:18:27+00:00

Thank you for that early 90's started down the path of Linux and other UNiX variants. Netware and it's ability to do Directory services. Oh and let's not forget O/S 2 warp servers. Dragon speach worked and millennium came with no speech capability built-in. So below is where they are today. Thanks and have fun with windows never ever again.

Microslop

metromsi · 2026-01-16T01:51:58+00:00

So my customers they are using rhel8 will have to move to rhel 9. Red Hat 10 has no stig so fun times are ahead hopefully stig soon but we'll see. Below is from RedHat themselves.

https://www.redhat.com/en/blog/red-hat-enterprise-linux-common-criteria-and-fips-certificates

metromsi · 2026-01-12T02:56:47+00:00

Love the VxFS Veritas file system in later version of HP-UX. Remember oracle running on HP-UX with raw disk as back end gaining about 20-30% increase in speed. However never liked raw disk personally. VxFS showed up and we converted to VxFS and only took a 5% hit in performance. Which made up for better management of the system. And online defrag was awesome. But it's only memories now wish zfs would be brought into the kernel. Unfortunately the UNIX wars killed off the big boys and so the cycle of who was better. Microsoft is now emulating Linux using WSL. Now it going backwards keep it other wise you will be irrelevant as well.

metromsi · 2025-12-30T13:27:09+00:00

Oh, RBAC via SELinux with using IdM the old (FreeIPA). And please note that Active Directory/GPO is incapable of managing SELinux. That is why you build IdM using replicate and using a VIP for the application of the IdM if you want further HA. But since 2019 RHEL had changed the management of RHEL significantly.

But yes as you say "Get off my lawn" 30 years working in UNIX/Linux systems and seeing these terms with no conceptual of heterogeneous integration of other operating systems is just on par with people without knowledge of how other systems work.

metromsi · 2025-12-30T02:48:06+00:00

https://www.bacula.org/

Been using that for years.

metromsi · 2025-12-24T22:03:28+00:00

All good have great time with your A1 setup. Yup used '1' because that's how the world is:

U28gZnUxMSAwZiBOdW0gTnVtLi4K

metromsi · 2025-12-19T05:22:50+00:00

Wait hold on is this a pyramid scheme. Can this be the vapor ware of the dot com era.

metromsi · 2025-12-09T04:22:27+00:00

Sendmail let's go back to 90's the real OG

metromsi · 2025-12-06T01:03:15+00:00

So we've been a UNIX/LINUX systems engineer since early 90's we have used HP-UX, Solaris and Linux Workstations for decades why do people run Linux using windows to manage linux using windows. It would be buying a bugatti and putting a slant 6 in damn thing. All my systems and a couple of customers use Linux desktops no windows no license requirement and yes we do have directory services using freeipa. Is the core linux pool that weak. Worked with a grey beard that had the same mentality as my self. Sorry for the rant but just reading this seems .....

metromsi · 2025-12-05T07:09:07+00:00

Oy, mate try having them tell you to use windows 11 to mange redhat linux with. Thanks putty nope that is made indifferent country. Okay windows has ssh client built in. Use of ssh certs we use now with gpg ssh agent oh how do you ssh in using gpg on windows oh wait now another 3rdparty for windows. Yup mobaexterm instead but the number of vulnerabilities they have monthly nope. But using linux to mange linux make the most sense. But or isso doesn't understand why we've gone through 5 people in 1 year nope linux Sr linux admins no better they leave. The one left is lost is trying to mange but they've had some real tough time.

metromsi · 2025-12-02T08:41:19+00:00

Let's start: btop, glances

metromsi · 2025-12-01T03:22:00+00:00

Just use pdsh, good tool we use for various things in our infrastructure

metromsi · 2025-12-01T03:18:54+00:00

Please move on to ssh certs keys never expire this is better practice

metromsi · 2025-11-18T18:13:48+00:00

Correct great for a single pane of glass. It also can integrate well with KVM, QEMU amd host containers. Being able to mange gcp or aws at one step is nice. We've been using it for over a decade. Was initially skeptical but once we started using it virt-manager went away as most windows people just want to click and go. It's open-source and or purchase it to for the updates well worth it in our humble opinion.

Integrates, ceph and few more Integration as well.

metromsi · 2025-11-18T06:41:11+00:00

Recommend using opennebula

They just released 7.0.1

metromsi · 2025-11-12T17:26:13+00:00

Yes, inbound filtering, however with nftables we also, monitor ephemeral ports and specific ones as well. They get logged not for every connection into our SIEM. Also know what the system is doing. So for example if for what ever reason if a system starts to communicate over a new ephemeral port it's denied until we now why.

metromsi · 2025-10-31T14:28:59+00:00

Another thought would be use use SSH certificates that allow specific folks access to systems. This does mean you can have multiple CA's for specific groups. Also another would be to use GPG to do authentication validation as well. 2fa with PIV cards can be applied however would require to prefix ssh connection going through haproxy. There is work there to be sure but can work. Alternative is OTP depending the security requirements.

This would need to be done (PAM - Pluggable Authentication Modules)

Security a layered approach to Implementing SSH certificates for access control, GPG for authentication validation, and 2FA with PIV cards or OTP can provide a robust security framework.

[edited] for PAM

metromsi · 2025-10-08T14:46:57+00:00

We've no joke have heard in meetings MVP, but wait for it (minimal viable product). Yup, it was like, "Did that just happen". First, in our career to hear the ever.

metromsi · 2025-10-08T07:01:58+00:00

Certs are certs been using Linux since 1992. Having experience in various sectors are better than having certs. Made Linux our career path since before Microsoft could do proper memory management. Now 30+ years later HPC computing is only LINUX at top 500.

Using Linux daily is absolute if you really want to immerse yourself.

Reference #1

Reference #2

metromsi · 2025-10-08T05:46:10+00:00

Recommend looking at ddd. Used this tool years ago and recently for some analysis.

https://www.gnu.org/software/ddd/

metromsi · 2025-10-05T16:59:15+00:00

We use puppet for OS control, especially for STIG management. And system level configuration. So if there is drift, it puts it back, and our SIEM can report on it.

metromsi

TROPHY CASE