Menu Close

Chapter 2. Installing Red Hat Enterprise Linux on AMD64, Intel 64, and 64-bit ARM

This section describes how to install Red Hat Enterprise Linux on AMD64, Intel 64, and 64-bit ARM systems, using the graphical user interface. The section also provides the following information:

  • Instructions for customizing your installation settings
  • Instructions for completing your post-installation tasks

2.1. Recommended steps

Preparing for your RHEL installation consists of the following steps:

Steps

  1. Review and determine the installation method.
  2. Check system requirements.
  3. Review the installation boot media options.
  4. Download the required installation ISO image.
  5. Create a bootable installation medium.
  6. Prepare the installation source*

*Only required for the Boot ISO (minimal install) image if you are not using the Content Delivery Network (CDN) to download the required software packages.

2.2. Booting the installation

After you have created bootable media you are ready to boot the Red Hat Enterprise Linux installation.

2.2.1. Boot menu

The Red Hat Enterprise Linux boot menu is displayed using GRand Unified Bootloader version 2 (GRUB2) when your system has completed loading the boot media.

Figure 2.1. Red Hat Enterprise Linux boot menu

Boot menu window.

The boot menu provides several options in addition to launching the installation program. If you do not make a selection within 60 seconds, the default boot option (highlighted in white) is run. To select a different option, use the arrow keys on your keyboard to make your selection and press the Enter key.

You can customize boot options for a particular menu entry:

  • On BIOS-based systems: Press the Tab key and add custom boot options to the command line. You can also access the boot: prompt by pressing the Esc key but no required boot options are preset. In this scenario, you must always specify the Linux option before using any other boot options.
  • On UEFI-based systems: Press the e key and add custom boot options to the command line. When ready press Ctrl+X to boot the modified option.

Table 2.1. Boot menu options

Boot menu optionDescription

Install Red Hat Enterprise Linux 9

Use this option to install Red Hat Enterprise Linux using the graphical installation program. For more information, Installing RHEL using an ISO image from the Customer Portal

Test this media & install Red Hat Enterprise Linux 9

Use this option to check the integrity of the installation media. For more information, see Verifying a boot media

Troubleshooting >

Use this option to resolve various installation issues. Press Enter to display its contents.

Table 2.2. Troubleshooting options

Troubleshooting optionDescription

Troubleshooting > Install Red Hat Enterprise Linux 9 in basic graphics mode

Use this option to install Red Hat Enterprise Linux in graphical mode even if the installation program is unable to load the correct driver for your video card. If your screen is distorted when using the Install Red Hat Enterprise Linux 9 option, restart your system and use this option. For more information, see Cannot boot into graphical installation

Troubleshooting > Rescue a Red Hat Enterprise Linux system

Use this option to repair any issues that prevent you from booting. For more information, see Using a rescue mode

Troubleshooting > Run a memory test

Use this option to run a memory test on your system. Press Enter to display its contents. For more information, see memtest86

Troubleshooting > Boot from local drive

Use this option to boot the system from the first installed disk. If you booted this disk accidentally, use this option to boot from the hard disk immediately without starting the installation program.

2.2.2. Types of boot options

The two types of boot options are those with an equals "=" sign, and those without an equals "=" sign. Boot options are appended to the boot command line and you can append multiple options separated by space. Boot options that are specific to the installation program always start with inst.

Options with an equals "=" sign
You must specify a value for boot options that use the = symbol. For example, the inst.vncpassword= option must contain a value, in this example, a password. The correct syntax for this example is inst.vncpassword=password.
Options without an equals "=" sign
This boot option does not accept any values or parameters. For example, the rd.live.check option forces the installation program to verify the installation media before starting the installation. If this boot option is present, the installation program performs the verification and if the boot option is not present, the verification is skipped.

2.2.3. Editing the boot: prompt in BIOS

When using the boot: prompt, the first option must always specify the installation program image file that you want to load. In most cases, you can specify the image using the keyword. You can specify additional options according to your requirements.

Prerequisites

  • You have created bootable installation media (USB, CD or DVD).
  • You have booted the installation from the media, and the installation boot menu is open.

Procedure

  1. With the boot menu open, press the Esc key on your keyboard.
  2. The boot: prompt is now accessible.
  3. Press the Tab key on your keyboard to display the help commands.
  4. Press the Enter key on your keyboard to start the installation with your options. To return from the boot: prompt to the boot menu, restart the system and boot from the installation media again.
Note

The boot: prompt also accepts dracut kernel options. A list of options is available in the dracut.cmdline(7) man page.

2.2.4. Editing predefined boot options using the > prompt

In BIOS-based AMD64 and Intel 64 systems, you can use the > prompt to edit predefined boot options. To display a full set of options, select Test this media and install RHEL 9 from the boot menu.

Prerequisites

  • You have created bootable installation media (USB, CD or DVD).
  • You have booted the installation from the media, and the installation boot menu is open.

Procedure

  1. From the boot menu, select an option and press the Tab key on your keyboard. The > prompt is accessible and displays the available options.
  2. Append the options that you require to the > prompt.
  3. Press Enter to start the installation.
  4. Press Esc to cancel editing and return to the boot menu.

2.2.5. Editing the GRUB2 menu for the UEFI-based systems

The GRUB2 menu is available on UEFI-based AMD64, Intel 64, and 64-bit ARM systems.

Prerequisites

  • You have created bootable installation media (USB, CD or DVD).
  • You have booted the installation from the media, and the installation boot menu is open.

Procedure

  1. From the boot menu window, select the required option and press e.
  2. On UEFI systems, the kernel command line starts with linuxefi. Move the cursor to the end of the linuxefi kernel command line.
  3. Edit the parameters as required. For example, to configure one or more network interfaces, add the ip= parameter at the end of the linuxefi kernel command line, followed by the required value.
  4. When you finish editing, press Ctrl+X to start the installation using the specified options.

2.2.6. Booting the installation from a USB, CD, or DVD

Follow the steps in this procedure to boot the Red Hat Enterprise Linux installation using a USB, CD, or DVD. The following steps are generic. Consult your hardware manufacturer’s documentation for specific instructions.

Prerequisite

You have created bootable installation media (USB, CD or DVD). See Creating a bootable DVD or CD for more information.

Procedure

  1. Power off the system to which you are installing Red Hat Enterprise Linux.
  2. Disconnect any drives from the system.
  3. Power on the system.
  4. Insert the bootable installation media (USB, DVD, or CD).
  5. Power off the system but do not remove the boot media.
  6. Power on the system.

    Note

    You might need to press a specific key or combination of keys to boot from the media or configure the Basic Input/Output System (BIOS) of your system to boot from the media. For more information, see the documentation that came with your system.

  7. The Red Hat Enterprise Linux boot window opens and displays information about a variety of available boot options.
  8. Use the arrow keys on your keyboard to select the boot option that you require, and press Enter to select the boot option. The Welcome to Red Hat Enterprise Linux window opens and you can install Red Hat Enterprise Linux using the graphical user interface.

    Note

    The installation program automatically begins if no action is performed in the boot window within 60 seconds.

  9. Optionally, edit the available boot options:

    1. UEFI-based systems: Press E to enter edit mode. Change the predefined command line to add or remove boot options. Press Enter to confirm your choice.
    2. BIOS-based systems: Press the Tab key on your keyboard to enter edit mode. Change the predefined command line to add or remove boot options. Press Enter to confirm your choice.

2.2.7. Booting the installation from a network using PXE

When installing Red Hat Enterprise Linux on a large number of systems simultaneously, the best approach is to boot from a PXE server and install from a source in a shared network location. Follow the steps in this procedure to boot the Red Hat Enterprise Linux installation from a network using PXE.

Note

To boot the installation process from a network using PXE, you must use a physical network connection, for example, Ethernet. You cannot boot the installation process with a wireless connection.

Prerequisites

  • You have configured a TFTP server, and there is a network interface in your system that supports PXE. See Additional resources for more information.
  • You have configured your system to boot from the network interface. This option is in the BIOS, and can be labeled Network Boot or Boot Services.
  • You have verified that the BIOS is configured to boot from the specified network interface. Some BIOS systems specify the network interface as a possible boot device, but do not support the PXE standard. See your hardware’s documentation for more information. When you have properly enabled PXE booting, the system can boot the Red Hat Enterprise Linux installation program without any other media.

Procedure

  1. Verify that the network cable is attached. The link indicator light on the network socket should be lit, even if the computer is not switched on.
  2. Switch on the system.

    Depending on your hardware, some network setup and diagnostic information can be displayed before your system connects to a PXE server. When connected, a menu is displayed according to the PXE server configuration.

  3. Press the number key that corresponds to the option that you require.

    Note

    In some instances, boot options are not displayed. If this occurs, press the Enter key on your keyboard or wait until the boot window opens.

    The Red Hat Enterprise Linux boot window opens and displays information about a variety of available boot options.

  4. Use the arrow keys on your keyboard to select the boot option that you require, and press Enter to select the boot option. The Welcome to Red Hat Enterprise Linux window opens and you can install Red Hat Enterprise Linux using the graphical user interface.

    Note

    The installation program automatically begins if no action is performed in the boot window within 60 seconds.

  5. Optionally, edit the available boot options:

    1. UEFI-based systems: Press E to enter edit mode. Change the predefined command line to add or remove boot options. Press Enter to confirm your choice.
    2. BIOS-based systems: Press the Tab key on your keyboard to enter edit mode. Change the predefined command line to add or remove boot options. Press Enter to confirm your choice.

2.3. Installing RHEL using an ISO image from the Customer Portal

Use this procedure to install RHEL using a DVD ISO image that you downloaded from the Customer Portal. The steps provide instructions to follow the RHEL Installation Program.

Warning

When performing a GUI installation using the DVD ISO image file, a race condition in the installer can sometimes prevent the installation from proceeding until you register the system using the Connect to Red Hat feature. For more information, see BZ#1823578 in the Known Issues section of the RHEL Release Notes document.

Prerequisites

Procedure

  1. From the boot menu, select Install Red Hat Enterprise Linux 9, and press Enter on your keyboard.
  2. In the Welcome to Red Hat Enterprise Linux 9 window, select your language and location, and click Continue. The Installation Summary window opens and displays the default values for each setting.
  3. Select System > Installation Destination, and in the Local Standard Disks pane, select the target disk and then click Done. The default settings are selected for the storage configuration.
  4. Select System > Network & Host Name. The Network and Hostname window opens.
  5. In the Network and Hostname window, toggle the Ethernet switch to ON, and then click Done. The installer connects to an available network and configures the devices available on the network. If required, from the list of networks available, you can choose a desired network and configure the devices that are available on that network.
  6. Select User Settings > Root Password. The Root Password window opens.
  7. In the Root Password window, type the password that you want to set for the root account, and then click Done. A root password is required to finish the installation process and to log in to the system administrator user account.
  8. Optional: Select User Settings > User Creation to create a user account for the installation process to complete. In place of the root account, you can use this user account to perform any system administrative tasks.
  9. In the Create User window, perform the following, and then click Done.

    1. Type a name and user name for the account that you want to create.
    2. Select the Make this user administrator and the Require a password to use this account check boxes. The installation program adds the user to the wheel group, and creates a password protected user account with default settings. It is recommended to create a password protected administrative user account.
  10. Click Begin Installation to start the installation, and wait for the installation to complete. It might take a few minutes.
  11. When the installation process is complete, click Reboot to restart the system.
  12. Remove any installation media if it is not ejected automatically upon reboot.

    Red Hat Enterprise Linux 9 starts after your system’s normal power-up sequence is complete. If your system was installed on a workstation with the X Window System, applications to configure your system are launched. These applications guide you through initial configuration and you can set your system time and date, register your system with Red Hat, and more. If the X Window System is not installed, a login: prompt is displayed.

    Note

    If you have installed a Red Hat Enterprise Linux Beta release, on systems having UEFI Secure Boot enabled, then add the Beta public key to the system’s Machine Owner Key (MOK) list.

  13. From the Initial Setup window, accept the licensing agreement and register your system.

2.4. Registering and installing RHEL from the CDN using the GUI

This section contains information about how to register your system, attach RHEL subscriptions, and install RHEL from the Red Hat Content Delivery Network (CDN) using the GUI.

2.4.1. What is the Content Delivery Network

The Red Hat Content Delivery Network (CDN), available from cdn.redhat.com, is a geographically distributed series of static web servers that contain content and errata that is consumed by systems. The content can be consumed directly, such as using a system registered to Red Hat Subscription Management. The CDN is protected by x.509 certificate authentication to ensure that only valid users have access. When a system is registered to Red Hat Subscription Management, the attached subscriptions govern which subset of the CDN the system can access.

Registering and installing RHEL from the CDN provides the following benefits:

  • The CDN installation method supports the Boot ISO and the DVD ISO image files. However, the use of the smaller Boot ISO image file is recommended as it consumes less space than the larger DVD ISO image file.
  • The CDN uses the latest packages resulting in a fully up-to-date system right after installation. There is no requirement to install package updates immediately after installation as is often the case when using the DVD ISO image file.
  • Integrated support for connecting to Red Hat Insights and enabling System Purpose.

Registering and installing RHEL from the CDN is supported by the GUI and Kickstart. For information about how to register and install RHEL using the GUI, see the Performing a standard RHEL 9 installation document. For information about how to register and install RHEL using Kickstart, see the Performing an advanced RHEL 9 installation document.

2.4.2. Registering and installing RHEL from the CDN

Use this procedure to register your system, attach RHEL subscriptions, and install RHEL from the Red Hat Content Delivery Network (CDN) using the GUI.

Important

The CDN feature is supported by the Boot ISO and DVD ISO image files. However, it is recommended that you use the Boot ISO image file as the installation source defaults to CDN for the Boot ISO image file.

Prerequisites

  • Your system is connected to a network that can access the CDN.
  • You have downloaded the Boot ISO image file from the Customer Portal.
  • You have created bootable installation media.
  • You have booted the installation program and the boot menu is displayed. Note that the installation repository used after system registration is dependent on how the system was booted.

Procedure

  1. From the boot menu, select Install Red Hat Enterprise Linux 9, and press Enter on your keyboard.
  2. In the Welcome to Red Hat Enterprise Linux 9 window, select your language and location, and click Continue. The Installation Summary window opens and displays the default values for each setting.
  3. Select System > Installation Destination, and in the Local Standard Disks pane, select the target disk and then click Done. The default settings are selected for the storage configuration. For more information about customizing the storage settings, see Configuring software settings, Storage devices, Manual partitioning.
  4. Configure network settings, if not set already.

    1. Select System > Network & Host Name. The Network and Hostname window opens.
    2. In the Network and Hostname window, toggle the Ethernet switch to ON, and then click Done. The installer connects to an available network and configures the devices available on the network. If required, from the list of networks available, you can choose a desired network and configure the devices that are available on that network. For more information about configuring a network or network devices, see Network hostname.
  5. Select Software > Connect to Red Hat. The Connect to Red Hat window opens.
  6. In the Connect to Red Hat window, perform the following steps:

    1. Select the Authentication method, and provide the details based on the method you select.

      For Account authentication method: Enter your Red Hat Customer Portal username and password details.

      For Activation Key authentication method: Enter your organization ID and activation key. You can enter more than one activation key, separated by a comma, as long as the activation keys are registered to your subscription.

    2. Select the Set System Purpose check box, and then select the required Role, SLA, and Usage from the corresponding drop-down lists.

      With System Purpose you can record the intended use of a Red Hat Enterprise Linux 9 system, and ensure that the entitlement server auto-attaches the most appropriate subscription to your system.

    3. The Connect to Red Hat Insights check box is enabled by default. Clear the check box if you do not want to connect to Red Hat Insights.

      Red Hat Insights is a Software-as-a-Service (SaaS) offering that provides continuous, in-depth analysis of registered Red Hat-based systems to proactively identify threats to security, performance and stability across physical, virtual and cloud environments, and container deployments.

    4. Optionally, expand Options, and select the network communication type.

      • Select the Use HTTP proxy check box if your network environment allows external Internet access only or accesses the content servers through an HTTP proxy.
      • RHEL 9 is supported only with Satellite 6.11 or later. Check the version prior attempting to register the system.
      • If you are running Satellite Server or performing internal testing, select the Satellite URL and Custom base URL check boxes and enter the required details.
      • The Satellite URL field does not require the HTTP protocol, for example nameofhost.com. However, the Custom base URL field requires the HTTP protocol. To change the Custom base URL after registration, you must unregister, provide the new details, and then re-register.
    5. Click Register. When the system is successfully registered and subscriptions are attached, the Connect to Red Hat window displays the attached subscription details.

      Depending on the amount of subscriptions, the registration and attachment process might take up to a minute to complete.

    6. Click Done.

      A Registered message is displayed under Connect to Red Hat.

  7. Select User Settings > Root Password. The Root Password window opens.
  8. In the Root Password window, type the password that you want to set for the root account, and then click Done. A root password is required to finish the installation process and to log in to the system administrator user account.

    For more details about the requirements and recommendations for creating a password, see Configuring a root password.

  9. Optional: Select User Settings > User Creation to create a user account for the installation process to complete. In place of the root account, you can use this user account to perform any system administrative tasks.
  10. In the Create User window, perform the following, and then click Done.

    1. Type a name and user name for the account that you want to create.
    2. Select the Make this user administrator and the Require a password to use this account check boxes. The installation program adds the user to the wheel group, and creates a password protected user account with default settings. It is recommended to create a password protected administrative user account.

      For more information about editing the default settings for a user account, see Creating a user account.

  11. Click Begin Installation to start the installation, and wait for the installation to complete. It might take a few minutes.
  12. When the installation process is complete, click Reboot to restart the system.
  13. Remove any installation media if it is not ejected automatically upon reboot.

    Red Hat Enterprise Linux 9 starts after your system’s normal power-up sequence is complete. If your system was installed on a workstation with the X Window System, applications to configure your system are launched. These applications guide you through initial configuration and you can set your system time and date, register your system with Red Hat, and more. If the X Window System is not installed, a login: prompt is displayed.

    Note

    If you have installed a Red Hat Enterprise Linux Beta release, on systems having UEFI Secure Boot enabled, then add the Beta public key to the system’s Machine Owner Key (MOK) list.

  14. From the Initial Setup window, accept the licensing agreement and register your system.

2.4.2.1. Installation source repository after system registration

The installation source repository used after system registration is dependent on how the system was booted.

System booted from the Boot ISO or the DVD ISO image file
If you booted the RHEL installation using either the Boot ISO or the DVD ISO image file with the default boot parameters, the installation program automatically switches the installation source repository to the CDN after registration.
System booted with the inst.repo=<URL> boot parameter
If you booted the RHEL installation with the inst.repo=<URL> boot parameter, the installation program does not automatically switch the installation source repository to the CDN after registration. If you want to use the CDN to install RHEL, you must manually switch the installation source repository to the CDN by selecting the Red Hat CDN option in the Installation Source window of the graphical installation. If you do not manually switch to the CDN, the installation program installs the packages from the repository specified on the kernel command line.
Important
  • You can switch the installation source repository to the CDN using the rhsm Kickstart command only if you do not specify an installation source using inst.repo= on the kernel command line or the url command in the Kickstart file. You must use inst.stage2=<URL> on the kernel command line to fetch the installation image, but not specify the installation source.
  • An installation source URL specified using a boot option or included in a Kickstart file takes precedence over the CDN, even if the Kickstart file contains the rhsm command with valid credentials. The system is registered, but it is installed from the URL installation source. This ensures that earlier installation processes operate as normal.

2.4.3. Verifying your system registration from the CDN

Use this procedure to verify that your system is registered to the CDN using the GUI.

Warning

You can only verify your registration from the CDN if you have not clicked the Begin Installation button from the Installation Summary window. Once the Begin Installation button is clicked, you cannot return to the Installation Summary window to verify your registration.

Prerequisite

  • You have completed the registration process as documented in the Register and install from CDN using GUI and Registered is displayed under Connect to Red Hat on the Installation Summary window.

Procedure

  1. From the Installation Summary window, select Connect to Red Hat.
  2. The window opens and displays a registration summary:

    Method
    The registered account name or activation keys are displayed.
    System Purpose
    If set, the role, SLA, and usage details are displayed.
    Insights
    If enabled, the Insights details are displayed.
    Number of subscriptions
    The number of subscriptions attached are displayed. Note: In the simple content access mode, no subscription being listed is a valid behavior.
  3. Verify that the registration summary matches the details that were entered.

Additional resources

2.4.4. Unregistering your system from the CDN

Use this procedure to unregister your system from the CDN using the GUI.

Warning
  • You can unregister from the CDN if you have not clicked the Begin Installation button from the Installation Summary window. Once the Begin Installation button is clicked, you cannot return to the Installation Summary window to unregister your registration.
  • When unregistering, the installation program switches to the first available repository, in the following order:

    1. The URL used in the inst.repo=<URL> boot parameter on the kernel command line.
    2. An automatically detected repository on the installation media (USB or DVD).

Prerequisite

Procedure

  1. From the Installation Summary window, select Connect to Red Hat.
  2. The Connect to Red Hat window opens and displays a registration summary:

    Method
    The registered account name or activation keys used are displayed.
    System Purpose
    If set, the role, SLA, and usage details are displayed.
    Insights
    If enabled, the Insights details are displayed.
    Number of subscriptions
    The number of subscriptions attached are displayed. Note: In the simple content access mode, no subscription being listed is a valid behavior.
  3. Click Unregister to remove the registration from the CDN. The original registration details are displayed with a Not registered message displayed in the lower-middle part of the window.
  4. Click Done to return to the Installation Summary window.
  5. Connect to Red Hat displays a Not registered message, and Software Selection displays a Red Hat CDN requires registration message.
Note

After unregistering, it is possible to register your system again. Click Connect to Red Hat. The previously entered details are populated. Edit the original details, or update the fields based on the account, purpose, and connection. Click Register to complete.

2.5. Completing post-installation tasks

This section describes how to complete the following post-installation tasks:

  • Registering your system

    Note

    Depending on your requirements, there are several methods to register your system. Most of these methods are completed as part of post-installation tasks. However, the Red Hat Content Delivery Network (CDN) registers your system and attaches RHEL subscriptions before the installation process starts. See Registering and installing RHEL from the CDN for more information.

  • Securing your system

2.5.1. Registering your system using the command line

This section contains information about how to register your Red Hat Enterprise Linux 9 subscription using the command line.

Note

When auto-attaching a system, the subscription service checks if the system is physical or virtual, as well as how many sockets are on the system. A physical system usually consumes two entitlements, a virtual system usually consumes one. One entitlement is consumed per two sockets on a system.

Prerequisites

  • You have an active, non-evaluation Red Hat Enterprise Linux subscription.
  • Your Red Hat subscription status is verified.
  • You have not previously received a Red Hat Enterprise Linux 9 subscription.
  • You have activated your subscription before attempting to download entitlements from the Customer Portal. You need an entitlement for each instance that you plan to use. Red Hat Customer Service is available if you need help activating your subscription.
  • You have successfully installed Red Hat Enterprise Linux 9  and logged into the system as root.

Procedure

  1. Open a terminal window and register your Red Hat Enterprise Linux system using your Red Hat Customer Portal username and password:

    # subscription-manager register --username [username] --password [password]
  2. When the system is successfully registered, an output similar to the following is displayed:

    # The system has been registered with ID: 123456abcdef
    # The registered system name is: localhost.localdomain
  3. Set the role for the system, for example:

    # subscription-manager syspurpose role --set="Red Hat Enterprise Linux Server"
    Note

    Available roles depend on the subscriptions that have been purchased by the organization and the architecture of the Red Hat Enterprise Linux 9 system. Typical roles include: Red Hat Enterprise Linux Server, Red Hat Enterprise Linux Workstation, or Red Hat Enterprise Linux Compute Node. To see the available roles, use the command: # subscription-manager syspurpose role --list

  4. Set the service level for the system, for example:

    # subscription-manager syspurpose service-level --set="Premium"
    Note

    Available service-levels are tied to the subscriptions that have been purchased by the organization. Typical service-levels include: Self-Support, Standard, or Premium, To see the service-levels available, use the command: # subscription-manager syspurpose service-level --list

  5. Set the usage for the system, for example:

    # subscription-manager syspurpose usage --set="Production"
    Note

    Available usages are also dependent on the subscriptions that have been purchased by the organization. Typical usage includes: Production, Disaster Recovery, and Development/Test. To see the usage values available, use the command: # subscription-manager syspurpose usage --list

  6. Attach the system to an entitlement that matches the host system architecture:

    # subscription-manager attach --auto
  7. When a subscription is successfully attached, an output similar to the following is displayed:

    Installed Product Current Status:
    Product Name: Red Hat Enterprise Linux for x86_64
    Status: Subscribed
    Note

    An alternative method for registering your Red Hat Enterprise Linux 9 system is by logging in to the system as a root user and using the Subscription Manager graphical user interface.

2.5.2. Registering your system using the Subscription Manager User Interface

This section contains information about how to register your Red Hat Enterprise Linux 9 system using the Subscription Manager User Interface to receive updates and access package repositories.

Prerequisites

Procedure

  1. Log in to your system.
  2. From the top left-hand side of the window, click Activities.
  3. From the menu options, click the Show Applications icon.
  4. Click the Red Hat Subscription Manager icon, or enter Red Hat Subscription Manager in the search.
  5. Enter your administrator password in the Authentication Required dialog box.

    Note

    Authentication is required to perform privileged tasks on the system.

  6. The Subscriptions window opens, displaying the current status of Subscriptions, System Purpose, and installed products. Unregistered products display a red X.
  7. Click the Register button.
  8. The Register System dialog box opens. Enter your Customer Portal credentials and click the Register button.

The Register button in the Subscriptions window changes to Unregister and installed products display a green X. You can troubleshoot an unsuccessful registration from a terminal window using the subscription-manager status command.

2.5.3. Registration Assistant

Registration Assistant is designed to help you choose the most suitable registration option for your Red Hat Enterprise Linux environment. See https://access.redhat.com/labs/registrationassistant/ for more information.

2.5.4. Configuring System Purpose using the subscription-manager command-line tool

System Purpose is an optional but recommended feature of the Red Hat Enterprise Linux installation. You can use System Purpose to record the intended use of a Red Hat Enterprise Linux 9 system, and ensure that the entitlement server auto-attaches the most appropriate subscription to your system. If System Purpose was not configured during the installation process, you can use the subscription-manager syspurpose command-line tool after installation to set the required attributes.

Prerequisites

  • You installed and registered your Red Hat Enterprise Linux 9 system, but System Purpose is not configured.
  • You are logged in as a root user.

    Note

    If your system is registered but has subscriptions that do not satisfy the required purpose, you can run the subscription-manager remove --all command to remove attached subscriptions. You can then use the command-line subscription-manager syspurpose {role, usage, service-level} tools to set the required purpose attributes, and lastly run subscription-manager attach --auto to re-entitle the system with considerations for the updated attributes.

    Procedure

    Complete the steps in this procedure to configure System Purpose after installation using the subscription-manager syspurpose command-line tool. The selected values are used by the entitlement server to attach the most suitable subscription to your system.

    1. From a terminal window, run the following command to set the intended role of the system:

      # subscription-manager syspurpose role --set "VALUE"

      Replace VALUE with the role that you want to assign:

      • Red Hat Enterprise Linux Server
      • Red Hat Enterprise Linux Workstation
      • Red Hat Enterprise Linux Compute Node

      For example:

      # subscription-manager syspurpose role --set "Red Hat Enterprise Linux Server"
      1. Optional: Before setting a value, see the available roles supported by the subscriptions for your organization:

        # subscription-manager syspurpose role --list
      2. Optional: Run the following command to unset the role:

        # subscription-manager syspurpose role --unset
    2. Run the following command to set the intended Service Level Agreement (SLA) of the system:

      # subscription-manager syspurpose service-level --set "VALUE"

      Replace VALUE with the SLA that you want to assign:

      • Premium
      • Standard
      • Self-Support

      For example:

      # subscription-manager syspurpose service-level --set "Standard"
      1. Optional: Before setting a value, see the available service-levels supported by the subscriptions for your organization:

        # subscription-manager syspurpose service-level --list
      2. Optional: Run the following command to unset the SLA:

        # subscription-manager syspurpose service-level --unset
    3. Run the following command to set the intended usage of the system:

      # subscription-manager syspurpose usage --set "VALUE"

      Replace VALUE with the usage that you want to assign:

      • Production
      • Disaster Recovery
      • Development/Test

      For example:

      # subscription-manager syspurpose usage --set "Production"
      1. Optional: Before setting a value, see the available usages supported by the subscriptions for your organization:

        # subscription-manager syspurpose usage --list
      2. Optional: Run the following command to unset the usage:

        # subscription-manager syspurpose usage --unset
    4. Run the following command to show the current system purpose properties:

      # subscription-manager syspurpose --show
      1. Optional: For more detailed syntax information run the following command to access the subscription-manager man page and browse to the SYSPURPOSE OPTIONS:

        # man subscription-manager

Verification steps

  • To verify the system’s subscription status:

    # subscription-manager status
    +-------------------------------------------+
       System Status Details
    +-------------------------------------------+
    Overall Status: Current
    
    System Purpose Status: Matched
  • An overall status Current means that all of the installed products are covered by the subscription(s) attached and entitlements to access their content set repositories has been granted.
  • A system purpose status Matched means that all of the system purpose attributes (role, usage, service-level) that were set on the system are satisfied by the subscription(s) attached.
  • When the status information is not ideal, additional information is displayed to help the system administrator decide what corrections to make to the attached subscriptions to cover the installed products and intended system purpose.

2.5.5. Securing your system

Complete the following security-related steps immediately after you install Red Hat Enterprise Linux.

Prerequisites

Procedure

  1. To update your system, run the following command as root:

    # dnf update
  2. Even though the firewall service, firewalld, is automatically enabled with the installation of Red Hat Enterprise Linux, there are scenarios where it might be explicitly disabled, for example in a Kickstart configuration. In that scenario, it is recommended that you re-enable the firewall.

    To start firewalld, run the following commands as root:

    # systemctl start firewalld
    # systemctl enable firewalld
  3. To enhance security, disable services that you do not need. For example, if your system has no printers installed, disable the cups service using the following command:

    # systemctl mask cups

    To review active services, run the following command:

    $ systemctl list-units | grep service

2.5.6. Deploying systems that are compliant with a security profile immediately after an installation

You can use the OpenSCAP suite to deploy RHEL systems that are compliant with a security profile, such as OSPP, PCI-DSS, and HIPAA profile, immediately after the installation process. Using this deployment method, you can apply specific rules that cannot be applied later using remediation scripts, for example, a rule for password strength and partitioning.

2.5.6.1. Profiles not compatible with Server with GUI

Certain security profiles provided as part of the SCAP Security Guide are not compatible with the extended package set included in the Server with GUI base environment. Therefore, do not select Server with GUI when installing systems compliant with one of the following profiles:

Table 2.3. Profiles not compatible with Server with GUI

Profile nameProfile IDJustificationNotes

[DRAFT] CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Server

xccdf_org.ssgproject.content_profile_cis

Packages xorg-x11-server-Xorg, xorg-x11-server-common, xorg-x11-server-utils, and xorg-x11-server-Xwayland are part of the Server with GUI package set, but the policy requires their removal.

 

[DRAFT] CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server

xccdf_org.ssgproject.content_profile_cis_server_l1

Packages xorg-x11-server-Xorg, xorg-x11-server-common, xorg-x11-server-utils, and xorg-x11-server-Xwayland are part of the Server with GUI package set, but the policy requires their removal.

 

Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)

xccdf_org.ssgproject.content_profile_cui

The nfs-utils package is part of the Server with GUI package set, but the policy requires its removal.

 

[RHEL9 DRAFT] Protection Profile for General Purpose Operating Systems

xccdf_org.ssgproject.content_profile_ospp

The nfs-utils package is part of the Server with GUI package set, but the policy requires its removal.

BZ#1787156

[DRAFT] DISA STIG for Red Hat Enterprise Linux 9

xccdf_org.ssgproject.content_profile_stig

Packages xorg-x11-server-Xorg, xorg-x11-server-common, xorg-x11-server-utils, and xorg-x11-server-Xwayland are part of the Server with GUI package set, but the policy requires their removal.

To install a RHEL system as a Server with GUI aligned with DISA STIG, you can use the DISA STIG with GUI profile BZ#1648162

2.5.6.2. Deploying baseline-compliant RHEL systems using the graphical installation

Use this procedure to deploy a RHEL system that is aligned with a specific baseline. This example uses Protection Profile for General Purpose Operating System (OSPP).

Warning

Certain security profiles provided as part of the SCAP Security Guide are not compatible with the extended package set included in the Server with GUI base environment. For additional details, see Profiles not compatible with a GUI server .

Prerequisites

  • You have booted into the graphical installation program. Note that the OSCAP Anaconda Add-on does not support interactive text-only installation.
  • You have accessed the Installation Summary window.

Procedure

  1. From the Installation Summary window, click Software Selection. The Software Selection window opens.
  2. From the Base Environment pane, select the Server environment. You can select only one base environment.
  3. Click Done to apply the setting and return to the Installation Summary window.
  4. Click Security Policy. The Security Policy window opens.
  5. To enable security policies on the system, toggle the Apply security policy switch to ON.
  6. Select Protection Profile for General Purpose Operating Systems from the profile pane.
  7. Click Select Profile to confirm the selection.
  8. Confirm the changes in the Changes that were done or need to be done pane that is displayed at the bottom of the window. Complete any remaining manual changes.
  9. Because OSPP has strict partitioning requirements that must be met, create separate partitions for /boot, /home, /var, /var/log, /var/tmp, and /var/log/audit.
  10. Complete the graphical installation process.

    Note

    The graphical installation program automatically creates a corresponding Kickstart file after a successful installation. You can use the /root/anaconda-ks.cfg file to automatically install OSPP-compliant systems.

Verification

  • To check the current status of the system after installation is complete, reboot the system and start a new scan:

    # oscap xccdf eval --profile ospp --report eval_postinstall_report.html /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml

Additional resources

2.5.6.3. Deploying baseline-compliant RHEL systems using Kickstart

Use this procedure to deploy RHEL systems that are aligned with a specific baseline. This example uses Protection Profile for General Purpose Operating System (OSPP).

Prerequisites

  • The scap-security-guide package is installed on your RHEL 9 system.

Procedure

  1. Open the /usr/share/scap-security-guide/kickstart/ssg-rhel9-ospp-ks.cfg Kickstart file in an editor of your choice.
  2. Update the partitioning scheme to fit your configuration requirements. For OSPP compliance, the separate partitions for /boot, /home, /var, /var/log, /var/tmp, and /var/log/audit must be preserved, and you can only change the size of the partitions.
  3. Start a Kickstart installation as described in Performing an automated installation using Kickstart.
Important

Passwords in Kickstart files are not checked for OSPP requirements.

Verification

  1. To check the current status of the system after installation is complete, reboot the system and start a new scan:

    # oscap xccdf eval --profile ospp --report eval_postinstall_report.html /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml

Additional resources

2.5.7. Next steps

When you have completed the required post-installation steps, you can configure basic system settings. For information about completing tasks such as installing software with dnf, using systemd for service management, managing users, groups, and file permissions, using chrony to configure NTP, and working with Python 3, see the Configuring basic system settings document.