SPL 110: Local Installation of Red Hat Linux (10 pts)

Purpose

To prepare a Red Hat Linux server locally using VMware, and install Splunk Enterprise. It's important not to use other Linux versions, like Debian, because later we'll add Splunk SOAR which is not supported on them.

What You Need

VMware Workstation Player or VMware Fusion installed on your local host
A local installation of Red Hat Linux should work too; you can get a free license here.

Making a Red Hat Developer Account

As far as I can tell, there is no way to elevate a normal Red Hat account to a Developer account. If you already have a Red Hat account, you'll need to create a new account to get a product registration key.

In a Web browser, go here.

In the 1. section, click "Red Hat Developer program".

Create a new account.

Read your email and click the link Red Hat sent you.

Downloading a Red Hat VMware Image

In a Web browser, go to https://developers.redhat.com/products/rhel/download.

In the "Public and private cloud-ready RHEL images" section, click "", as shown below.

Make these selections, as shown below

Release: Red Hat Enterprise Linux (RHEL) 8
Bare metal - Installer (.iso)

Click Next.

On the "Register" page, select "Register later" and click Next.

On the "File system configuration" page, accept the default selection of "Use automatic partitioning" and click Next.

On the "Additional Red Hat packages" page, click Next.

On the "Custom repositories" page, click Next.

On the "Image Name" page, enter a name of rhel8 and click Next.

On the "Create image" page, click "Create image".

On the "Image Builder" page, wait until the Instance shows "Download (.iso)" and click it.

Save the .iso file locally.

Creating a VM

Launch VMware. Create a new VM using the .vmdk file as the hard disk, with these settings:

Operating System: Red Hat Linux
100 GB Hard disk
Virtual DVD pointing to the .iso you downloaded
4 processor cores
16 GB RAM

Launch the VM. Boot from the virtual DVD. An INSTALLATION SUMMARY screen appears, as shown below.

My "Installation Destination" said "kickstart insufficient" at first, so I clicked on that item and clicked on the 100 GB partition to select it. Then returning to the INSTALLATION SUMMARY screen showed me the image below.

Click on Root Password and set a root password.

Click on User Creation and assign a user account name and password. Check the box to make this user administrator, as shown below.

Click the "Begin installation" button.

When the installation completes, power down the system and disconnect the DVD drive.

Networking and SSH

Boot the system and log in as your normal user.

Execute these commands to get an IP address and see what it is.

sudo dhclient -v ip a

Connect via SSH using that address, from a Terminal or Powershell window, with this command:

ssh username@ip-address

Registering with Red Hat

Execute this command on your Red Hat system, in an SSH session:

sudo subscription-manager register

Enter your Red Hat username and password.

Configuring DHCP on Startup

To make the server use DHCP each time it starts, execute this command:

sudo yum install nano

Enter y to approve the installation.

Then execute this command:

sudo nano /etc/sysconfig/network-scripts/ifcfg-ens160

Change the last line to

ONBOOT=yes

Press Ctrl+X, Y, Enter to save the file.

Allowing Port 8000 Through the Firewall

To allow access to the Splunk Web page, execute these commands:

sudo firewall-cmd --zone=public --add-port=8000/tcp sudo firewall-cmd --reload

SPL 110.1: OS Version (10 pts)
Execute this command:
uname -a
The flag is covered by a green box in the image below.

Posted 9-25-23