{"results":[{"id":"bpftool-feature-command","text":"`bpftool feature` enumerates all BPF features (program types, map types, helpers, kernel config) supported by the running RHEL kernel.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"getconf-pagesize-shows-kernel-page-size","text":"`getconf PAGESIZE` returns `65536` for a 64k page kernel and `4096` for a 4k page kernel.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"grubby-set-default-changes-boot-kernel","text":"`grubby --set-default` is the command to change the default boot kernel on RHEL 9.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"io-uring-disabled-by-default-rhel9","text":"io_uring is disabled by default in RHEL 9 via `kernel.io_uring_disabled=2`; values are 0=all users, 1=privileged only, 2=disabled for all.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ktls-enable-modprobe-tls","text":"kTLS (kernel TLS) is enabled by loading the `tls` kernel module (`modprobe tls`) and setting `ktls = true` in a gnutls crypto-policy local.d file.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ktls-production-tls-offload","text":"Kernel TLS (kTLS) is production-ready for TLS offload on RHEL 9, providing kernel-level cryptographic acceleration that operates within the system-wide crypto policy framework.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ktls-tech-preview-rhel92","text":"Kernel TLS (KTLS) is a Technology Preview in RHEL 9.2, appearing in both security (gnutls acceleration) and networking (kernel-level TLS offload) contexts.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"lpfc-driver-emulex-fibre-channel","text":"The `lpfc` kernel driver is the Emulex driver for Fibre Channel HBAs in RHEL.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"modprobe-blacklist-persists-after-install","text":"`modprobe.blacklist=` disables kernel modules during installation and persists after installation (stored in `/etc/modprobe.d/`).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel-driver-management-commands","text":"Kernel module management commands: `lsmod` lists loaded modules, `modprobe` loads modules, `modprobe -r` unloads modules, `modinfo` shows driver details/version/parameters.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel-kernel-module-management-commands","text":"Kernel module management commands: `lsmod` lists loaded modules, `modprobe` loads modules, `modprobe -r` unloads modules, `modinfo` shows module details including version and parameters.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel-kernel-modules-path","text":"Kernel modules are stored in `/lib/modules/$(uname -r)/`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-arm-default-4k-page-kernel","text":"RHEL 9 ships with a 4k page size kernel by default on ARM (AArch64) systems.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-boot-iso-requires-network-source","text":"The RHEL 9 boot ISO (~700 MB) contains only the installer and kernel; it requires a network installation source and cannot install standalone.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-boot-kernel-parameter-management","text":"RHEL 9 manages kernel boot parameters through `grubby` as the central tool: changing the default boot kernel (`--set-default`), persistently adding kernel arguments (`--update-kernel --args`), controlling CPU vulnerability mitigations (`mitigations=`), tuning crashkernel memory reservation (`crashkernel=size,high/low`), and emergency access via `rd.break` boot interrupt.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-crashkernel-high-low-parameters","text":"`crashkernel=size,high` and `crashkernel=size,low` control kdump memory reservation above/below 4 GB; `crashkernel=X` without high/low takes precedence.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-drivers-loadable-kernel-modules","text":"RHEL ships device drivers as loadable kernel modules, not compiled monolithically into the kernel.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-fips-enable-at-install","text":"FIPS mode should be enabled at install time using the `fips=1` kernel parameter; the `fips-mode-setup` tool is deprecated.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-fips-mode-kernel-parameter","text":"FIPS mode in RHEL 9 is enabled via `fips=1` kernel parameter at install time (not `/etc/system-fips`); check status with `fips-mode-setup --check`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-hardened-kernel-runtime","text":"RHEL 9 manages a hardened kernel runtime through coordinated boot parameter management (grubby for default kernel and persistent args, mitigations= for CPU vulnerability controls, crashkernel= for dump reservation) and explicit security-vs-performance equilibrium controls (TuneD profiles, BPF restrictions with JIT-only enforcement, io_uring default-disabled).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":46,"limit":20,"offset":0}