{"results":[{"id":"quadlet-production-container-management","text":"Quadlet is production-ready for declarative systemd-native container lifecycle management on RHEL 9, supporting container, build, pod, and image unit types with Podman as the runtime.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-application-streams-independent-lifecycle","text":"Application Streams allow multiple versions of user-space components to be updated independently of the core OS, each with its own lifecycle.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-appstream-shorter-lifecycles","text":"Some Application Streams have shorter support lifecycles than the base RHEL 9 OS.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-authentication-hardening-controls","text":"RHEL 9 provides layered authentication hardening across three defense dimensions: account lockout policy via pam_faillock with configurable thresholds and admin unlock, password lifecycle management via chage with aging/expiry/force-change controls, and SSH key-based authentication with Ed25519 as the recommended algorithm.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-baseos-vs-appstream-purpose","text":"BaseOS provides core OS functionality (full RHEL support lifecycle); AppStream provides additional user-space applications, runtime languages, and databases.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-cluster-services-not-systemctl","text":"Cluster-managed services must not be started or enabled via `systemctl`; Pacemaker controls their lifecycle.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-complete-system-lifecycle-management","text":"RHEL 9 manages the complete temporal system lifecycle: automated provisioning (Image Builder blueprints, Kickstart, Anaconda) for initial deployment, structured patch management (BaseOS/AppStream content split, DNF security update filtering, advisory-driven remediation) for day-2 operations, and dual upgrade paradigms (Leapp sequential in-place upgrades, bootc image-based atomic updates) for major version transitions.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-content-delivery-architecture","text":"RHEL 9 content is architecturally split into two mandatory repositories: BaseOS (core OS foundation, RPMs only) and AppStream (user-space applications delivered as both RPMs and modules), with modules enabling multiple concurrent software versions and some Application Streams having shorter support lifecycles than the base OS.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-crypto-policy-lifecycle","text":"RHEL 9 provides complete crypto policy lifecycle management: four predefined policies, set/show CLI commands, persistent state file verification, and extensibility via custom .pmod subpolicies.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-defense-in-depth-security-framework","text":"RHEL 9 enforces defense-in-depth through four integrated security layers: hardened defaults (SELinux enforcing, firewalld, crypto policies), granular cryptographic policy lifecycle management, layered SELinux MAC enforcement with type-based policy, and a unified audit subsystem with original-identity tracking across privilege escalation.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-dual-authenticated-identity-governed-workload-lifecycle","text":"RHEL 9 workloads are governed across their full lifecycle by dual authentication (subscription for content access, Kerberos for administration) with continuous observability, from identity-authenticated provisioning (IdM/AD-enrolled systems with DNS autodiscovery) through security-governed runtime isolation (SELinux MCS, firewalld, crypto policies) — creating a closed system where no workload phase is unauthenticated, ungoverned, or unobserved.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-dual-authenticated-observable-lifecycle","text":"RHEL 9 enforces dual authentication boundaries throughout the system lifecycle: subscription authentication gates all content and patch access while identity-governed security monitoring (Kerberos-bound audit with auid tracking) ensures every administrative action is attributable.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-encrypted-storage-lifecycle","text":"RHEL 9 provides end-to-end encrypted storage lifecycle management: NBDE with Clevis/Tang for automated decryption across multiple pin types, volume-type-specific unlock requirements (dracut for root, systemd for non-root), and system-wide cryptographic policy governance ensuring encryption algorithms comply with organizational standards.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-full-lifecycle-infrastructure","text":"RHEL 9 supports full infrastructure lifecycle from image creation and automated deployment (Image Builder, Kickstart, Anaconda) through content delivery (BaseOS + AppStream repositories) to ongoing configuration management (Ansible system roles with dual naming, covering timesync, network, SELinux, storage, firewall, logging, and kdump).","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-ha-cluster-requirements","text":"Production HA clusters on RHEL 9 require mandatory STONITH fencing, pcs as the primary management CLI, dedicated firewall ports (TCP 2224/3121, UDP 5405), and Pacemaker-controlled service lifecycle (no systemctl).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-identity-governed-defense-across-lifecycle-and-stack","text":"RHEL 9 is a unified security platform where identity governance spans both the temporal dimension (provisioning, day-2 operations, compliance monitoring) and the spatial dimension (hardware CPU mitigations through mandatory access controls to cryptographic data protection), making every security layer at every lifecycle phase identity-authenticated and auditable.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-identity-governed-secure-lifecycle","text":"RHEL 9 is an identity-governed secure lifecycle platform where every phase — provisioning, day-2 operations, compliance monitoring — is both security-hardened by default and controlled by a unified identity ecosystem (IdM/AD with Kerberos authentication), ensuring authenticated attribution from image creation through audit trail.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-kernel-configuration-management","text":"RHEL 9 manages kernel configuration across two complementary dimensions: runtime module lifecycle (loadable drivers with lsmod/modprobe, persistent blacklisting) and boot parameter management (grubby for persistent kernel args, CPU vulnerability mitigations, crashkernel memory reservation).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-kernel-module-lifecycle","text":"RHEL 9 manages kernel drivers as loadable modules with a complete lifecycle: modules stored in `/lib/modules/$(uname -r)/`, managed via lsmod/modprobe/modprobe -r/modinfo commands, with persistent blacklisting via `modprobe.blacklist=` that survives installation.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-managed-application-workload-infrastructure","text":"RHEL 9 provides fully managed application workload infrastructure combining compute (KVM/QEMU/libvirt with Cockpit management), encrypted storage (LVM three-layer abstraction with LUKS2/NBDE automated decryption), and application runtimes (relational databases via AppStream, managed Python ecosystem, RPM packaging lifecycle) into a single integrated platform.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":34,"limit":20,"offset":0}