{"results":[{"id":"firewall-rules-three-directions","text":"Firewall rules control traffic in three directions: incoming, outgoing, and forwarded.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"firewalld-controls-three-traffic-directions","text":"`firewalld` rules control three directions of network traffic: incoming, outgoing, and forwarded.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-rhel-exclusive-deployment-model","text":"IdM is a RHEL-exclusive deployment of upstream FreeIPA with three installable roles (server, replica, client), pre-tuned for typical deployments out of the box and officially supported only on RHEL.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-vault-three-types","text":"IdM vault types are standard (accessible by owner/members), symmetric (password-protected with symmetric key), and asymmetric (encrypted with public key, decrypted with private key).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"lvm-flexible-storage-management","text":"LVM provides flexible, non-disruptive storage management through a three-layer abstraction (PV → VG → LV) that enables spanning multiple disks into unified volume groups, online extension without downtime, and a consistent command vocabulary (pvcreate, vgcreate, lvcreate, lvextend, lvreduce, vgextend) for all operations.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"lvm-three-layer-hierarchy","text":"LVM uses a three-layer hierarchy: Physical Volumes (PV) → Volume Groups (VG) → Logical Volumes (LV).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-aide-integrity-workflow","text":"AIDE provides a complete file integrity monitoring workflow: three operations (init/check/update), mandatory database rename after generation, AppStream package source, with the critical caveat that it is detection-only.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-aide-three-operations","text":"AIDE has three key operations: `--init` (create baseline database), `--check` (verify integrity), `--update` (refresh database after legitimate changes).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-authentication-hardening-controls","text":"RHEL 9 provides layered authentication hardening across three defense dimensions: account lockout policy via pam_faillock with configurable thresholds and admin unlock, password lifecycle management via chage with aging/expiry/force-change controls, and SSH key-based authentication with Ed25519 as the recommended algorithm.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-errata-three-types","text":"Red Hat advisories come in three types: RHSA (security), RHBA (bug fix), and RHEA (enhancement).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-idm-three-roles","text":"IdM (Identity Management) has three installable roles: server, replica, and client, installed via `ipa-server-install`, `ipa-replica-install`, and `ipa-client-install` respectively.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-role-three-variable-groups","text":"The logging system role uses three variable groups: `logging_inputs` (log sources), `logging_outputs` (log destinations), and `logging_flows` (connecting inputs to outputs).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-system-role-framework","text":"The RHEL 9 logging system role (redhat.rhel_system_roles.logging) provides a structured rsyslog configuration framework organized around three variable groups: inputs (basics/remote/files as log sources), outputs (files/remote_files/forwards as destinations), and flows connecting them, with SELinux constraining allowed syslog ports to 601, 514, 6514, 10514, and 20514.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-managed-application-workload-infrastructure","text":"RHEL 9 provides fully managed application workload infrastructure combining compute (KVM/QEMU/libvirt with Cockpit management), encrypted storage (LVM three-layer abstraction with LUKS2/NBDE automated decryption), and application runtimes (relational databases via AppStream, managed Python ecosystem, RPM packaging lifecycle) into a single integrated platform.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-managed-database-platform","text":"RHEL 9 provides a managed relational database platform: three supported RDBMS (MariaDB, MySQL, PostgreSQL) delivered via AppStream repository module streams for version selection, with standardized default ports (3306 for MariaDB/MySQL, 5432 for PostgreSQL).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-managed-encrypted-storage","text":"RHEL 9 combines flexible volume management with automated disk encryption: LVM provides the three-layer abstraction (PV → VG → LV) with online extension capability, while NBDE with Clevis/Tang automates the decryption of those volumes at boot — enabling encrypted, dynamically resizable storage that requires no manual passphrase entry.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-security-compliance-triad","text":"RHEL 9 provides three complementary security compliance mechanisms: continuous audit logging with original-identity tracking and pre-configured compliance rule sets (OSPP, PCI-DSS, STIG), file integrity monitoring via AIDE with init/check/update workflow, and automated SCAP scanning against predefined security profiles from scap-security-guide.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-subscription-content-pipeline","text":"RHEL 9 requires a registration-to-content pipeline before systems can receive updates: registration via one of three methods (GUI/TUI, subscription-manager CLI, or activation key), per-architecture subscription assignment, and content delivery from either Red Hat CDN or Satellite Server.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-subscription-gated-content-lifecycle","text":"RHEL 9 content access follows a subscription-gated lifecycle: systems must first register via one of three methods (GUI/TUI, subscription-manager CLI, or activation key) to access the architecturally split BaseOS/AppStream repository system, which then provides the foundation for package installation, module stream selection, and security update management.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-supported-databases","text":"RHEL 9 supports three relational database servers: MariaDB, MySQL, and PostgreSQL.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":26,"limit":20,"offset":0}