====================================================

업데이트 공지 : https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201905001.html 

패치는 VMWARE 로그인해야 받을 수 있습니다. 

VIB Esxcli Update 방법 : https://docs.vmware.com/kr/VMware-vSphere/6.0/com.vmware.vsphere.upgrade.doc/GUID-1E773360-CB1C-4BC2-B2A4-B73AB5706FAF.html

====================================================

ESXi 6.7 에 대한 보안 + 기타 패치가 새로 업데이트되었습니다.

인텔 CPU 부채널공격 정말 해결이 어렵나 봅니다.

개인 테스트랩으로 쓰고 있는 ESXi 하이퍼바이저 서버 업데이트 했습니다. 

Release Date: MAY 14, 2019

Download Filename:

ESXi670-201905001.zip

Build:

Download Size:

316.2 MB

VIBs Included

VMware_bootbank_esx-base_6.7.0-2.55.13644319

VMware_bootbank_vsanhealth_6.7.0-2.55.13356305

VMware_bootbank_esx-update_6.7.0-2.55.13644319

VMware_bootbank_vsan_6.7.0-2.55.13356300

PRs Fixed N/A

Related CVE numbers CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

Install Methoud.

= WEB UI 에서 직접 VIB 업데이트 하는 메뉴도 있던데

저는 고전적인 excli 를 그대로 사용 하겠습니다. 

1) 압축 파일 해제

메뉴얼에 적힌 vib 파일 폴더에서 해당 파일만 Datastore 로 업로드

2. VM 들 다 OFF 하고, 하이퍼바이저 유지보수 모드 후 SSH Shell 진입하기.

[root@test:/vmfs/volumes/5c49dc51-dfefee5c-92f7-e83935b83d84/Linux] pwd

/vmfs/volumes/datastore1/Linux

[root@test:/vmfs/volumes/5c49dc51-dfefee5c-92f7-e83935b83d84/Linux] ls -ltr

total 1249280

-rw-r--r--    1 root     root     962592768 Mar  7 08:32 CentOS-7-x86_64-Minimal-1810.iso

-rw-r--r--    1 root     root     316191859 May 20 10:31 ESXi670-201905001.zip

3. vib 업데이트 실행 후 리부팅. 

#esxcli software vib update --depot /vmfs/volumes/datastore1/Linux/ESXi670-2

01905001.zip

Installation Result

   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.

   Reboot Required: true

   VIBs Installed: VMware_bootbank_cpu-microcode_6.7.0-2.55.13644319, VMware_bootbank_esx-base_6.7.0-2.55.13644319, VMware_bootbank_esx-ui_1.33.3-13454473, VMware_bootbank_esx-update_6.7.0-2.55.13644319, VMware_bootbank_vsan_6.7.0-2.55.13356300, VMware_bootbank_vsanhealth_6.7.0-2.55.13356305

   VIBs Removed: VMware_bootbank_cpu-microcode_6.7.0-1.28.10302608, VMware_bootbank_esx-base_6.7.0-2.48.13006603, VMware_bootbank_esx-ui_1.33.3-12923304, VMware_bootbank_esx-update_6.7.0-2.48.13006603, VMware_bootbank_vsan_6.7.0-2.48.12775451, VMware_bootbank_vsanhealth_6.7.0-2.48.12775454

   VIBs Skipped: VMW_bootbank_ata-libata-92_3.00.9.2-16vmw.670.0.0.8169922, VMW_bootbank_ata-pata-amd_0.3.10-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-atiixp_0.4.6-4vmw.670.0.0.8169922, VMW_bootbank_ata-pata-cmd64x_0.2.5-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-hpt3x2n_0.3.4-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-pdc2027x_1.0-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-serverworks_0.4.3-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-sil680_0.4.8-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-via_0.3.3-2vmw.670.0.0.8169922, VMW_bootbank_block-cciss_3.6.14-10vmw.670.0.0.8169922, VMW_bootbank_bnxtnet_20.6.101.7-21vmw.670.2.48.13006603, VMW_bootbank_bnxtroce_20.6.101.0-20vmw.670.1.28.10302608, VMW_bootbank_brcmfcoe_11.4.1078.19-12vmw.670.2.48.13006603, VMW_bootbank_char-random_1.0-3vmw.670.0.0.8169922, VMW_bootbank_ehci-ehci-hcd_1.0-4vmw.670.0.0.8169922, VMW_bootbank_elxiscsi_11.4.1174.0-2vmw.670.0.0.8169922, VMW_bootbank_elxnet_11.4.1095.0-5vmw.670.1.28.10302608, VMW_bootbank_hid-hid_1.0-3vmw.670.0.0.8169922, VMW_bootbank_i40en_1.3.1-23vmw.670.2.48.13006603, VMW_bootbank_iavmd_1.2.0.1011-2vmw.670.0.0.8169922, VMW_bootbank_igbn_0.1.1.0-4vmw.670.2.48.13006603, VMW_bootbank_ima-qla4xxx_2.02.18-1vmw.670.0.0.8169922, VMW_bootbank_ipmi-ipmi-devintf_39.1-5vmw.670.1.28.10302608, VMW_bootbank_ipmi-ipmi-msghandler_39.1-5vmw.670.1.28.10302608, VMW_bootbank_ipmi-ipmi-si-drv_39.1-5vmw.670.1.28.10302608, VMW_bootbank_iser_1.0.0.0-1vmw.670.1.28.10302608, VMW_bootbank_ixgben_1.4.1-18vmw.670.2.48.13006603, VMW_bootbank_lpfc_11.4.33.18-12vmw.670.2.48.13006603, VMW_bootbank_lpnic_11.4.59.0-1vmw.670.0.0.8169922, VMW_bootbank_lsi-mr3_7.708.07.00-2vmw.670.2.48.13006603, VMW_bootbank_lsi-msgpt2_20.00.05.00-1vmw.670.2.48.13006603, VMW_bootbank_lsi-msgpt35_09.00.00.00-1vmw.670.2.48.13006603, VMW_bootbank_lsi-msgpt3_17.00.01.00-3vmw.670.2.48.13006603, VMW_bootbank_misc-cnic-register_1.78.75.v60.7-1vmw.670.0.0.8169922, VMW_bootbank_misc-drivers_6.7.0-2.48.13006603, VMW_bootbank_mtip32xx-native_3.9.8-1vmw.670.1.28.10302608, VMW_bootbank_ne1000_0.8.4-2vmw.670.2.48.13006603, VMW_bootbank_nenic_1.0.21.0-1vmw.670.1.28.10302608, VMW_bootbank_net-bnx2_2.2.4f.v60.10-2vmw.670.0.0.8169922, VMW_bootbank_net-bnx2x_1.78.80.v60.12-2vmw.670.0.0.8169922, VMW_bootbank_net-cdc-ether_1.0-3vmw.670.0.0.8169922, VMW_bootbank_net-cnic_1.78.76.v60.13-2vmw.670.0.0.8169922, VMW_bootbank_net-e1000_8.0.3.1-5vmw.670.0.0.8169922, VMW_bootbank_net-e1000e_3.2.2.1-2vmw.670.0.0.8169922, VMW_bootbank_net-enic_2.1.2.38-2vmw.670.0.0.8169922, VMW_bootbank_net-fcoe_1.0.29.9.3-7vmw.670.0.0.8169922, VMW_bootbank_net-forcedeth_0.61-2vmw.670.0.0.8169922, VMW_bootbank_net-igb_5.0.5.1.1-5vmw.670.0.0.8169922, VMW_bootbank_net-ixgbe_3.7.13.7.14iov-20vmw.670.0.0.8169922, VMW_bootbank_net-libfcoe-92_1.0.24.9.4-8vmw.670.0.0.8169922, VMW_bootbank_net-mlx4-core_1.9.7.0-1vmw.670.0.0.8169922, VMW_bootbank_net-mlx4-en_1.9.7.0-1vmw.670.0.0.8169922, VMW_bootbank_net-nx-nic_5.0.621-5vmw.670.0.0.8169922, VMW_bootbank_net-tg3_3.131d.v60.4-2vmw.670.0.0.8169922, VMW_bootbank_net-usbnet_1.0-3vmw.670.0.0.8169922, VMW_bootbank_net-vmxnet3_1.1.3.0-3vmw.670.2.48.13006603, VMW_bootbank_nfnic_4.0.0.17-0vmw.670.2.48.13006603, VMW_bootbank_nhpsa_2.0.22-3vmw.670.1.28.10302608, VMW_bootbank_nmlx4-core_3.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_nmlx4-en_3.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_nmlx4-rdma_3.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_nmlx5-core_4.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_nmlx5-rdma_4.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_ntg3_4.1.3.2-1vmw.670.1.28.10302608, VMW_bootbank_nvme_1.2.2.27-1vmw.670.2.48.13006603, VMW_bootbank_nvmxnet3-ens_2.0.0.21-1vmw.670.0.0.8169922, VMW_bootbank_nvmxnet3_2.0.0.29-1vmw.670.1.28.10302608, VMW_bootbank_ohci-usb-ohci_1.0-3vmw.670.0.0.8169922, VMW_bootbank_pvscsi_0.1-2vmw.670.0.0.8169922, VMW_bootbank_qcnic_1.0.2.0.4-1vmw.670.0.0.8169922, VMW_bootbank_qedentv_2.0.6.4-10vmw.670.1.28.10302608, VMW_bootbank_qfle3_1.0.50.11-9vmw.670.0.0.8169922, VMW_bootbank_qfle3f_1.0.25.0.2-14vmw.670.0.0.8169922, VMW_bootbank_qfle3i_1.0.2.3.9-3vmw.670.0.0.8169922, VMW_bootbank_qflge_1.1.0.11-1vmw.670.0.0.8169922, VMW_bootbank_sata-ahci_3.0-26vmw.670.0.0.8169922, VMW_bootbank_sata-ata-piix_2.12-10vmw.670.0.0.8169922, VMW_bootbank_sata-sata-nv_3.5-4vmw.670.0.0.8169922, VMW_bootbank_sata-sata-promise_2.12-3vmw.670.0.0.8169922, VMW_bootbank_sata-sata-sil24_1.1-1vmw.670.0.0.8169922, VMW_bootbank_sata-sata-sil_2.3-4vmw.670.0.0.8169922, VMW_bootbank_sata-sata-svw_2.3-3vmw.670.0.0.8169922, VMW_bootbank_scsi-aacraid_1.1.5.1-9vmw.670.0.0.8169922, VMW_bootbank_scsi-adp94xx_1.0.8.12-6vmw.670.0.0.8169922, VMW_bootbank_scsi-aic79xx_3.1-6vmw.670.0.0.8169922, VMW_bootbank_scsi-bnx2fc_1.78.78.v60.8-1vmw.670.0.0.8169922, VMW_bootbank_scsi-bnx2i_2.78.76.v60.8-1vmw.670.0.0.8169922, VMW_bootbank_scsi-fnic_1.5.0.45-3vmw.670.0.0.8169922, VMW_bootbank_scsi-hpsa_6.0.0.84-3vmw.670.0.0.8169922, VMW_bootbank_scsi-ips_7.12.05-4vmw.670.0.0.8169922, VMW_bootbank_scsi-iscsi-linux-92_1.0.0.2-3vmw.670.0.0.8169922, VMW_bootbank_scsi-libfc-92_1.0.40.9.3-5vmw.670.0.0.8169922, VMW_bootbank_scsi-megaraid-mbox_2.20.5.1-6vmw.670.0.0.8169922, VMW_bootbank_scsi-megaraid-sas_6.603.55.00-2vmw.670.0.0.8169922, VMW_bootbank_scsi-megaraid2_2.00.4-9vmw.670.0.0.8169922, VMW_bootbank_scsi-mpt2sas_19.00.00.00-2vmw.670.0.0.8169922, VMW_bootbank_scsi-mptsas_4.23.01.00-10vmw.670.0.0.8169922, VMW_bootbank_scsi-mptspi_4.23.01.00-10vmw.670.0.0.8169922, VMW_bootbank_scsi-qla4xxx_5.01.03.2-7vmw.670.0.0.8169922, VMW_bootbank_sfvmk_1.0.0.1003-6vmw.670.2.48.13006603, VMW_bootbank_shim-iscsi-linux-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-iscsi-linux-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libata-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libata-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfc-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfc-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfcoe-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfcoe-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-vmklinux-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-vmklinux-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-vmklinux-9-2-3-0_6.7.0-0.0.8169922, VMW_bootbank_smartpqi_1.0.1.553-12vmw.670.1.28.10302608, VMW_bootbank_uhci-usb-uhci_1.0-3vmw.670.0.0.8169922, VMW_bootbank_usb-storage-usb-storage_1.0-3vmw.670.0.0.8169922, VMW_bootbank_usbcore-usb_1.0-3vmw.670.0.0.8169922, VMW_bootbank_vmkata_0.1-1vmw.670.0.0.8169922, VMW_bootbank_vmkfcoe_1.0.0.1-1vmw.670.1.28.10302608, VMW_bootbank_vmkplexer-vmkplexer_6.7.0-0.0.8169922, VMW_bootbank_vmkusb_0.1-1vmw.670.2.48.13006603, VMW_bootbank_vmw-ahci_1.2.3-1vmw.670.1.28.10302608, VMW_bootbank_xhci-xhci_1.0-3vmw.670.0.0.8169922, VMware_bootbank_elx-esx-libelxima.so_11.4.1184.1-2.48.13006603, VMware_bootbank_esx-dvfilter-generic-fastpath_6.7.0-0.0.8169922, VMware_bootbank_esx-xserver_6.7.0-0.0.8169922, VMware_bootbank_lsu-hp-hpsa-plugin_2.0.0-16vmw.670.1.28.10302608, VMware_bootbank_lsu-intel-vmd-plugin_1.0.0-2vmw.670.1.28.10302608, VMware_bootbank_lsu-lsi-drivers-plugin_1.0.0-1vmw.670.2.48.13006603, VMware_bootbank_lsu-lsi-lsi-mr3-plugin_1.0.0-13vmw.670.1.28.10302608, VMware_bootbank_lsu-lsi-lsi-msgpt3-plugin_1.0.0-9vmw.670.2.48.13006603, VMware_bootbank_lsu-lsi-megaraid-sas-plugin_1.0.0-9vmw.670.0.0.8169922, VMware_bootbank_lsu-lsi-mpt2sas-plugin_2.0.0-7vmw.670.0.0.8169922, VMware_bootbank_lsu-smartpqi-plugin_1.0.0-3vmw.670.1.28.10302608, VMware_bootbank_native-misc-drivers_6.7.0-2.48.13006603, VMware_bootbank_qlnativefc_3.1.8.0-4vmw.670.2.48.13006603, VMware_bootbank_rste_2.0.2.0088-7vmw.670.0.0.8169922, VMware_bootbank_vmware-esx-esxcli-nvme-plugin_1.2.0.36-2.48.13006603, VMware_locker_tools-light_10.3.5.10430147-12986307

영문 내용의 출처는 RHCSA 기출과 동일 합니다.

5월중에는 해설 올리려고 노력중입니다. 

여러분들도 RHEL 8 Release 된 마당에, 몇달뒤 바뀌기전에 빨리 준비하는게 속 편하겠죠?

RHCSA 가 LDAP & LVM 제외하면,  정말 기초적인 수준을 다뤘다면

RHCE 는 이제 RHEL 을 가지고 본격적인 엔지니어를 시작한다고 보면 됩니다.  

대충 문제 둘러보니 난이도는 그다지 높지는 않습니다만 

본격적인 OS 사용방법들을 요구 합니다.

방화벽 사용 + iSCSI + 초급 쉘스크립팅 + SMB + DB 초기설치 정도가 유의사항이네요. 

RHCSA 는 KVM 가상화환경의 VM 1EA Console 을 사용하고

RHCE 는 VM 2EA 를 같이 구성하게 됩니다. 

문제 구성상 RHCE 는 firewalld 를 끄면 안되므로, 방화벽 설정 원활하게 숙달하는게 중요합니다.

외부, 서비스 접근할떄마다 방화벽을 열어줘야 합니다.

단순하게 외우려고 하면, 합격이 좀 힘들수도 있으나

문제만 보지말고 문제의 이해를 범위있게 공부하면, 어려운 시험은 아닙니다.

일단 초벌 원문만 올려두겠습니다. 

[ 문제 내용 ] 

1. Selinux - RHCSA 보다 심화된 내용 등장. 특정 디렉토리 권한 설정 등

문제에서 enforcing 설정만 나왔으나, 아래 문제 풀다보면 권한설정 필요해집니다.

2. yum - yum 에 기존에서 추가된 repository 추가.

3. firewalld - 방화벽으로 포트 접근 기본적인 제어하기

4. env - 유저의 환경설정에 alias 를 이용한 신규 명령어 연동

5. firewalld - 방화벽을 이용한 포트포워딩

6. nmcli - nmcli , nmtui , vim 등을 사용한 서버 2EA 의 다양한 네트워크 환경 설정.

7. IPv6 - 양 서버에 IPv6 인터페이스 설정 하기

8. web install - RHEL 그룹패키지 ( Basic web server ) 로 httpd 설치 및 기본 설정.

9. Virtual Host - httpd 의 가상호스팅 기본 세팅하기

10. SSL 인증서 - 아파치 가상호스트에 보안인증서 적용하기

11. Virtual host - 가상호스트 설정 및 접근 권한 ( <Directory> 구성 ) 설정.

12. Selinux + Httpd - 가상호스트의 웹 접속 포트 변경 ( httpd.conf + 방화벽 + Selinux )

13. Shell Script - Agument 를 붙였을 때, 각각의 결과를 출력하는 기초 스크립트 작성

14. NFS Server - NFS 서버 구성 및 옵션 (보안) 설정

15. NFS Client - NFS 마운트 심화 구성

16.17 SMB - CIFS 기본 구성 및 설정

18. iSCSI - iSCSI target 구성

19. iSCSI - iSCSI Initiator 분배 구성

20. MariaDB - DB 서버 설치 후, DUMP 파일 복원과 계정 억세스 가능 설정.

21. MariaDB - 간단한 DB 쿼리문 실행 및 결과 확인하기

22. Shell Script - if 문을 활용한 조건문 스크립트 작성

23. Mail - Postfix 를 사용한 메일 환경설정

이슈가 있어, 문제 내렸습니다.

해석은 진행하고 있으며, 다음주 이후 필요하신 분께 공유해드리도록 하겠습니다.