Getting Rock on RHEL


I was wondering if anyone had a guide on how to get Rock to install on RHEL. My understanding is that Rock is built with RHEL in mind but for whatever reason I’m drawing a blank on how to get it to work. If anyone could provide some steps to get me started I would appreciate it.



The very generalized directions are:

  1. Install Git and ansible
  2. Clone the repo
  3. Generate Defaults
  4. Deploy
  5. Profit

However there are some other things that need to be done if any of the STiGs are involved. Is there anything special that I need to consider?


The system will need to be STIG’ed and FIPS compliant


In the configuration I have done, I had to disable FIPS in order for the system to deploy bro/zeek along with a few other pieces correctly. FIPS and Bro have a troubled friendship. It will take a min for me to get everything together. I just wanted to get a potential issue (FIPS) out front so you are aware.


I am tracking the issue with FIPS (Its the bane of my existence). However, I can disable FIPS for the RockNSM so that problem can be considered “solved”.



Device / /tmp /var/log/audit /boot /home /swap /var /data /data/stenographer /data/kafka
Sensor 50GB 10GB 10GB 10GB 50 GB 10 GB 10GB 1.0 TB ~1.5 TB
  • 2 NICS are required
  • Min Processors & Memory
    • Processors - 4 cores
    • Memory - 8192MB (8GB)
  • Subscription Enabled sudo subscription-manager register --username [some user] --password [some password] --auto-attach

IF a vm is involved set the following flags on installation:
net.ifnames=0 vga=791

Once installed get the dependencies for deployment out of the way.

sudo yum update -y
sudo yum install -y yum-cron wget dracut ansible
sudo systemctl enable yum-cron
sudo systemctl start yum-cron

To Allow Installation We need to disable FIPS:

Remove the dracut-fips* packages

sudo yum remove dracut-fips\*

Backup existing FIPS initramfs

sudo mv -v /boot/initramfs-$(uname -r).img{,.FIPS-bak}

Run dracut to rebuild the initramfs

sudo dracut

Run Grubby

sudo grubby --update-kernel=ALL --remove-args=fips=1

Carefully up date the grub config file setting fips=0

sudo vi /etc/default/grub

Reboot the machine

sudo reboot

Log back in.

Confirm that fips is disabled by

sysctl crypto.fips_enabled

if it returns 0 then it has been properly disabled

Make a place for ROCK to live

mkdir /opt/rocknsm

Navigate there so we can clone the Rock NSM repo there

cd /opt/rocknsm  

Clone the Repo

sudo git clone

Navigate to the rock bin directory

cd /opt/rocknsm/rock/bin

Generate defaults for rock to deploy with

sudo sh

Adjust in accordance with you needs and then

sudo sh

From there it should work along the same lines of the RockNSM Centos Iso.


Thank you! This is a huge help! If I have any issues I will come back here and post again.



I tried following your steps on a dev version of RHEL at home. When i get to the

sudo sh

I get the follow error:

Do you have any suggestions on this? I am running the newest version of RHEL 7.6


Ahh man I forgot a critical step. How are the users setup?


Currently its my personal dev box so I have root and a user named “admin”

Production network is similar but with more users.


We don’t usually populate the root user and we give the “normal” user admin privileges. But we can make this work. Does your admin user have admin privileges?


My ‘admin’ account does have admin powers and can sudo


It seems to be looking in the wrong directory for things. It’s looking in /usr/share instead of the one that was created by us. We need to clone or copy it the right directory. run sudo cp -a /opt/rocknsm/* /usr/share/.


I get to following output after I copied the repo and ran the


It seems that config.yml doesn’t get created when running

It seems that the playbook generate_default.yml isn’t working? it isn’t creating the directories or files from the templates.


I’m working through it on my box here to try and see where the disconnect is. The playbook is not deploying locally.


I forgot to take in account the new changes for the the inventory for multi node deployment. if you run the following commands this should get you going.

Make the directory for the host.ini file to live

sudo mkdir /etc/rocknsm

use vi to edit the new file

sudo vi /etc/rocknsm/hosts.ini

add the following config

simplerockbuild.simplerock.lan ansible_host= ansible_connection=local

exit and save

run the generate defaults again.


Thanks! I’ll try this as soon as I get back to my machine.


I added the Host.ini file and the config. When I run the command I does the same thing (see below). I attempted to create an empty config.yml however, it did not generate the defaults in the empty file. Where you able to get it to work on your box?


Was there supposed to be an image attached? Yes I was able to get it work on my RHEL box.

[admin@localhost rocknsm]$ ls -al
total 28
drwxr-xr-x.   2 root root    57 Mar  7 18:13 .
drwxr-xr-x. 147 root root 12288 Mar  7 17:57 ..
-rw-r--r--.   1 root root  6125 Mar  7 18:13 config.yml
-rw-r--r--.   1 root root    87 Mar  7 17:58 hosts.ini
[admin@localhost rocknsm]$ cat hosts.ini 
  simplerockbuild.simplerock.lan ansible_host= ansible_connection=local
[admin@localhost bin]$ ls
[admin@localhost bin]$ sudo sh 
No signing data for local repo found. Disabling GPG checking.

PLAY [all] **********************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Create config directory] **************************************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Render template] **********************************************************************************************************
ok: [simplerockbuild.simplerock.lan]

PLAY RECAP **********************************************************************************************************************
simplerockbuild.simplerock.lan : ok=3    changed=0    unreachable=0    failed=0   

Defaults generated. Adjust /etc/rocknsm/config.yml as needed.
[admin@localhost bin]$ 


I am going to start from scratch again and see if I messed up somewhere along the way. (and yes i forgot to attach image)