Chapter 2. Installing prerequisites for Discovery
Discovery is a containerized solution that can be deployed on any RHEL or OpenShift Container Platform platform. The following documentation assumes Discovery is installed on a dedicated RHEL system. Adoption of this implementation will minimize impact on production servers, avoid complications of UI-to-server port mapping, and adhere to the officially documented and supported path for installation. You must install Discovery on a dedicated system that does not run any other workloads. No warranty or support is offered for installation on a nondedicated system.
Procedure
- Install the following requirements for hardware, software, and the environment in which you are going to install and use Discovery.
2.1. Hardware prerequisites
The system on which you are going to install Discovery must meet or exceed the following hardware requirements:
- CPU: 2 core minimum, with a recommended 4 cores
- RAM: 1 GB minimum, with a recommended 2 GB
- Disk Storage: 30 GB
Discovery uses rootless Podman, which, by default, stores containers in the following filepath: ${HOME}/.local/share/containers. Ensure that the partition that contains this directory has at least 30 GB of storage. If Podman is configured to use a non-standard directory for container storage, ensure that the configured directory has 30 GB of storage.
2.2. Software prerequisites
The system on which you are going to install Discovery must meet the following software requirements:
- Operating system: The latest version of Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 9, installed as a clean install and specifically not upgraded from RHEL 7
- File system: Must run with d_type (Podman requirement)
In addition to these software requirements, Discovery has dependencies on other software that is required to install and run Discovery, primarily the Podman container tool. The Podman package is included with Red Hat Enterprise Linux 8 and later, so you are not required to obtain the Podman package separately. You will need sudo privileges to install Podman.
Related Information
- For more information about the definition of Red Hat Enterprise Linux clean installs, see the key migration terminology section in the Upgrading from RHEL 8 to RHEL 9 guide.
2.3. Other environment prerequisites
The environment in which you are going to install and use Discovery must meet the following requirements. Some of these requirements affect the systems on which you are going to install and run Discovery. Others affect the systems in your IT infrastructure that you are going to scan with Discovery.
In your network:
- If you want to use Discovery to scan a network that contains multiple air-gapped environments, you must install a Discovery server for each of those air-gapped environments.
On the system where Discovery is installed and running:
- The system should be a system that is dedicated to Discovery work only and should not be used for either development or production work.
The system must have an internet connection to register to Red Hat subscription management tools and access Red Hat content.
- For a disconnected installation, the connected system on which you are downloading the containers must meet this requirement.
The system must have access to the Red Hat Ecosystem Catalog with your Red Hat Customer Portal credentials.
For a disconnected installation, the connected system on which you are downloading the containers must meet this requirement.
NoteIf you cannot use the Red Hat Ecosystem Catalog to download Red Hat content, join the Red Hat Developer program to create a Red Hat Customer Portal account, obtain a Red Hat Developer subscription, and gain access to Red Hat content. For more information, see the Red Hat Developer website.
- The Discovery server must have access, through the SSH protocol, to the IT infrastructure assets that are to be scanned.
On the systems in your network where Discovery runs scans:
- Any network sources that are targeted for scanning must be running the SSH protocol.
-
A user account that is used as a credential for a scan requires the
bashshell. The shell cannot be the/sbin/nologinshell or the/bin/falseshell. - A user account that is used as a credential for a network scan must have adequate permissions to run commands and read certain files on those systems. For example, some commands that run during a scan require privilege elevation to gather the complete set of facts for the scan. The Using Discovery guide has additional information about the creation of credentials for network scans and the privileges that must be associated with those credentials to enable a more complete scan of network assets.
-
A user account that is used as a credential for a network scan where authentication is done with an SSH key must have a copy of the private key on the Discovery server. The private key must be stored in the
"${HOME}"/.local/share/discovery/sshkeysdirectory, the default location for this directory at the time of server installation. -
The user account that runs the
podmancommands to install and run Discovery must not be therootuser, and it must not invoke these commands by usingsudoorsuto grant elevated user privileges. These actions are not supported.
Additional resources
- For more information about the creation of credentials for network scans and their association with elevated privileges, see the topic about adding network sources and credentials in the Installing and Configuring Discovery guide.
