• Satellite 6.3.4 has just been released.

    The main driver for the 6.3.4 release is RHEL 7.6 compatibility update and ongoing performance and stability improvements. There are 17 bugs squashed in this release - the complete list is below. The most notable issue is compatibility with RHEL 7.6. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated next week. Customers who have already upgraded to Satellite 6.3 should follow the instructions in the errata. Customers who are on older versions of...
    Posted 2018-10-10T21:58:58+00:00 - 0
  • Provisioning VMWare using userdata via Satellite 6.3

    by William McDonald This document presents a basic walkthrough of the steps required to configure Red Hat Satellite 6.3 to provision virtual machines against a VMware vSphere 6.7 Vcenter. In addition to machine provisioning, it illustrates using the upstream Foreman Userdata plug-in to further customise provisioned hosts using cloud-init. This plugin is currently being merged into Foreman core, it will likely appear in future Satellite 6 releases. Prerequisites 8 CPU cores 32GB RAM 200GB of...
    Posted 2018-10-09T08:00:00+00:00 - 2
  • Security Technologies: FORTIFY_SOURCE

    FORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all applications and libraries in an operating system. The concept is basically universal meaning it can be applied to any operating system, but there are glibc specific patches available in gcc-4 onwards. In gcc, FORTIFY_SOURCE normally works by replacing some...
    Posted 2018-09-26T13:30:00+00:00 - 0
  • Insights guidelines for deployment at scale

    Insights usage varies from customer to customer so there is no real "one size fits all" template. However it is worth highlighting some of the features Red Hat has in place to assist with large sized deployments. This is not intended to be a best-practices guide, just some things to consider. Deployment I typically emphasize how easy it is to deploy insights - with it's minimal steps, due to being SaaS; however, for an even easier deployment of Insights on a large scale, Insights has scripts...
    Posted 2018-09-07T15:04:56+00:00 - 0
  • Red Hat Satellite 6.4 Beta is now available

    We are pleased to announce that Red Hat Satellite 6.4 is now available in beta to current Satellite customers. Red Hat Satellite is an infrastructure management platform, designed to manage system patching, provisioning, configurations and subscriptions across the entirety of a Red Hat environment. Satellite offers a lifecycle management solution to help keep your Red Hat infrastructure running efficiently and with greater security, which can reduce costs and overall environmental complexity....
    Posted 2018-09-05T12:55:50+00:00 - 1
  • Satellite 6.3.3 is now available

    Satellite 6.3.3 has just been released. The main driver for the 6.3.3 release is ongoing performance and stability improvements. There are 24 bugs squashed in this release - the complete list is below. The most notable issue is there was a critical Pulp maintenance routine that never executed that is now resolved with this update. 6.3.3 adds a weekly cron schedule to ensure execution of the maintenance job. For customers with large numbers of content hosts (10,000+) there may be a possible...
    Posted 2018-08-23T00:06:45+00:00 - 0
  • New Red Hat Product Security OpenPGP key

    Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key. This was done to improve the long-term security of our communications with our customers and also to meet current key recommendations from NIST (NIST SP 800-57 Pt. 1 Rev. 4 and NIST SP 800-131A Rev. 1). The old key will continue to be valid for some time, but it is preferred that all future correspondence use the new key. Replies and new messages either signed or encrypted...
    Posted 2018-08-22T13:30:00+00:00 - 0
  • Security Technologies: Stack Smashing Protection (StackGuard)

    In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function return address, which leads to several interesting exploitation techniques like ret2libc, ret2gets, and ret2plt. With all of these methods, the function return address is overwritten and attacker controlled code...
    Posted 2018-08-20T13:30:00+00:00 - 0
  • Managing risk in the modern world

    Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to happy outcomes. “Should I get out of bed today?”, “Should I eat this sushi they are selling in this gas station?”, “Can you hold my beverage?”. The challenges of modern-day existence can be very daunting. With this blog, I’m sharing how I’d advise organizations to consider IT-related...
    Posted 2018-08-14T15:30:00+00:00 - 0
  • How SELinux helps mitigate risk while facilitating compliance

    Many of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform and Red Hat OpenStackⓇ Platform. In this blog post, we use PCI-DSS to highlight some of the benefits of SELinux. Though there are many other security standards that affect our customers, we selected PCI-DSS based on a...
    Posted 2018-08-09T13:30:00+00:00 - 0
  • Security Technologies: ExecShield

    The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A majority of exploitable security flaws are due to memory corruption. ExecShield, a Red Hat-developed technology, included since Red Hat Enterprise Linux 3, aims to help protect systems from this type of exploitable security flaws. Buffer...
    Posted 2018-07-25T13:30:00+00:00 - 0
  • Plans within Satellite!

    Remediation plans within Satellite! One of the most exciting capabilities in Satellite 6.3 is greater integration with Red Hat Insights. Although there are tons of other great features, this one is so important I thought it worth a blog post. Using Red Hat Insights from the Satellite UI is now no different than using it in the Customer Portal. The coolest added feature brings the full functionality of Insights Planner to Satellite (planner itself was added in 6.2). You can now create...
    Posted 2018-07-23T09:46:03+00:00 - 2
  • SPECTRE Variant 1 scanning tool

    As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this tool via this article. This tool is not a Red Hat product. As such, it is not supported and does not come with any kind of warranty. The tool only works on static binaries and does not simulate an entire running system. This means it will neither follow jumps through...
    Posted 2018-07-18T13:30:00+00:00 - 0
  • Insights Security Hardening Rules

    Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about the other category of security related rules, those related to security hardening. In all of the products we ship, we make a concerted effort to ship thoughtful, secure default settings to minimize the amount of configuration needed to do...
    Posted 2018-07-12T13:30:00+00:00 - 0
  • Red Hat’s disclosure process

    Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around responsible disclosure. It has caused us to look back to see what went wrong so as to prevent this from happening in the future. Because of how important our relationships with the community and industry partners are and how seriously we treat non-...
    Posted 2018-07-10T13:00:00+00:00 - 0
  • What you need to know to be ready for Satellite 6.4 and Puppet 5

    As we work towards a Satellite 6.4 release this fall there are some very important changes to Puppet that are coming that the Satellite team wants to prepare you for. Note: This affects ALL Satellite 6.3 users, even if you are not using Puppet or if you are using Puppet Enterprise. The last few releases of Satellite have supported Puppet 3.8, a version which has been end-of-life since December 31, 2016. Satellite 6.3 introduced support for Puppet 4, but since there were some major changes on...
    Posted 2018-06-26T22:49:49+00:00 - 6
  • Satellite 6.3.2 is now available

    Satellite 6.3.2 has just been released. The main driver for the 6.3.2 release is allowing customers to disable weak ciphers, but there are several other new features and fixes. There are two errata for the server [1][3] and one for the hosts [2]. The install ISOs will be updated later this week. Customers who have already upgraded to Satellite 6.3 should follow the instructions in the errata. Customers who are on older versions of Satellite should refer to the Upgrading and Updating Red Hat...
    Posted 2018-06-20T07:04:16+00:00 - 0
  • Insights 103

    Back in the Hood!! After a crazy and exciting week of innovations in San Francisco, here I am again to tell you a bit more on how to customize Red Hat Insights to your needs! To blacklist or not to blacklist, that is the question As explained in my previous post Red Hat Insights 102, you can control the data Red Hat Insights sends to Red Hat servers, how data is sent, and when it is sent. But deviating from the default has its drawbacks too. We want to provide our customers with the necessary...
    Posted 2018-05-29T19:35:47+00:00 - 1
  • Satellite 6.2.15 is now available

    Red Hat Satellite 6.2.15 includes bug fixes for improving the performance of Satellite 6.2.x. There is one erratum for the server [1] and one for the hosts [2]. ISOs should be published next week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions in the Satellite 6.2 Installation Guide. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in...
    Posted 2018-05-23T11:23:32+00:00 - 1
  • Go West, [not so] young Spinks: One Satellite member’s guide to Red Hat Summit 2018

    Greetings! I’m John Spinks, Technical Marketing Manager for Satellite. While I’m relatively new to Red Hat, I get to work with Red Hat Satellite engineers and customers every day. Next week is my first Red Hat Summit so I’m excited to get to see so many of both in one place. Not only is this my first Summit as an attendee, I’m honored to say that this will also be my first time at Summit as a speaker. Brent Midwood and I will be presenting the session: Live Demonstration: Find it. Fix it....
    Posted 2018-05-02T13:10:32+00:00 - 0
  • Red Hat Management & Automation with Insights at Red Hat Summit San Francisco 2018!

    Hi again everyone, I'm Will Nix, Technical Evangelist for Red Hat Management & Automation and I'm headed into my 7th year here at Red Hat. I'm really excited for everyone to join us this year at Red Hat Summit 2018 in San Francisco's Moscone center. For the past several years I've presented at Summit, and again this year I'll be presenting in several sessions, labs, and workshops. Check out a really brief description below and join me! Sign up for the events in your Red Hat Summit app, and...
    Posted 2018-05-01T15:21:09+00:00 - 1
  • Satellite 5 and RHN End of Life - Making sure that you are only connected to RHSM.

    Have you completed your migration from Satellite 5 to Satellite 5.8, but you keep getting messages from us about upgrading before January 31, 2019? It could be that your systems are still registered with Red Hat Network (RHN), even if you have moved to a newer version. Let's walk through a couple steps to show you how you can check and see if you are registered with RHN or Red Hat Subscription Manager (RHSM). I moved to Satellite 6 - Does this affect me? If you have moved off of Satellite 5 to...
    Posted 2018-04-30T13:00:07+00:00 - 1
  • What is tar and why does OpenShift Container Application Platform use it?

    Tar is a Posix standard archiving utility originally meant for making tape archives; one of tar's most enduring uses has been for system backups. Tar can take everything that is stored on a filesystem and store it in a structured file, including special files such as links and devices. This capability has made tar a popular storage format for more than 38 years. Red Hat's OpenShift Container Application Platform is a PaaS (Platform as a Service) that integrates many Red Hat software components...
    Posted 2018-04-27T19:04:54+00:00 - 0
  • Join us in San Francisco at the 2018 Red Hat Summit

    This year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA. Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show. Here is a sneak peek at the more than 125 sessions that a security-minded attendee can see at Summit this year. Sessions Cloud Management and Automation S1181 - Automating security and compliance for hybrid environments S1467 - Live demonstration: Find it. Fix it. Before it breaks....
    Posted 2018-04-23T14:30:00+00:00 - 0
  • Certificate Transparency and HTTPS

    Google has announced that on April 30, 2018, Chrome will: “...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate that is not compliant with the Chromium CT Policy, users will begin seeing a full page interstitial indicating their connection is not CT-compliant. Sub-resources served over https connections that are not CT-compliant will fail to load...
    Posted 2018-04-17T15:00:01+00:00 - 0

Pages

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.