• Smart card forwarding with Fedora

    Smart cards and hardware security modules (HSM) are technologies used to keep private keys secure on devices physically isolated from other devices while allowing access only to an authorized user. That way only the intended user can use that device to authenticate, authorize, or perform other functions that involve the private keys while others are prevented from gaining access. These devices usually come in the form of a USB device or token which is plugged into the local computer. In modern...
    Posted 2018-01-16T14:30:00+00:00 - 1
  • January 2018 service release: A new year, a new look... and webhooks!

    Happy New Year! One way to get this new year started off right is to get started preventing some of the problems and downtime you may have experienced over the holidays. Using Insights can help future proof your infrastructure with integrated Ansible automation and a report on which systems you still need to patch for vulnerabilities like Meltdown and Spectre. Click here to see if you have systems that are missing the latest patches for these critical vulnerabilities. Latest release We're...
    Posted 2018-01-10T00:11:44+00:00 - 0
  • Satellite 6.2.13 is now available

    Satellite 6.2.13 is now available. Red Hat Satellite 6.2.13 includes backup and restore capabilities for Capsule Servers, as well as other enhancements to make it easier to move the underlying Satellite operating system from a Red Hat ® Enterprise Linux ® 6 (RHEL 6) to a RHEL 7 environment. There are also enhancements to optimize package profile tasks, improvements to the pulp workers service, and documentation improvements. One of the most critical improvements is Backup and Restore of...
    Posted 2017-12-19T19:31:20+00:00 - 7
  • Avoid unplanned downtime this holiday season with automated risk remediation

    It's that time of year again! Many of us in information technology don't have the luxury of letting our guard down during this crucial time for retail, finance, healthcare, and logistics. Being on call or glued to a monitor or app so that we can keep track of late breaking issues and quickly troubleshoot problems if the need arises is often a requirement in the infrastructure and operations world. Downtime is unavoidable. It’s either planned or it's forced. We can help you avoid unplanned...
    Posted 2017-12-15T18:01:25+00:00 - 0
  • Detecting ROBOT and other vulnerabilities using Red Hat testing tools.

    The TLS (Transport Layer Security) protocol, also known as SSL, underpins the security of most Internet protocols. That means the correctness of its implementations protects the safety of communication across network connections. The Red Hat Crypto Team, to verify the correctness of the TLS implementations we ship, has created a TLS testing framework which is developed as the open source tlsfuzzer project. That testing framework is being used to detect and fix issues with the OpenSSL, NSS,...
    Posted 2017-12-12T13:56:54+00:00 - 0
  • Red Hat Satellite 6.3 Beta now available

    Red Hat Satellite 6.3 Beta now available December 7, 2017 We are pleased to announce that Red Hat Satellite 6.3 is now available in beta to current Satellite customers. Red Hat Satellite is an infrastructure management platform, designed to manage system patching, provisioning, configurations and Red Hat subscriptions across the entirety of a Red Hat environment. Satellite offers a lifecycle management solution to help keep customers’ Red Hat infrastructure running efficiently and with greater...
    Posted 2017-12-07T14:20:58+00:00 - 0
  • What happens when you open a support case with Red Hat?

    Most of us have encountered a moment of frustration when using personal technology—a forgotten password, or unresponsive screen on a smartphone, or perhaps you have had an ongoing issue with your internet service provider or your bank. Once you’ve tracked down the support number and dialed in, many times, here is what happens: -A really nice, well-intentioned representative of the company answers your call and asks you to describe the issue. -Their questions are likely based on a flow chart-...
    Posted 2017-11-30T18:04:06+00:00 - 0
  • Satellite 6.3 Beta Repositories

    In preparation for an upcoming public beta release of Red Hat Satellite 6.3, current Satellite customers may notice Satellite 6.3 beta ISOs and packages available in their repositories. Documentation, a Beta Navigation Guide, and customer support will be made available for the 6.3 beta at the time of public beta launch. The supported public launch of the Satellite 6.3 beta is currently scheduled for early December 2017. The announcement of the supported public beta will be made in the Red Hat...
    Posted 2017-11-21T15:09:40+00:00 - 0
  • Security is from Mars, Developers are from Venus…...or ARE they?

    It is a tale as old as time. Developers and security personnel view each other with suspicion. The perception is that a vast gulf of understanding and ability lies between the two camps. “They can’t possibly understand what it is to do my job!” is a surprisingly common statement tossed about. Both groups blame the other for being the source of all of their ills. It has been well-known that fixing security bugs early in the development lifecycle not only helps eliminate exposure to...
    Posted 2017-11-16T15:00:00+00:00 - 2
  • Abuse of RESTEasy Default Providers in JBoss EAP

    Red Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept only a specific media type, JBoss EAP will dynamically process the request with the default provider matching the Content-Type HTTP Header which the client specifies. Some of the default providers where found to have vulnerabilities which have now...
    Posted 2017-10-18T13:30:00+00:00 - 0
  • Satellite 6 and iPXE

    TFTP is slow and unreliable protocol on high-latency networks, but if your hardware is supported by iPXE (http://ipxe.org/appnote/hardware_drivers) or if UNDI driver of the NIC is compatible with iPXE, it is possible to configure PXELinux to chainboot iPXE and continue booting via HTTP protocol which is fast and reliable. There are three scenarios described in this article. In the first two, PXELinux is loaded via TFTP and it chainloads iPXE directly or via UNDI which then carries over the...
    Posted 2017-10-06T07:00:00+00:00 - 0
  • September 2017 service release: CI/CD client now in tech-preview, and feature updates

    The Red Hat Insights team is pleased to present our September 2017 service release. Red Hat Insights is Software-as-a-Service (SaaS) that helps prioritize risk remediation and prevent unplanned downtime. Insights enables customers to proactively monitor and quickly remediate for infrastructure risks and critical security alerts detected in their environments. Using Insights requires no added infrastructure expansion, with no complex setup or configuration, and can be deployed across most...
    Posted 2017-10-05T17:58:07+00:00 - 0
  • Satellite 6.2.12 is released

    Satellite 6.2.12 has been released today. 6.2.12 introduces a new tool for renaming the satellite, and several other new features and fixes. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated later this week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. PLEASE NOTE: Customers who have received hotfixes should verify the list below...
    Posted 2017-09-26T09:06:52+00:00 - 7
  • Insight into 0-days

    Security-based Red Hat Insights rules attempt to analyze and detect issues that impact the security of your systems in different ways: Detect high profile, high priority, and 0-day vulnerabilities Detect misconfigurations of your software which may impact security Detect other issues that could have security implications, such as expired certificates The Red Hat Product Security team works closely with the Red Hat Insights team to provide current, updated, and helpful content for these...
    Posted 2017-09-18T12:53:46+00:00 - 0
  • Kernel Stack Protector and BlueBorne

    Today, a security issue called BlueBorne was disclosed, a vulnerability that could be used to attack sensitive systems via the Bluetooth protocol. Specifically, BlueBorne is a flaw where a remote (but physically quite close) attacker could get root on a server, without an internet connection or authentication, via installed and active Bluetooth hardware. The key phrase is “has the potential.” BlueBorne is still a serious flaw and one that requires patching and remediation, but most Red Hat...
    Posted 2017-09-12T11:51:33+00:00 - 0
  • Polyinstantiating /tmp and /var/tmp directories

    On Linux systems, the /tmp/ and /var/tmp/ locations are world-writable. They are used to provide a common location for temporary files and are protected through the sticky bit, so that users cannot remove files they don't own from the directory, even though the directory itself is world-writable. Several daemons/applications use the /tmp or /var/tmp directories to temporarily store data, log information, or to share information between their sub-components. However, due to the shared nature of...
    Posted 2017-08-31T17:28:50+00:00 - 1
  • Ansible and Insights Part 3 - Setting up Ansible Tower for Insights automated remediation

    For our final Ansible and Insights release blog, we will finish this three part series by showing you how to enable Tower to talk with the Insights API to enable jobs for site wide remediation. This builds on our previous blog post, Ansible and Insights Part 2 - Automating Ansible Core remediation, so if you have do not have the pre-requisites mentioned in Part 2, you should verify you have met those requirements and can build a Planner plan within Insights before trying to follow along....
    Posted 2017-08-29T15:14:52+00:00 - 0
  • Red Hat Satellite and Red Hat Virtualization Cloud-init integration

    As part of the upcoming 6.2.12 release, we are adding additional support for cloud-init provisioning using the Red Hat Enterprise Virtualization (RHEV/RHV) provider. The Cloud-init tool allows to configure the provisioned virtual machine via a configuration, that is passed to the VM though the virtualization platform (RHV in this case). The advantage of this approach is not requiring any special configuration on the network (such as managed DHCP and TFTP) in order to finish the installation of...
    Posted 2017-08-25T16:00:30+00:00 - 0
  • Performing DHCP kexec on discovered hosts

    Satellite 6.2 introduced PXE-less discovery which is targeted to networks without PXE or DHCP services available. In this workflow, kernel on discovered nodes is replaced (via kexec technology) instead of rebooting. This turns out to be useful feature on PXE/DHCP networks as well. To configure kexec on PXE/DHCP enabled network, do the following simple steps. Step 1: Verify foreman discovery image version Newer version of foreman-discovery-image must be used in order to send required "...
    Posted 2017-08-11T08:00:00+00:00 - 0
  • Satellite 6.2.11 is released

    Satellite 6.2.11 has been released today. 6.2.11 introduces many fixes in the messaging infrastructure of Satellite 6. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated next week at the earliest. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. PLEASE NOTE: Customers who have received hotfixes should verify the list below to ensure...
    Posted 2017-08-10T20:57:13+00:00 - 19
  • Dealing with many network interfaces during host check-ins

    Satellite 6 comes with powerful host importing capabilities as part of its inventory feature. When a host checks-in via Puppet or subscription-manager, all incoming data, which we call "facts", are parsed. This mechanism is called "fact import". By default Satellite 6 extracts networking information such as NICs, MAC and IP addresses making necessary changes to reflect the new state in the inventory database. When an IP address of a registered host changes for example, the same change is...
    Posted 2017-08-09T08:00:00+00:00 - 9
  • How to share custom repositories across organizations

    Satellite 6 is strictly a multi-tenant application meaning that every organization gets its own subscription manifest and must select appropriate repositories and sync it. Although the design of Satellite 6 makes sure every single RPM package is downloaded only once across all organization, syncing metadata and publishing and promoting content within many organizations can be time consuming for some specific use cases. The following will work with Satellite 6.2 or newer. One use case is a...
    Posted 2017-08-07T06:00:00+00:00 - 2
  • Post Quantum Cryptography

    Traditional computers are binary digital electronic devices based on transistors. They store information encoded in the form of binary digits each of which could be either 0 or 1. Quantum computers, in contrast, use quantum bits or qubits to store information either as 0, 1 or even both at the same time. Quantum mechanical phenomenons such as entanglement and tunnelling allow these quantum computers to handle a large number of states at the same time. Quantum computers are probabilistic rather...
    Posted 2017-07-26T13:30:00+00:00 - 0
  • What is new in OpenSSH 7.4 (in RHEL 7.4)?

    Red Hat Enterprise Linux 7 (RHEL 7) so far has been providing iterations of OpenSSH 6.6.1p1, first released in 2014. While we've kept it updated against vulnerabilities, many things have changed both in security requirements and features provided by the latest OpenSSH. Therefore, OpenSSH has now been updated to the recently released OpenSSH 7.4p1, which brings many new features and security enhancements. For the complete set of changes and bugfixes, please refer to the upstream release notes....
    Posted 2017-07-12T00:00:00+00:00 - 0
  • Satellite 6.2.10 is released

    Satellite 6.2.10 has been released today. 6.2.10 introduces many fixes based on customer cases and feedback. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated next week at the earliest. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. PLEASE NOTE: Customers who have received hotfixes should verify the list below to ensure their...
    Posted 2017-06-20T19:13:25+00:00 - 7

Pages

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.