• Join us in San Francisco at the 2018 Red Hat Summit

    This year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA. Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show. Here is a sneak peek at the more than 125 sessions that a security-minded attendee can see at Summit this year. Sessions Cloud Management and Automation S1181 - Automating security and compliance for hybrid environments S1467 - Live demonstration: Find it. Fix it. Before it breaks....
    Posted 2018-04-23T14:30:00+00:00 - 0
  • Certificate Transparency and HTTPS

    Google has announced that on April 30, 2018, Chrome will: “...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate that is not compliant with the Chromium CT Policy, users will begin seeing a full page interstitial indicating their connection is not CT-compliant. Sub-resources served over https connections that are not CT-compliant will fail to load...
    Posted 2018-04-17T15:00:01+00:00 - 0
  • Satellite 6.3.1 is now available

    Red Hat Satellite 6.3.1 includes packages that supports Red Hat Enterprise Linux 7.5 as well as a variety of performance enhancements and general bug fixes. Especially notable is the improvements in the performance of content views. In our tests we've seen publishing of a single content view on RHEL7 redunce in time by 43% and publishing of composite views reduced 95%. To put numbers to this 6.3.0 took 320 seconds to publish a composite view while 6.3.1 took 14 seconds to publish the same CV...
    Posted 2018-04-13T14:43:30+00:00 - 0
  • Preparing to Upgrade Satellite? Open a Proactive Support Case.

    Worried about your upcoming Satellite upgrade? Don’t be. In addition to our detailed upgrade documentation, our support team has been through hundreds of upgrades and they’re happy to help if something deviates from your expectations. In order to optimize your upgrade experience if you chose to engage our support team, please submit what we call a “Proactive Support Case” ahead of your planned upgrade window. Why should you do this? This will allow for an experienced Satellite support...
    Posted 2018-04-11T16:33:49+00:00 - 0
  • Harden your JBoss EAP 7.1 Deployments with the Java Security Manager

    Overview The Java Enterprise Edition (EE) 7 specification introduced a new feature which allows application developers to specify a Java Security Manager (JSM) policy for their Java EE applications, when deployed to a compliant Java EE Application Server such as JBoss Enterprise Application Platform (EAP) 7.1. Until now, writing JSM policies has been pretty tedious, and running with JSM was not recommended because it adversely affected performance. Now a new tool has been developed which allows...
    Posted 2018-03-14T13:30:00+00:00 - 0
  • Securing RPM signing keys

    RPM Package Manager is the common method for deploying software packages to Red Hat Enterprise Linux, Fedora Project, and their derivative Linux operating systems. These packages are generally signed using an OpenPGP key, implementing a cryptographic integrity check, enabling the recipient the ability to verify that no modifications occurred after the package was signed (assuming the recipient has a copy of the sender’s public key). This model assumes that the signer has secured the RPM...
    Posted 2018-03-07T14:30:00+00:00 - 0
  • Let's talk about PCI-DSS

    For those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases. PCI-DSS requires that all vulnerabilities rated equal to, or higher than, CVSS 4.0 must be addressed by PCI-DSS compliant organizations (notably, those which process and/or store cardholder data). While this was done with the best of intentions, it has had an impact on many...
    Posted 2018-02-28T14:30:00+00:00 - 2
  • Satellite 6.3 is now available

    Red Hat Satellite 6.3 is now available. Red Hat is pleased to announce the general availability of Red Hat Satellite 6.3. The latest release increases product stability and usability, and introduces new and enhanced features designed to meet user needs. Key features of Red Hat Satellite 6.3 are organized into key content areas below. Most of the new features include links to the feature overview available on the content portal. Content Management: Improved content download policies and...
    Posted 2018-02-21T16:57:28+00:00 - 41
  • JDK approach to address deserialization Vulnerability

    Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. This article focuses on Java deserialization vulnerability and explains how Oracle provides a mitigation framework in it's latest Java Development Kit (JDK) version...
    Posted 2018-02-21T14:30:00+00:00 - 0
  • Insights 102

    Before we begin... Before we begin with how to configure Red Hat Insights to be tailored to your needs (in terms of controlling what is sent to Red Hat servers and how it is sent) let me please remind you of the very basics of Red Hat Insights… Can I control what Red Hat Insights is doing behind the curtains? Absolutely! Red Hat Insights collects metadata about the runtime configuration of a system. The data collected is 1% of what would be collected via sosreport during a support case. The...
    Posted 2018-02-19T17:58:15+00:00 - 0
  • Insights 101

    The new girl in the hood! First of all, let me introduce myself, my name is Amaya Gil and I’m a new Insights SME (so you will see a lot of me from now on), working as a Technical Marketing Manager in the Management BU at Red Hat. I’m a Computer Science Engineer from Madrid (Spain) and I’ve been a Redhatter since 2.010 evolving from different EMEA SA roles to the BU. I also happen to speak four languages and since English is one of them… here you go! What is Red Hat Insights? Haven't heard of...
    Posted 2018-02-08T15:10:40+00:00 - 5
  • Satellite 6.2.14 is now available

    Red Hat Satellite 6.2.14 includes fixes for performance improvements and stability, as well as upgrade enhancements to make it easier to upgrade Satellite 6.2 to the upcoming Satellite 6.3 release. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated later this week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions in the Satellite 6.2...
    Posted 2018-02-05T15:43:11+00:00 - 12
  • Smart card forwarding with Fedora

    Smart cards and hardware security modules (HSM) are technologies used to keep private keys secure on devices physically isolated from other devices while allowing access only to an authorized user. That way only the intended user can use that device to authenticate, authorize, or perform other functions that involve the private keys while others are prevented from gaining access. These devices usually come in the form of a USB device or token which is plugged into the local computer. In modern...
    Posted 2018-01-16T14:30:00+00:00 - 1
  • January 2018 service release: A new year, a new look... and webhooks!

    Happy New Year! One way to get this new year started off right is to get started preventing some of the problems and downtime you may have experienced over the holidays. Using Insights can help future proof your infrastructure with integrated Ansible automation and a report on which systems you still need to patch for vulnerabilities like Meltdown and Spectre. Click here to see if you have systems that are missing the latest patches for these critical vulnerabilities. Latest release We're...
    Posted 2018-01-10T00:11:44+00:00 - 0
  • Satellite 6.2.13 is now available

    Satellite 6.2.13 is now available. Red Hat Satellite 6.2.13 includes backup and restore capabilities for Capsule Servers, as well as other enhancements to make it easier to move the underlying Satellite operating system from a Red Hat ® Enterprise Linux ® 6 (RHEL 6) to a RHEL 7 environment. There are also enhancements to optimize package profile tasks, improvements to the pulp workers service, and documentation improvements. One of the most critical improvements is Backup and Restore of...
    Posted 2017-12-19T19:31:20+00:00 - 7
  • Avoid unplanned downtime this holiday season with automated risk remediation

    It's that time of year again! Many of us in information technology don't have the luxury of letting our guard down during this crucial time for retail, finance, healthcare, and logistics. Being on call or glued to a monitor or app so that we can keep track of late breaking issues and quickly troubleshoot problems if the need arises is often a requirement in the infrastructure and operations world. Downtime is unavoidable. It’s either planned or it's forced. We can help you avoid unplanned...
    Posted 2017-12-15T18:01:25+00:00 - 0
  • Detecting ROBOT and other vulnerabilities using Red Hat testing tools.

    The TLS (Transport Layer Security) protocol, also known as SSL, underpins the security of most Internet protocols. That means the correctness of its implementations protects the safety of communication across network connections. The Red Hat Crypto Team, to verify the correctness of the TLS implementations we ship, has created a TLS testing framework which is developed as the open source tlsfuzzer project. That testing framework is being used to detect and fix issues with the OpenSSL, NSS,...
    Posted 2017-12-12T13:56:54+00:00 - 0
  • Red Hat Satellite 6.3 Beta now available

    Red Hat Satellite 6.3 Beta now available December 7, 2017 We are pleased to announce that Red Hat Satellite 6.3 is now available in beta to current Satellite customers. Red Hat Satellite is an infrastructure management platform, designed to manage system patching, provisioning, configurations and Red Hat subscriptions across the entirety of a Red Hat environment. Satellite offers a lifecycle management solution to help keep customers’ Red Hat infrastructure running efficiently and with greater...
    Posted 2017-12-07T14:20:58+00:00 - 0
  • What happens when you open a support case with Red Hat?

    Most of us have encountered a moment of frustration when using personal technology—a forgotten password, or unresponsive screen on a smartphone, or perhaps you have had an ongoing issue with your internet service provider or your bank. Once you’ve tracked down the support number and dialed in, many times, here is what happens: -A really nice, well-intentioned representative of the company answers your call and asks you to describe the issue. -Their questions are likely based on a flow chart-...
    Posted 2017-11-30T18:04:06+00:00 - 0
  • Satellite 6.3 Beta Repositories

    In preparation for an upcoming public beta release of Red Hat Satellite 6.3, current Satellite customers may notice Satellite 6.3 beta ISOs and packages available in their repositories. Documentation, a Beta Navigation Guide, and customer support will be made available for the 6.3 beta at the time of public beta launch. The supported public launch of the Satellite 6.3 beta is currently scheduled for early December 2017. The announcement of the supported public beta will be made in the Red Hat...
    Posted 2017-11-21T15:09:40+00:00 - 0
  • Security is from Mars, Developers are from Venus…...or ARE they?

    It is a tale as old as time. Developers and security personnel view each other with suspicion. The perception is that a vast gulf of understanding and ability lies between the two camps. “They can’t possibly understand what it is to do my job!” is a surprisingly common statement tossed about. Both groups blame the other for being the source of all of their ills. It has been well-known that fixing security bugs early in the development lifecycle not only helps eliminate exposure to...
    Posted 2017-11-16T15:00:00+00:00 - 2
  • Abuse of RESTEasy Default Providers in JBoss EAP

    Red Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept only a specific media type, JBoss EAP will dynamically process the request with the default provider matching the Content-Type HTTP Header which the client specifies. Some of the default providers where found to have vulnerabilities which have now...
    Posted 2017-10-18T13:30:00+00:00 - 0
  • Satellite 6 and iPXE

    TFTP is slow and unreliable protocol on high-latency networks, but if your hardware is supported by iPXE (http://ipxe.org/appnote/hardware_drivers) or if UNDI driver of the NIC is compatible with iPXE, it is possible to configure PXELinux to chainboot iPXE and continue booting via HTTP protocol which is fast and reliable. There are three scenarios described in this article. In the first two, PXELinux is loaded via TFTP and it chainloads iPXE directly or via UNDI which then carries over the...
    Posted 2017-10-06T07:00:00+00:00 - 0
  • September 2017 service release: CI/CD client now in tech-preview, and feature updates

    The Red Hat Insights team is pleased to present our September 2017 service release. Red Hat Insights is Software-as-a-Service (SaaS) that helps prioritize risk remediation and prevent unplanned downtime. Insights enables customers to proactively monitor and quickly remediate for infrastructure risks and critical security alerts detected in their environments. Using Insights requires no added infrastructure expansion, with no complex setup or configuration, and can be deployed across most...
    Posted 2017-10-05T17:58:07+00:00 - 0
  • Satellite 6.2.12 is released

    Satellite 6.2.12 has been released today. 6.2.12 introduces a new tool for renaming the satellite, and several other new features and fixes. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated later this week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. PLEASE NOTE: Customers who have received hotfixes should verify the list below...
    Posted 2017-09-26T09:06:52+00:00 - 7

Pages

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.