• SPECTRE Variant 1 scanning tool

    As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this tool via this article. This tool is not a Red Hat product. As such, it is not supported and does not come with any kind of warranty. The tool only works on static binaries and does not simulate an entire running system. This means it will neither follow jumps through...
    Posted 2018-07-18T13:30:00+00:00 - 0
  • Insights Security Hardening Rules

    Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about the other category of security related rules, those related to security hardening. In all of the products we ship, we make a concerted effort to ship thoughtful, secure default settings to minimize the amount of configuration needed to do...
    Posted 2018-07-12T13:30:00+00:00 - 0
  • Red Hat’s disclosure process

    Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around responsible disclosure. It has caused us to look back to see what went wrong so as to prevent this from happening in the future. Because of how important our relationships with the community and industry partners are and how seriously we treat non-...
    Posted 2018-07-10T13:00:00+00:00 - 0
  • What you need to know to be ready for Satellite 6.4 and Puppet 5

    As we work towards a Satellite 6.4 release this fall there are some very important changes to Puppet that are coming that the Satellite team wants to prepare you for. Note: This affects ALL Satellite 6.3 users, even if you are not using Puppet or if you are using Puppet Enterprise. The last few releases of Satellite have supported Puppet 3.8, a version which has been end-of-life since December 31, 2016. Satellite 6.3 introduced support for Puppet 4, but since there were some major changes on...
    Posted 2018-06-26T22:49:49+00:00 - 4
  • Satellite 6.3.2 is now available

    Satellite 6.3.2 has just been released. The main driver for the 6.3.2 release is allowing customers to disable weak ciphers, but there are several other new features and fixes. There are two errata for the server [1][3] and one for the hosts [2]. The install ISOs will be updated later this week. Customers who have already upgraded to Satellite 6.3 should follow the instructions in the errata. Customers who are on older versions of Satellite should refer to the Upgrading and Updating Red Hat...
    Posted 2018-06-20T07:04:16+00:00 - 0
  • Insights 103

    帰って来ました!! サンフランシスコでのクレイジーなイノベーションの 1 週間の後、再び戻って来ました。また Red Hat Insights をニーズに合わせてカスタマイズするお話をしましょう。 ブラックリスト化するか否か、それが問題 以前の Red Hat Insights 102 の投稿でも書きましたが、Red Hat Insights が Red Hat サーバーに送信するデータ、データの送信方法、送信時については、制御が可能です。ただし、デフォルトから外れると、マイナス面もあります。 Insights が収集するデータについては、必要なオプションや制御をお客様に提供することが望まれます。しかし、Red Hat に送信するデフォルトのペイロードに修正を加える度に、使用中の環境において Insights が提供する分析レベルにマイナスの影響を与える可能性があります。これは、Insights は 分析に最小限のもの しか収集しないためです。収集ペイロードからデータを削除するたびに、インフラ内で問題を検出するルール機能にマイナス影響が出ます。 注記 先に進む前に、RHEL 6 と...
    Posted 2018-05-29T19:35:47+00:00 - 0
  • Insights 103

    Back in the Hood!! After a crazy and exciting week of innovations in San Francisco, here I am again to tell you a bit more on how to customize Red Hat Insights to your needs! To blacklist or not to blacklist, that is the question As explained in my previous post Red Hat Insights 102, you can control the data Red Hat Insights sends to Red Hat servers, how data is sent, and when it is sent. But deviating from the default has its drawbacks too. We want to provide our customers with the necessary...
    Posted 2018-05-29T19:35:47+00:00 - 1
  • Satellite 6.2.15 is now available

    Red Hat Satellite 6.2.15 includes bug fixes for improving the performance of Satellite 6.2.x. There is one erratum for the server [1] and one for the hosts [2]. ISOs should be published next week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions in the Satellite 6.2 Installation Guide. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in...
    Posted 2018-05-23T11:23:32+00:00 - 1
  • Go West, [not so] young Spinks: One Satellite member’s guide to Red Hat Summit 2018

    Greetings! I’m John Spinks, Technical Marketing Manager for Satellite. While I’m relatively new to Red Hat, I get to work with Red Hat Satellite engineers and customers every day. Next week is my first Red Hat Summit so I’m excited to get to see so many of both in one place. Not only is this my first Summit as an attendee, I’m honored to say that this will also be my first time at Summit as a speaker. Brent Midwood and I will be presenting the session: Live Demonstration: Find it. Fix it....
    Posted 2018-05-02T13:10:32+00:00 - 0
  • Red Hat Management & Automation with Insights at Red Hat Summit San Francisco 2018!

    Hi again everyone, I'm Will Nix, Technical Evangelist for Red Hat Management & Automation and I'm headed into my 7th year here at Red Hat. I'm really excited for everyone to join us this year at Red Hat Summit 2018 in San Francisco's Moscone center. For the past several years I've presented at Summit, and again this year I'll be presenting in several sessions, labs, and workshops. Check out a really brief description below and join me! Sign up for the events in your Red Hat Summit app, and...
    Posted 2018-05-01T15:21:09+00:00 - 1
  • Red Hat サミット サンフランシスコ 2018 での Insights を活用した Red Hat Management & Automation

    みなさん、こんにちは。Red Hat Management & Automation の旗振り役の Will Nix です。Red Hat では 7 年目となり、サンフランシスコで開催される Red Hat サミット 2018 でみなさんにお会いできることを楽しみにしています。 私はここ数年間サミットでプレゼンをしており、今年も複数のセッション、ラボ、ワークショップでプレゼンをする予定です。以下に簡潔にその内容をまとめたので、是非目を通してください。Red Hat Summit アプリでイベントにサインアップして、セッション終了後は是非ともフィードバックをご提供ください。 プロアクティブなシステム管理に関するセッション一覧は、こちらのリンクで確認できます https://agenda.summit.redhat.com/SpeakerDetail.aspx?id=365781: セッション:5月8日 (火) 午前 10 時 30 分から 11 時 15 分: Red Hat Satellite...
    Posted 2018-05-01T15:21:09+00:00 - 0
  • Satellite 5 and RHN End of Life - Making sure that you are only connected to RHSM.

    Have you completed your migration from Satellite 5 to Satellite 5.8, but you keep getting messages from us about upgrading before January 31, 2019? It could be that your systems are still registered with Red Hat Network (RHN), even if you have moved to a newer version. Let's walk through a couple steps to show you how you can check and see if you are registered with RHN or Red Hat Subscription Manager (RHSM). I moved to Satellite 6 - Does this affect me? If you have moved off of Satellite 5 to...
    Posted 2018-04-30T13:00:07+00:00 - 1
  • What is tar and why does OpenShift Container Application Platform use it?

    Tar is a Posix standard archiving utility originally meant for making tape archives; one of tar's most enduring uses has been for system backups. Tar can take everything that is stored on a filesystem and store it in a structured file, including special files such as links and devices. This capability has made tar a popular storage format for more than 38 years. Red Hat's OpenShift Container Application Platform is a PaaS (Platform as a Service) that integrates many Red Hat software components...
    Posted 2018-04-27T19:04:54+00:00 - 0
  • Join us in San Francisco at the 2018 Red Hat Summit

    This year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA. Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show. Here is a sneak peek at the more than 125 sessions that a security-minded attendee can see at Summit this year. Sessions Cloud Management and Automation S1181 - Automating security and compliance for hybrid environments S1467 - Live demonstration: Find it. Fix it. Before it breaks....
    Posted 2018-04-23T14:30:00+00:00 - 0
  • Certificate Transparency and HTTPS

    Google has announced that on April 30, 2018, Chrome will: “...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate that is not compliant with the Chromium CT Policy, users will begin seeing a full page interstitial indicating their connection is not CT-compliant. Sub-resources served over https connections that are not CT-compliant will fail to load...
    Posted 2018-04-17T15:00:01+00:00 - 0
  • Satellite 6.3.1 is now available

    Red Hat Satellite 6.3.1 includes packages that supports Red Hat Enterprise Linux 7.5 as well as a variety of performance enhancements and general bug fixes. Especially notable is the improvements in the performance of content views. In our tests we've seen publishing of a single content view on RHEL7 redunce in time by 43% and publishing of composite views reduced 95%. To put numbers to this 6.3.0 took 320 seconds to publish a composite view while 6.3.1 took 14 seconds to publish the same CV...
    Posted 2018-04-13T14:43:30+00:00 - 0
  • Preparing to Upgrade Satellite? Open a Proactive Support Case.

    Worried about your upcoming Satellite upgrade? Don’t be. In addition to our detailed upgrade documentation, our support team has been through hundreds of upgrades and they’re happy to help if something deviates from your expectations. In order to optimize your upgrade experience if you chose to engage our support team, please submit what we call a “Proactive Support Case” ahead of your planned upgrade window. Why should you do this? This will allow for an experienced Satellite support...
    Posted 2018-04-11T16:33:49+00:00 - 1
  • Harden your JBoss EAP 7.1 Deployments with the Java Security Manager

    Overview The Java Enterprise Edition (EE) 7 specification introduced a new feature which allows application developers to specify a Java Security Manager (JSM) policy for their Java EE applications, when deployed to a compliant Java EE Application Server such as JBoss Enterprise Application Platform (EAP) 7.1. Until now, writing JSM policies has been pretty tedious, and running with JSM was not recommended because it adversely affected performance. Now a new tool has been developed which allows...
    Posted 2018-03-14T13:30:00+00:00 - 2
  • Securing RPM signing keys

    RPM Package Manager is the common method for deploying software packages to Red Hat Enterprise Linux, Fedora Project, and their derivative Linux operating systems. These packages are generally signed using an OpenPGP key, implementing a cryptographic integrity check, enabling the recipient the ability to verify that no modifications occurred after the package was signed (assuming the recipient has a copy of the sender’s public key). This model assumes that the signer has secured the RPM...
    Posted 2018-03-07T14:30:00+00:00 - 0
  • Let's talk about PCI-DSS

    For those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases. PCI-DSS requires that all vulnerabilities rated equal to, or higher than, CVSS 4.0 must be addressed by PCI-DSS compliant organizations (notably, those which process and/or store cardholder data). While this was done with the best of intentions, it has had an impact on many...
    Posted 2018-02-28T14:30:00+00:00 - 2
  • Satellite 6.3 is now available

    Red Hat Satellite 6.3 is now available. Red Hat is pleased to announce the general availability of Red Hat Satellite 6.3. The latest release increases product stability and usability, and introduces new and enhanced features designed to meet user needs. Key features of Red Hat Satellite 6.3 are organized into key content areas below. Most of the new features include links to the feature overview available on the content portal. Content Management: Improved content download policies and...
    Posted 2018-02-21T16:57:28+00:00 - 41
  • JDK approach to address deserialization Vulnerability

    Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. This article focuses on Java deserialization vulnerability and explains how Oracle provides a mitigation framework in it's latest Java Development Kit (JDK) version...
    Posted 2018-02-21T14:30:00+00:00 - 0
  • Insights 102

    まず最初に Red Hat Insights をニーズに一致するように設定する (Red Hat サーバーへの送信内容と送信方法の制御ということ) 前に、まず最初に Red Hat Insights に基本について復習しましょう。 Red Hat Insights が見えないところでしていることは制御できる? もちろんできます! Red Hat Insights は、システムのランタイム設定についてのメタデータを収集します。このデータは、サポートケースの sosreport で収集される約 1% になり、sosreport のサブセットになるので、sosreport の使用が許可されている場合は、Insights データの収集も許可されるべきでしょう。 Red Hat Insights ツールで --no-upload オプションを使うと、お客様は収集されるデータを確認することができます。これは、Insights のクライアントおよび収集を実行しますが、分析のために Red Hat に送信するものではありません。この収集はローカルで一時ディレクトリーに保存され、確認することができます...
    Posted 2018-02-19T17:58:15+00:00 - 0
  • Insights 102

    Before we begin... Before we begin with how to configure Red Hat Insights to be tailored to your needs (in terms of controlling what is sent to Red Hat servers and how it is sent) let me please remind you of the very basics of Red Hat Insights… Can I control what Red Hat Insights is doing behind the curtains? Absolutely! Red Hat Insights collects metadata about the runtime configuration of a system. The data collected is 1% of what would be collected via sosreport during a support case. The...
    Posted 2018-02-19T17:58:15+00:00 - 0
  • Insights 101

    新加入の SME です! 皆さん、こんにちは。私は新たな Insights SME で、Amaya Gil と申します。末永くお付き合いお願い致します。Red Hat の Management 部門 (BU) 所属で、テクニカルマーケティングマネジャーとして勤務しています。 私個人のお話をしますと、スペインのマドリード出身で、コンピューターサイエンスのエンジニアになります。当社には 2010 年に入り、様々な EMEA SA のロールを経て現在の BU に至っています。 言語については、英語を含む 4 カ国語を話します。 Red Hat Insights とは Red Hat Insights を耳にしたことがありませんか? ご心配なく、今から Red Hat Insights 初心者の方 にも分かる説明をしていきます。 Red Hat Insights は SaaS (サービスとしてのソフトウェア) オファリングで、登録してある Red Hat ベースのシステムを継続的かつ詳細に分析し、物理、仮想、...
    Posted 2018-02-08T15:10:40+00:00 - 0

Pages

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.