• Insight into 0-days

    Security-based Red Hat Insights rules attempt to analyze and detect issues that impact the security of your systems in different ways: Detect high profile, high priority, and 0-day vulnerabilities Detect misconfigurations of your software which may impact security Detect other issues that could have security implications, such as expired certificates The Red Hat Product Security team works closely with the Red Hat Insights team to provide current, updated, and helpful content for these...
    Posted 2017-09-18T12:53:46+00:00 - 0
  • Kernel Stack Protector and BlueBorne

    Today, a security issue called BlueBorne was disclosed, a vulnerability that could be used to attack sensitive systems via the Bluetooth protocol. Specifically, BlueBorne is a flaw where a remote (but physically quite close) attacker could get root on a server, without an internet connection or authentication, via installed and active Bluetooth hardware. The key phrase is “has the potential.” BlueBorne is still a serious flaw and one that requires patching and remediation, but most Red Hat...
    Posted 2017-09-12T11:51:33+00:00 - 0
  • Polyinstantiating /tmp and /var/tmp directories

    On Linux systems, the /tmp/ and /var/tmp/ locations are world-writable. They are used to provide a common location for temporary files and are protected through the sticky bit, so that users cannot remove files they don't own from the directory, even though the directory itself is world-writable. Several daemons/applications use the /tmp or /var/tmp directories to temporarily store data, log information, or to share information between their sub-components. However, due to the shared nature of...
    Posted 2017-08-31T17:28:50+00:00 - 1
  • Ansible and Insights Part 3 - Setting up Ansible Tower for Insights automated remediation

    For our final Ansible and Insights release blog, we will finish this three part series by showing you how to enable Tower to talk with the Insights API to enable jobs for site wide remediation. This builds on our previous blog post, Ansible and Insights Part 2 - Automating Ansible Core remediation, so if you have do not have the pre-requisites mentioned in Part 2, you should verify you have met those requirements and can build a Planner plan within Insights before trying to follow along....
    Posted 2017-08-29T15:14:52+00:00 - 0
  • Performing DHCP kexec on discovered hosts

    Satellite 6.2 introduced PXE-less discovery which is targeted to networks without PXE or DHCP services available. In this workflow, kernel on discovered nodes is replaced (via kexec technology) instead of rebooting. This turns out to be useful feature on PXE/DHCP networks as well. To configure kexec on PXE/DHCP enabled network, do the following simple steps. Step 1: Verify foreman discovery image version Newer version of foreman-discovery-image must be used in order to send required "...
    Posted 2017-08-11T08:00:00+00:00 - 0
  • Satellite 6.2.11 is released

    Satellite 6.2.11 has been released today. 6.2.11 introduces many fixes in the messaging infrastructure of Satellite 6. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated next week at the earliest. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. PLEASE NOTE: Customers who have received hotfixes should verify the list below to ensure...
    Posted 2017-08-10T20:57:13+00:00 - 19
  • Dealing with many network interfaces during host check-ins

    Satellite 6 comes with powerful host importing capabilities as part of its inventory feature. When a host checks-in via Puppet or subscription-manager, all incoming data, which we call "facts", are parsed. This mechanism is called "fact import". By default Satellite 6 extracts networking information such as NICs, MAC and IP addresses making necessary changes to reflect the new state in the inventory database. When an IP address of a registered host changes for example, the same change is...
    Posted 2017-08-09T08:00:00+00:00 - 9
  • How to share custom repositories across organizations

    Satellite 6 is strictly a multi-tenant application meaning that every organization gets its own subscription manifest and must select appropriate repositories and sync it. Although the design of Satellite 6 makes sure every single RPM package is downloaded only once across all organization, syncing metadata and publishing and promoting content within many organizations can be time consuming for some specific use cases. The following will work with Satellite 6.2 or newer. One use case is a...
    Posted 2017-08-07T06:00:00+00:00 - 2
  • Post Quantum Cryptography

    Traditional computers are binary digital electronic devices based on transistors. They store information encoded in the form of binary digits each of which could be either 0 or 1. Quantum computers, in contrast, use quantum bits or qubits to store information either as 0, 1 or even both at the same time. Quantum mechanical phenomenons such as entanglement and tunnelling allow these quantum computers to handle a large number of states at the same time. Quantum computers are probabilistic rather...
    Posted 2017-07-26T13:30:00+00:00 - 0
  • What is new in OpenSSH 7.4 (in RHEL 7.4)?

    Red Hat Enterprise Linux 7 (RHEL 7) so far has been providing iterations of OpenSSH 6.6.1p1, first released in 2014. While we've kept it updated against vulnerabilities, many things have changed both in security requirements and features provided by the latest OpenSSH. Therefore, OpenSSH has now been updated to the recently released OpenSSH 7.4p1, which brings many new features and security enhancements. For the complete set of changes and bugfixes, please refer to the upstream release notes....
    Posted 2017-07-12T00:00:00+00:00 - 0
  • Satellite 6.2.10 is released

    Satellite 6.2.10 has been released today. 6.2.10 introduces many fixes based on customer cases and feedback. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated next week at the earliest. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. PLEASE NOTE: Customers who have received hotfixes should verify the list below to ensure their...
    Posted 2017-06-20T19:13:25+00:00 - 7
  • Satellite 5.8 cdn-sync Performance

    Introduction Red Hat Satellite 5.8.0 comes with a new way to synchronize channel-content from Red Hat: cdn-sync. Unlike satellite-sync, which synchronizes content (i.e. channels, packages, errata, and kickstart trees) from RHN Classic servers, cdn-sync retrieves content from Red Hat's CDN servers (the same source which is used by systems registered via subscription-manager). cdn-sync command attempts to keep option parity with satellite-sync where it makes sense to do so. Although Satellite 5.8...
    Posted 2017-06-19T19:47:38+00:00 - 1
  • Satellite 5.8 is released

    Red Hat Satellite 5.8 now generally available Today, Red Hat is pleased to announce the general availability of Red Hat Satellite 5.8, the last minor release of the Satellite 5 product line. Red Hat Satellite 5.8 builds upon 10 years of enterprise-proven successes, offering a complete lifecycle management solution to help keep Red Hat infrastructure running efficiently and with greater security, helping to reduce costs and overall complexity. Red Hat Satellite 5.8 is now available to all...
    Posted 2017-06-19T19:35:28+00:00 - 0
  • Enhancing the security of the OS with cryptography changes in Red Hat Enterprise Linux 7.4

    Today we see more and more attacks on operating systems taking advantage of various technologies, including obsolete cryptographic algorithms and protocols. As such, it is important for an operating system not only to carefully evaluate the new technologies that get introduced, but to also provide a process for phasing out technologies that are no longer relevant. Technologies with no practical use today increase the attack surface of the operating system and more specifically, in the...
    Posted 2017-06-16T00:00:00+00:00 - 0
  • Why New Relic Synthetics?

    Do you think it's important for a web property to have the following? Ability to detect application outages from a customers perspective for both web apps and APIs An accurate uptime score, based on if the application is Up for the customer Ability to be alerted to user experience degradation Ability to diagnose and troubleshoot problems with CDN or DNS Ability to show performance gains over time from a customers perspective Ability to track performance gains by introducing changes to the CDN...
    Posted 2017-06-15T14:51:00+00:00 - 0
  • June 2017 service release: New and improved Red Hat Insights features and functionality

    The Red Hat Insights team is pleased to highlight our first post-Summit 2017 service release for functionality and feature enhancement. Red Hat Insights is a Software-as-a-Service (SaaS) that potentially prevents downtime by enabling customers to proactively monitor for infrastructure risks and critical security alerts detected in their environments, while requiring no added infrastructure. Insights offers automated remediation capabilities via Ansible Playbooks, as well as Executive Reporting...
    Posted 2017-06-07T17:04:51+00:00 - 0
  • Ansible and Insights Part 2 - Automating Ansible Core remediation

    As we discussed in our previous blog post about enabling Ansible automation with Insights, we will look closer at taking findings from Insights and using the actionable intelligence provided to perform an automated remediation via Ansible playbook. Ansible Tower setup and remediation will be covered in an upcoming post. Currently you can generate playbooks for Insights and Tower via Red Hat's customer portal. An upcoming release of Satellite 6 will further integrate Insights automated...
    Posted 2017-06-01T15:55:58+00:00 - 0
  • Secure XML Processing with JAXP on EAP 7

    The Java Development Kit (JDK) version 8 provides the Java API for XML Processing (JAXP). If a developer is using JAXP on Red Hat JBoss Enterprise Application Platform (EAP) 7 they need to be aware that Red Hat JBoss EAP 7 ships it's own implementation, with some differences from JDK 8 that are covered in this article. Background There have been three issues raised in the month of May 2017 relating to JAXP on Red Hat JBoss EAP 7: CVE-2017-7464, CVE-2017-7465, and CVE-2017-7503. All of the...
    Posted 2017-06-01T13:30:00+00:00 - 0
  • The RHSA notifications you want, right in your Inbox

    Red Hat Product Security takes pride in the quality and timeliness of its Security Advisories and all the accompanying information we publish for every erratum and vulnerability that we track and fix in our products. There are many ways in which customers and the general public can get notified about those advisories and errata and one of the most commonly used is the rhsa-announce mailing list. This list has been around for nearly 10 years, and we have recently taken steps to increase its...
    Posted 2017-05-17T13:30:00+00:00 - 10
  • Ansible and Insights Part 1 - Insights Automatic Remediation is Here

    Pairing Ansible and Insights may be the smartest thing since putting peanut butter and jelly together. With this partnership, we’ve enabled the ability for you to download playbooks from Insights to solve the problems in your infrastructure. With a few clicks, you can stop worrying, kick back, and bask in the glorious rays of automation. Our developers have done all the work of creating playbooks for you so that you don’t have to come up with them yourselves. We go through each rule in the...
    Posted 2017-05-15T21:06:53+00:00 - 0
  • Satellite 6.2.9 is released

    Satellite 6.2.9 has been released today. 6.2.9 introduces many fixes based on delivering high priority fixes and RFEs. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated later this week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. Customers who have received hotfixes should verify the list below to ensure their hotfix is...
    Posted 2017-04-30T14:05:02+00:00 - 6
  • Security Scoring and Grading for Container Images

    We have just rolled out an update to the interface of the Red Hat Container Catalog that attempts to answer to the question of whether or not a particular container image available in the Container Catalog can be considered secure. In the interests of transparency providing as much information as available to deploy the right container image for their needs, we are excited about these new capabilities in the Red Hat Container Catalog and wanted to give a little insight on our rationale....
    Posted 2017-04-25T16:26:09+00:00 - 0
  • Join us at Red Hat Summit 2017

    As you’ve probably heard, this year’s Red Hat Summit is in Boston May 2-4. Product Security is looking forward to taking over multiple sessions and activities over the course of those 3 days, and we wanted to give you a sneak peek of what we have planned. Sessions There will be A LOT of Product Security sessions including: Tuesday, May 2 Time Session Title Room 10:15-11:00AM L102598 - Practical OpenSCAP—Security standard compliance and reporting Room 252B 10:15-11:00AM S102106 - Red...
    Posted 2017-04-19T13:30:00+00:00 - 0
  • Determining your risk

    Red Hat continues to be a leader in transparency regarding security problems that are discovered in our software and the steps we take to fix them. We publish data about vulnerabilities on our security metrics page and recently launched an API Service that allows easier (and searchable) access to the same data. This data is important to administrators for understanding what known security problems exist and determining what they should do about it. Pitfalls of comparing version numbers...
    Posted 2017-04-12T13:30:00+00:00 - 0
  • What’s Your Total Risk?

    Recently we rolled out a couple new features to help you assess and prioritize your risk. These would be the Likelihood and Impact that you will see assigned to individual Insights Rules. Likelihood is the probability that a system will experience impact described in the rule. Since we are trying to be proactive in detecting the conditions before there is an impact, Likelihood is an important factor when prioritizing work. The higher the Likelihood, the more urgent it is to proactively...
    Posted 2017-04-10T19:25:12+00:00 - 2

Pages

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.