• Changes coming to TLS: Part One

    Transport layer Security version 1.3 (TLS 1.3) is the latest version of the SSL/TLS protocol which is currently under development by the IETF. It offers several security and performance improvements as compared to the previous versions. While there are several technical resouces which discuss the finer aspects of this new protocol, this two-part article is a quick reference to new features and major changes in the TLS protocol. Faster Handshakes In TLS, before data can be encrypted, a secure...
    Posted 2017-03-29T13:30:00+00:00 - 0
  • Customer security awareness: alerting you to vulnerabilities that are of real risk

    Every day we are bombarded with information. Something is always happening somewhere to someone and unfortunately it's rarely good. Looking at this through the lens of information security, NOT getting the right details at the appropriate time could be the difference from stopping and blocking an attack, or being the next sad, tragic headline... Red Hat Product Security oversees the vulnerability remediation for all of Red Hat's products. Our dual mission of governing guidelines and standards...
    Posted 2017-03-22T13:30:00+00:00 - 0
  • Questions and Answers from the February 2017 Satellite Ask-Me-Anything session

    Satellite 6 Ask Me Anything FAQ As promised, listed below are the responses to the questions we received in our Feb 2017 Satellite Ask Me Anything session. AMA Feb Questions January AMA Q&A: https://access.redhat.com/blogs/1169563/posts/2918221 Next steps: Create 2nd blog post before Tuesday AMA (linking to January Q&A as reference); Later in March, create Satellite 6 Technical FAQ Content Views Question: Does a composite content view duplicate all content in the content views it...
    Posted 2017-03-14T09:36:28+00:00 - 0
  • SPECIAL OFFER - Red Hat Satellite 6 Administration Video Classroom

    Newly launched this week is the Red Hat Satellite 6 Administration (RH403) Video Classroom course! Red Hat is offering a discount of 20% off the video classroom course if you register before August 31st, 2017. Why did we launch a Satellite 6 video classroom course? Video classrooms provide you with an interactive "classroom" experience, anywhere you choose. When traveling to an in-person class and spending a week away from the office isn't feasible, having a self-paced video training option is...
    Posted 2017-03-13T13:55:23+00:00 - 0
  • Red Hat Product Security Risk Report 2016

    At Red Hat, our dedicated Product Security team analyzes threats and vulnerabilities against all our products and provides relevant advice and updates through the Red Hat Customer Portal. Customers can rely on this expertise to help them quickly address the issues that can cause high risks and avoid wasting time or effort on those that don’t. Red Hat delivers certified, signed, supported versions of the open source solutions that enable cost-effective innovation for the enterprise. This is the...
    Posted 2017-03-07T14:39:02+00:00 - 0
  • Satellite 6.2.8 is released

    Satellite 6.2.8 has been released today as part of RHBA-2017:0447 Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions in the Installation Guide. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the release before upgrading. Please reach out to the Satellite team in these cases. A number of significant improvements are delivered in this...
    Posted 2017-03-06T10:33:52+00:00 - 4
  • How Threat Modeling Helps Discover Security Vulnerabilities

    Application threat modeling can be used as an approach to secure software development, as it is a nice preventative measure for dealing with security issues, and mitigates the time and effort required to deal with vulnerabilities that may arise later throughout the application's production life cycle. Unfortunately, it seems security has no place in the development life cycle, however, while CVE bug tracking databases and hacking incident reports proves that it ought to be. Some of the...
    Posted 2017-03-02T21:00:00+00:00 - 0
  • Keep your Satellite in orbit with Insights

    For many customers, Satellite is a vital part of their infrastructure - distributing and managing package updates, organizing systems, and providing a robust virtualization infrastructure. The overall health of your Satellite system can impact much of your daily workflow within your environment. Issues with Satellite can lead you into digging through log files, googling for answers, or calling support to find the source of the problem. With Insights, you can save multiple hours of...
    Posted 2017-02-27T15:21:28+00:00 - 0
  • Debugging a kernel in QEMU/libvirt - Part II

    This blog has previously shown how to configure a Red Hat Enterprise Linux system for kernel debugging, it expects that the system has been configured, have the source code matching the installed kernel version handy, and the reader is ready to follow along. This should not be running on a productions system as system function interruption is guaranteed. The particular problem that will be investigated is CVE-2016-9793. As discussed on the Oss-security list, this vulnerability was classified...
    Posted 2017-02-24T14:30:00+00:00 - 0
  • Subscription-manager for the former Red Hat Network User: Part 12 - Subscription Reporting Tools

    Overview One of the big changes with Satellite 6 and also Red Hat Subscription Management (RHSM) is that the tools now maintain an accurate inventory of what systems are consuming which subscription. This document will illustrate how to use hammer and other tools to extract subscription consumption information from Satellite. This information is useful for audit/reporting and other usages. Prerequisites It is important that you have read (or understand) the concepts as presented in: The Hammer...
    Posted 2017-02-21T14:29:47+00:00 - 5
  • Is Your Bond Strong?

    Most critical physical systems use multiple network interfaces bonded together to provide redundancy and, depending on the workload, to provide greater network throughput. Bonding can be configured in either manner depending on the mode specified in the bonding configuration file. It is quite common to misconfigure bonding. It is case sensitive so something might be capitalized that shouldn’t be. You might have misunderstood the documentation and configured an incorrect or suboptimal bonding...
    Posted 2017-02-13T15:12:49+00:00 - 0
  • Questions and Answers from the January 2017 Satellite Ask-Me-Anything session

    Satellite 6 Ask Me Anything FAQ As promised, listed below are the responses to the questions we received in our Jan 2017 Satellite Ask Me Anything session. We are running another Ask Me Anything on 14 Feb, so feel free to join us again. SUBSCRIPTIONS Question: On the subscription comments... you have to give it a subscription id with hammer. I have a bunch of VMs that came in with the wrong license that should be under the datacenter model. The only way I've found to fix this through the UI...
    Posted 2017-02-09T22:49:02+00:00 - 0
  • Do you know where that open source came from?

    Last year, while speaking at RSA, a reporter asked me about container provenance. This wasn’t the easiest question to answer because there is a lot of nuance around containers and what’s inside them. In response, I asked him if he would eat a sandwich he found on the ground. The look of disgust I got was priceless, but it opened up a great conversation. Think about it this way: If there was a ham sandwich on the ground that looked mostly OK, would you eat it? You can clearly see it’s a ham...
    Posted 2017-02-08T14:30:00+00:00 - 0
  • Satellite 6.2.7 is released

    Satellite 6.2.7 has been released today. There is one erratum for the server [1] and one for the hosts[2]. The install ISOs will be updated later this week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the release before upgrading. Please reach out to the Satellite team in...
    Posted 2017-01-26T13:40:20+00:00 - 4
  • Introducing Topics, Redesigned Actions & Additional Features

    You may have noticed that the interface for Red Hat Insights underwent some changes recently. Our developers have been hard at work to provide a richer, more streamlined experience based on your feedback and recently released some new features. Here is a detailed list of recent Insights UI improvements. Introducing Topics - Topics are a new way to present groups of actionable intelligence providing Insights with additional categories such as SAP, Oracle, kdump and networking. Redesigned...
    Posted 2017-01-24T16:21:13+00:00 - 0
  • Subscription-manager for the former Red Hat Network User: Part 11 - Identity Certificates

    Overview Alternate title: Better living, via X.509, part two Identity certificates are an important component of the subscription-manager toolkit. Understanding their usage makes working with subscription-manager significantly easier. Prerequisites It is important that you have read (or understand) the concepts as presented in: Subscription-manager for the former Red Hat Network User: Part 8 - Product Certificates What is an Identity Certificate & why are they important? Identity...
    Posted 2017-01-20T13:24:03+00:00 - 0
  • Subscription-manager for the former Red Hat Network User: Part 10 - Instance Based Subscriptions

    Overview Instance Based Subscriptions are a type of subscription that allows the end user flexible deployment options. This article describes their usage with the subscription tooling. Prerequisites It is important that you have read (or understand) the concepts as presented in: Subscription-manager for the former Red Hat Network User: Part 2 - Subscription-manager learns grep What is an Instance Based Subscription? To provide a more flexible and intuitive way of managing your Red Hat...
    Posted 2017-01-20T09:33:49+00:00 - 0
  • Subscription-manager for the former Red Hat Network User: Part 9 - A Case Study with activation keys.

    Overview Activation keys are one of the more important features in the workflow of provisioning and registering hosts. They setup many of the things needed to properly build a host. Prerequisites It is important that you have read (or understand) the concepts as presented in: Subscription-manager for the former Red Hat Network User: Part 3 - Understanding virt-who Subscription-manager for the former Red Hat Network User: Part 4 - Understanding Subscription Manifests Subscription-manager for...
    Posted 2017-01-17T14:01:18+00:00 - 1
  • Upgrade Advisory for Satellite 5.6 customers running Satellites hosted on Red Hat Enterprise Linux version 5.

    Overview Upgrade Advisory for Satellite 5.6 customers running Satellites hosted on Red Hat Enterprise Linux version 5. Affected customers Satellite 5.6 customers whose Satellite server whose underlying operating system is Red Hat Enterprise Linux 5 Unaffected customers Satellite 5.7 customers. Satellite 5.6 customers whose Satellite server whose underlying operating system is Red Hat Enterprise Linux 6 Details As per the Red Hat Enterprise Linux Lifecycle, Red Hat Enterprise Linux 5 will be...
    Posted 2017-01-16T18:05:11+00:00 - 2
  • Debugging a kernel in QEMU/libvirt

    A kernel bug announced on oss-security list claims to create a situation in which memory corruption can panic the system, by causing an integer used in determining the size of TCP send and receive buffers to be a negative value. Red Hat engineering sometimes backports security fixes and features from the current kernel, diverging the Red Hat Enterprise Linux kernel from upstream and causing some security issues to no longer apply. This blog post shows how to use live kernel debugging to...
    Posted 2017-01-11T14:30:00+00:00 - 0
  • Put Your SAP Applications on a Firm Foundation

    Red Hat Insights is all about making sure your systems are running as smoothly as possible. Not just for Red Hat applications, but also for your other enterprise apps. We’ve begun developing rules tailored to large enterprise applications that could use the fine tuning expertise that Red Hat provides. We’ve nailed down the optimal settings required by SAP apps, and now Insights can let you know if those are in place on your systems. We’ve introduced SAP related rules for alerting you to system...
    Posted 2017-01-06T13:54:30+00:00 - 2
  • A separate lifecycle for Puppet modules in Satellite 6

    Since it's initial release in September of 2014, Satellite 6 has offered a complete systems management solution that includes Puppet for configuration management. The built-in Puppet master on the Satellite can service hundreds of clients. When scaling out is required, adding additional capsules allows you to easily bring up the number of clients your Satellite infrastructure can service. Content Views As part of its content management functionality, Satellite offers a built-in mechanism to...
    Posted 2017-01-05T23:11:12+00:00 - 3
  • Deprecation of Insecure Algorithms and Protocols in RHEL 6.9

    Cryptographic protocols and algorithms have a limited lifetime—much like everything else in technology. Algorithms that provide cryptographic hashes and encryption as well as cryptographic protocols have a lifetime after which they are considered either too risky to use or plain insecure. In this post, we will describe the changes planned for the 6.9 release of Red Hat Enterprise Linux 6, which is already on Production Phase 2. Balancing Legacy Use Cases and Modern Threats For the RHEL...
    Posted 2017-01-03T14:30:00+00:00 - 0
  • Pythonic code review

    Most of us programmers go through technical interviews every once in a while. At other times, many of us sit on the opposite side of the table running these interviews. Stakes are high, emotions run strong, intellectual pressure builds up. I have found that an unfortunate code review may turn into something similar to a harsh job interview. While it is theoretically in the best interest of the whole team to end up with high quality code, variations in individual's technical background, cultural...
    Posted 2016-12-14T14:30:00+00:00 - 0
  • Satellite 6.2.5 is released

    Satellite 6.2.5 has been released today. 6.2.5 introduces many performance and stability improvements. There are two errata, one for the server [1] and one for the clients [2]. The install ISOs will be updated later this week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the...
    Posted 2016-12-12T20:57:13+00:00 - 1

Pages