• Managing risk in the modern world

    Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to happy outcomes. “Should I get out of bed today?”, “Should I eat this sushi they are selling in this gas station?”, “Can you hold my beverage?”. The challenges of modern-day existence can be very daunting. With this blog, I’m sharing how I’d advise organizations to consider IT-related...
    Posted 2018-08-14T15:30:00+00:00 - 0
  • How SELinux helps mitigate risk while facilitating compliance

    Many of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform and Red Hat OpenStackⓇ Platform. In this blog post, we use PCI-DSS to highlight some of the benefits of SELinux. Though there are many other security standards that affect our customers, we selected PCI-DSS based on a...
    Posted 2018-08-09T13:30:00+00:00 - 0
  • Security Technologies: ExecShield

    The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A majority of exploitable security flaws are due to memory corruption. ExecShield, a Red Hat-developed technology, included since Red Hat Enterprise Linux 3, aims to help protect systems from this type of exploitable security flaws. Buffer...
    Posted 2018-07-25T13:30:00+00:00 - 0
  • Plans within Satellite!

    Remediation plans within Satellite! One of the most exciting capabilities in Satellite 6.3 is greater integration with Red Hat Insights. Although there are tons of other great features, this one is so important I thought it worth a blog post. Using Red Hat Insights from the Satellite UI is now no different than using it in the Customer Portal. The coolest added feature brings the full functionality of Insights Planner to Satellite (planner itself was added in 6.2). You can now create...
    Posted 2018-07-23T09:46:03+00:00 - 0
  • SPECTRE Variant 1 scanning tool

    As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this tool via this article. This tool is not a Red Hat product. As such, it is not supported and does not come with any kind of warranty. The tool only works on static binaries and does not simulate an entire running system. This means it will neither follow jumps through...
    Posted 2018-07-18T13:30:00+00:00 - 0
  • Insights Security Hardening Rules

    Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about the other category of security related rules, those related to security hardening. In all of the products we ship, we make a concerted effort to ship thoughtful, secure default settings to minimize the amount of configuration needed to do...
    Posted 2018-07-12T13:30:00+00:00 - 0
  • Red Hat’s disclosure process

    Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around responsible disclosure. It has caused us to look back to see what went wrong so as to prevent this from happening in the future. Because of how important our relationships with the community and industry partners are and how seriously we treat non-...
    Posted 2018-07-10T13:00:00+00:00 - 0
  • What you need to know to be ready for Satellite 6.4 and Puppet 5

    As we work towards a Satellite 6.4 release this fall there are some very important changes to Puppet that are coming that the Satellite team wants to prepare you for. Note: This affects ALL Satellite 6.3 users, even if you are not using Puppet or if you are using Puppet Enterprise. The last few releases of Satellite have supported Puppet 3.8, a version which has been end-of-life since December 31, 2016. Satellite 6.3 introduced support for Puppet 4, but since there were some major changes on...
    Posted 2018-06-26T22:49:49+00:00 - 6
  • Satellite 6.3.2 is now available

    Satellite 6.3.2 has just been released. The main driver for the 6.3.2 release is allowing customers to disable weak ciphers, but there are several other new features and fixes. There are two errata for the server [1][3] and one for the hosts [2]. The install ISOs will be updated later this week. Customers who have already upgraded to Satellite 6.3 should follow the instructions in the errata. Customers who are on older versions of Satellite should refer to the Upgrading and Updating Red Hat...
    Posted 2018-06-20T07:04:16+00:00 - 0
  • Insights 103

    Back in the Hood!! After a crazy and exciting week of innovations in San Francisco, here I am again to tell you a bit more on how to customize Red Hat Insights to your needs! To blacklist or not to blacklist, that is the question As explained in my previous post Red Hat Insights 102, you can control the data Red Hat Insights sends to Red Hat servers, how data is sent, and when it is sent. But deviating from the default has its drawbacks too. We want to provide our customers with the necessary...
    Posted 2018-05-29T19:35:47+00:00 - 1
  • Satellite 6.2.15 is now available

    Red Hat Satellite 6.2.15 includes bug fixes for improving the performance of Satellite 6.2.x. There is one erratum for the server [1] and one for the hosts [2]. ISOs should be published next week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions in the Satellite 6.2 Installation Guide. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in...
    Posted 2018-05-23T11:23:32+00:00 - 1
  • Go West, [not so] young Spinks: One Satellite member’s guide to Red Hat Summit 2018

    Greetings! I’m John Spinks, Technical Marketing Manager for Satellite. While I’m relatively new to Red Hat, I get to work with Red Hat Satellite engineers and customers every day. Next week is my first Red Hat Summit so I’m excited to get to see so many of both in one place. Not only is this my first Summit as an attendee, I’m honored to say that this will also be my first time at Summit as a speaker. Brent Midwood and I will be presenting the session: Live Demonstration: Find it. Fix it....
    Posted 2018-05-02T13:10:32+00:00 - 0
  • Red Hat Management & Automation with Insights at Red Hat Summit San Francisco 2018!

    Hi again everyone, I'm Will Nix, Technical Evangelist for Red Hat Management & Automation and I'm headed into my 7th year here at Red Hat. I'm really excited for everyone to join us this year at Red Hat Summit 2018 in San Francisco's Moscone center. For the past several years I've presented at Summit, and again this year I'll be presenting in several sessions, labs, and workshops. Check out a really brief description below and join me! Sign up for the events in your Red Hat Summit app, and...
    Posted 2018-05-01T15:21:09+00:00 - 1
  • Satellite 5 and RHN End of Life - Making sure that you are only connected to RHSM.

    Have you completed your migration from Satellite 5 to Satellite 5.8, but you keep getting messages from us about upgrading before January 31, 2019? It could be that your systems are still registered with Red Hat Network (RHN), even if you have moved to a newer version. Let's walk through a couple steps to show you how you can check and see if you are registered with RHN or Red Hat Subscription Manager (RHSM). I moved to Satellite 6 - Does this affect me? If you have moved off of Satellite 5 to...
    Posted 2018-04-30T13:00:07+00:00 - 1
  • What is tar and why does OpenShift Container Application Platform use it?

    Tar is a Posix standard archiving utility originally meant for making tape archives; one of tar's most enduring uses has been for system backups. Tar can take everything that is stored on a filesystem and store it in a structured file, including special files such as links and devices. This capability has made tar a popular storage format for more than 38 years. Red Hat's OpenShift Container Application Platform is a PaaS (Platform as a Service) that integrates many Red Hat software components...
    Posted 2018-04-27T19:04:54+00:00 - 0
  • Join us in San Francisco at the 2018 Red Hat Summit

    This year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA. Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show. Here is a sneak peek at the more than 125 sessions that a security-minded attendee can see at Summit this year. Sessions Cloud Management and Automation S1181 - Automating security and compliance for hybrid environments S1467 - Live demonstration: Find it. Fix it. Before it breaks....
    Posted 2018-04-23T14:30:00+00:00 - 0
  • Certificate Transparency and HTTPS

    Google has announced that on April 30, 2018, Chrome will: “...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate that is not compliant with the Chromium CT Policy, users will begin seeing a full page interstitial indicating their connection is not CT-compliant. Sub-resources served over https connections that are not CT-compliant will fail to load...
    Posted 2018-04-17T15:00:01+00:00 - 0
  • Satellite 6.3.1 is now available

    Red Hat Satellite 6.3.1 includes packages that supports Red Hat Enterprise Linux 7.5 as well as a variety of performance enhancements and general bug fixes. Especially notable is the improvements in the performance of content views. In our tests we've seen publishing of a single content view on RHEL7 redunce in time by 43% and publishing of composite views reduced 95%. To put numbers to this 6.3.0 took 320 seconds to publish a composite view while 6.3.1 took 14 seconds to publish the same CV...
    Posted 2018-04-13T14:43:30+00:00 - 0
  • Preparing to Upgrade Satellite? Open a Proactive Support Case.

    Worried about your upcoming Satellite upgrade? Don’t be. In addition to our detailed upgrade documentation, our support team has been through hundreds of upgrades and they’re happy to help if something deviates from your expectations. In order to optimize your upgrade experience if you chose to engage our support team, please submit what we call a “Proactive Support Case” ahead of your planned upgrade window. Why should you do this? This will allow for an experienced Satellite support...
    Posted 2018-04-11T16:33:49+00:00 - 1
  • Harden your JBoss EAP 7.1 Deployments with the Java Security Manager

    Overview The Java Enterprise Edition (EE) 7 specification introduced a new feature which allows application developers to specify a Java Security Manager (JSM) policy for their Java EE applications, when deployed to a compliant Java EE Application Server such as JBoss Enterprise Application Platform (EAP) 7.1. Until now, writing JSM policies has been pretty tedious, and running with JSM was not recommended because it adversely affected performance. Now a new tool has been developed which allows...
    Posted 2018-03-14T13:30:00+00:00 - 2
  • Securing RPM signing keys

    RPM Package Manager is the common method for deploying software packages to Red Hat Enterprise Linux, Fedora Project, and their derivative Linux operating systems. These packages are generally signed using an OpenPGP key, implementing a cryptographic integrity check, enabling the recipient the ability to verify that no modifications occurred after the package was signed (assuming the recipient has a copy of the sender’s public key). This model assumes that the signer has secured the RPM...
    Posted 2018-03-07T14:30:00+00:00 - 0
  • Let's talk about PCI-DSS

    For those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases. PCI-DSS requires that all vulnerabilities rated equal to, or higher than, CVSS 4.0 must be addressed by PCI-DSS compliant organizations (notably, those which process and/or store cardholder data). While this was done with the best of intentions, it has had an impact on many...
    Posted 2018-02-28T14:30:00+00:00 - 2
  • Satellite 6.3 is now available

    Red Hat Satellite 6.3 is now available. Red Hat is pleased to announce the general availability of Red Hat Satellite 6.3. The latest release increases product stability and usability, and introduces new and enhanced features designed to meet user needs. Key features of Red Hat Satellite 6.3 are organized into key content areas below. Most of the new features include links to the feature overview available on the content portal. Content Management: Improved content download policies and...
    Posted 2018-02-21T16:57:28+00:00 - 41
  • JDK approach to address deserialization Vulnerability

    Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. This article focuses on Java deserialization vulnerability and explains how Oracle provides a mitigation framework in it's latest Java Development Kit (JDK) version...
    Posted 2018-02-21T14:30:00+00:00 - 0
  • Insights 102

    Before we begin... Before we begin with how to configure Red Hat Insights to be tailored to your needs (in terms of controlling what is sent to Red Hat servers and how it is sent) let me please remind you of the very basics of Red Hat Insights… Can I control what Red Hat Insights is doing behind the curtains? Absolutely! Red Hat Insights collects metadata about the runtime configuration of a system. The data collected is 1% of what would be collected via sosreport during a support case. The...
    Posted 2018-02-19T17:58:15+00:00 - 0

Pages

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.