Red Hat Customer Portal

Skip to main content

  • Debugging a kernel in QEMU/libvirt

    A kernel bug announced on oss-security list claims to create a situation in which memory corruption can panic the system, by causing an integer used in determining the size of TCP send and receive buffers to be a negative value. Red Hat engineering sometimes backports security fixes and features from the current kernel, diverging the Red Hat Enterprise Linux kernel from upstream and causing some security issues to no longer apply. This blog post shows how to use live kernel debugging to...
    Posted 2017-01-11T14:30:00+00:00 - 0
  • Put Your SAP Applications on a Firm Foundation

    Red Hat Insights is all about making sure your systems are running as smoothly as possible. Not just for Red Hat applications, but also for your other enterprise apps. We’ve begun developing rules tailored to large enterprise applications that could use the fine tuning expertise that Red Hat provides. We’ve nailed down the optimal settings required by SAP apps, and now Insights can let you know if those are in place on your systems. We’ve introduced SAP related rules for alerting you to system...
    Posted 2017-01-06T13:54:30+00:00 - 2
  • A seperate lifecycle for Puppet modules in Satellite 6

    Since it's initial release in September of 2014, Satellite 6 has offered a complete systems management solution that includes Puppet for configuration management. The built-in Puppet master on the Satellite can service hundreds of clients. When scaling out is required, adding additional capsules allows you to easily bring up the number of clients your Satellite infrastructure can service. Content Views As part of its content management functionality, Satellite offers a built-in mechanism to...
    Posted 2017-01-05T23:11:12+00:00 - 0
  • Deprecation of Insecure Algorithms and Protocols in RHEL 6.9

    Cryptographic protocols and algorithms have a limited lifetime—much like everything else in technology. Algorithms that provide cryptographic hashes and encryption as well as cryptographic protocols have a lifetime after which they are considered either too risky to use or plain insecure. In this post, we will describe the changes planned for the 6.9 release of Red Hat Enterprise Linux 6, which is already on Production Phase 2. Balancing Legacy Use Cases and Modern Threats For the RHEL...
    Posted 2017-01-03T14:30:00+00:00 - 0
  • Pythonic code review

    Most of us programmers go through technical interviews every once in a while. At other times, many of us sit on the opposite side of the table running these interviews. Stakes are high, emotions run strong, intellectual pressure builds up. I have found that an unfortunate code review may turn into something similar to a harsh job interview. While it is theoretically in the best interest of the whole team to end up with high quality code, variations in individual's technical background, cultural...
    Posted 2016-12-14T14:30:00+00:00 - 0
  • Satellite 6.2.5 is released

    Satellite 6.2.5 has been released today. 6.2.5 introduces many performance and stability improvements. There are two errata, one for the server [1] and one for the clients [2]. The install ISOs will be updated later this week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the...
    Posted 2016-12-12T20:57:13+00:00 - 1
  • Migrating from Satellite 5 to 6

    Overview Red Hat’s Systems Engineering group recently tackled the task of migrating their lab infrastructure from Satellite 5.6 to Satellite 6.2.4. The Satellite 5.6 server managed several hundred physical and virtual machines. The migration consisted of moving over DNS, DHCP, TFTP, PXE, custom provisioning scripts, and content. For those unfamiliar with Satellite 6 and it’s capabilities, please refer to: https://access.redhat.com/products/red-hat-satellite Let’s take a look at how we...
    Posted 2016-12-09T18:39:36+00:00 - 2
  • A leap second is coming

    The basic timekeeping standard for almost all of the world's local time zones is called Coordinated Universal Time (UTC). UTC is derived from International Atomic Time (TAI) and Universal Time (UT1), also known as mean solar time because it’s the time it takes for the Earth to rotate once on its axis. Because the rotation of the earth varies a bit over time and is slowly decreasing its mean rotation speed, a deviation occurs between UTC and UT1. When this deviation approached .9 seconds, a leap...
    Posted 2016-12-01T07:50:45+00:00 - 0
  • Evolution of the SSL and TLS protocols

    The Transport Layer Security (TLS) protocol is undoubtedly the most widely used protocol on the Internet today. If you have ever done an online banking transaction, visited a social networking website, or checked your email, you have most likely used TLS. Apart from wrapping the plain text HTTP protocol with cryptographic goodness, other lower level protocols like SMTP and FTP can also use TLS to ensure that all the data between client and server is inaccessible to attackers in between. This...
    Posted 2016-11-16T14:30:00+00:00 - 0
  • Subscription-manager for the former Red Hat Network user - part 8 - Product Certificates

    Alternate title: Better living via X.509 part 1 Overview Product certificates are an important component of the subscription-manager toolkit. Understanding their usage makes working with subscription-manager significantly easier. What is a product certificate? Product certificates, which are x.509 certificates found in either the /etc/pki/product or /etc/pki/product-default directories are a means for the subscription tools to accurately track which Red Hat products are installed on a system....
    Posted 2016-11-15T12:49:46+00:00 - 0
  • Don’t panic! Don’t let your kernel do it either.

    A system crash can be one of the most frustrating issues that administrators can encounter in their day to day work. They often strike without warning, require hard reboots, and can kill a process uncleanly, leaving various locked files in place that an admin must go back and manually clean up. These kind of interruptions can take a few minutes to a few hours to overcome. That’s time you could be spending engineering new solutions that change the world, or at the very least, drinking some...
    Posted 2016-11-11T17:54:37+00:00 - 0
  • Satellite 6.2.4 is released

    Satellite 6.2.4 has been released today. 6.2.4 introduces many performance and stability improvements. There are two errata, one for the server [1] and one for the clients [2]. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. Previously released (which we did not post a blog post for) was Satellite 6.2.3, which included a number of fixes [4][[5], and a new feature: Lazy Sync Lazy...
    Posted 2016-11-10T12:51:24+00:00 - 3
  • Understanding and mitigating the Dirty Cow Vulnerability

    Rodrigo Freire & David Sirrine - Red Hat Technical Account Management Team Dirty Cow (CVE-2016-5195) is the latest branded vulnerability, with a name, a logo, and a website, to impact Red Hat Enterprise Linux. This flaw is a widespread vulnerability and spans Red Hat Enterprise Linux versions 5, 6, and 7. Technical details about the vulnerability and how to address it can be found at: Kernel Local Privilege Escalation "Dirty COW" - CVE-2016-5195. In order to be successful, an attacker must...
    Posted 2016-11-09T14:30:00+00:00 - 2
  • The only thing worse than a crash is not knowing why it happened. Insights can make sure kdump is there for you.

    Recovery is by far the most important first step to take after a system goes down. However, after your systems have recovered, you'll want to perform some level of root cause analysis in order to understand why the crash happened and how to prevent future similar events. This type of analysis is impossible to perform without access to pre-crash system information. Several weeks ago we published a blog entitled Disaster Recovery, which outlined how many systems would be unable to properly...
    Posted 2016-11-04T19:46:23+00:00 - 0
  • From There to Here (But Not Back Again)

    Red Hat Product Security recently celebrated our 15th anniversary this summer and while I cannot claim to have been with Red Hat for that long (although I’m coming up on 8 years myself), I’ve watched the changes from the “0day” of the Red Hat Security Response Team to today. In fact, our SRT was the basis for the security team that Mandrakesoft started back in the day. In 1999, I started working for Mandrakesoft, primarily as a packager/maintainer. The offer came, I suspect, because of the...
    Posted 2016-10-24T13:30:00+00:00 - 0
  • Deploying OpenShift Enterprise on Atomic Host with Satellite 6.2

    The Environment The basic lab environment consists of a single Satellite 6.2 server running an integrated capsule providing the necessary services. Most important for us to consider is DHCP and TFTP for the provisioning the Atomic Host on bare metal hardware. Our Satellite 6.2 server is a bare-metal machine running inside a blade server. Atomic Host is situated in the same VLAN on the network on a separate bare-metal hardware of the same specifications. DNS was set up on the Satellite server,...
    Posted 2016-10-20T19:30:19+00:00 - 0
  • Happy 15th Birthday Red Hat Product Security

    This summer marked 15 years since we founded a dedicated Product Security team for Red Hat. While we often publish information in this blog about security technologies and vulnerabilities, we rarely give an introspection into the team itself. So I’d like, if I may, to take you on a little journey through those 15 years and call out some events that mean the most to me; particularly what’s changed and what’s stayed the same. In the coming weeks some other past and present members of the team...
    Posted 2016-10-17T13:30:00+00:00 - 0
  • Disaster Recovery

    Stability is one of the most important topics in IT. Although a system might have “five 9s” availability (up for 99.999% of time), there is still a chance of a disaster occurring. And when disaster strikes, the most important action for an IT team is to perform proper RCA (Root Cause Analysis). Luckily Red Hat Enterprise Linux created a feature to help with failed systems. Enter kdump kdump is a feature of the linux kernel used to assist with crashed systems. kdump works by booting another...
    Posted 2016-10-14T03:25:04+00:00 - 0
  • Stop taking aspirin to deal with headaches from troubleshooting network availability issues.

    Early in my career I was responsible for maintaining build machines for multiple software engineering teams. Those build machines not only built the actual binaries for the product but they also served up critical services leveraged by engineering teams across the company. Whenever we encountered networking issues with those machines, I distinctly remember opening my email inbox and being inundated with emails from coworkers complaining about problems connecting to those services. I had to...
    Posted 2016-09-23T15:44:13+00:00 - 2
  • Subscription-manager for the former Red Hat Network User: Part 7 - understanding the Red Hat Content Delivery Network

    alternate title: disconnected customers like nice things too. Overview The Red Hat Content Delivery Network (henceforth known as the CDN) is the source of content for Satellite 6. Understanding This document aims to document What the Red Hat CDN is How to mirror it. How to leverage many of the tools in the Satellite 6 product to easily mirror or copy it for disconnected usage What is the Red Hat CDN? The Red Hat Content Delivery Network, nominally accessed via cdn.redhat.com is a...
    Posted 2016-09-20T03:09:42+00:00 - 0
  • Subscription-manager for the former Red Hat Network User: Part 6 - understanding and improving the renewal experience

    Overview Shipped in Red Hat Satellite 6.2.2 are a number of tools to improve the renewal experience. Facts Subscriptions are attached to systems. Subscriptions grant access to content. Without a valid subscription, a system cannot access content. Renewals What is a renewal? A subscription renewal, for all effective purposes is when a subscription expires, and it is replaced with a new subscription. Renewals are at their core, a financial transaction between Red Hat and the customer, where the...
    Posted 2016-09-19T00:37:25+00:00 - 1
  • Red Hat Satellite Organization in Github

    At Red Hat Summit this year, we announced the Red Hat Satellite organization in Github as a means to provide a location to curate scripts/projects that Red Hat employees, customers, and community members have written for usage with Red Hat Satellite. We would like to leverage this organization in the following manner: Provide a clearinghouse of well maintained, but officially unsupported tools known to work with a supported version of Satellite. Allow users of Satellite such as yourselves to...
    Posted 2016-09-18T19:55:29+00:00 - 0
  • Sleep soundly. Insights has new rules to detect unexpected outages.

    Every system administrator knows the feeling of having to wake up in the middle of the night because a server crashed or lost connectivity. This is where Red Hat Insights comes in. Thanks to our expansive knowledge base, the Insights team has been able to identify several critical stability issues that could cause a system outage. Don’t let these issues catch you by surprise. Check out our latest stability rules here! Rule Description Reference The “rpmdbNextIterator” error exists in the...
    Posted 2016-09-16T20:07:01+00:00 - 0
  • Subscription-manager for the former Red Hat Network user - part 5 - Working with subscriptions that require virt-who.

    Overview Many of the various subscriptions that Red Hat offers are sold with the following spirit & terms A subscription is purchased based upon the socket count of a hypervisor. The subscriptions allows some number of quests (usually an UNLIMITED quantity, but sometimes values of 1 & 4 are used) to be instantiated on that hypervisor. These subscriptions require virt-who, the daemon that collects & reports host/guest mapping. This document aims to provide some further insight to...
    Posted 2016-09-16T09:03:40+00:00 - 2
  • A bite of Python

    Being easy to pick up and progress quickly towards developing larger and more complicated applications, Python is becoming increasingly ubiquitous in computing environments. Though apparent language clarity and friendliness could lull the vigilance of software engineers and system administrators -- luring them into coding mistakes that may have serious security implications. In this article, which primarily targets people who are new to Python, a handful of security-related quirks are looked at...
    Posted 2016-09-07T13:30:00+00:00 - 0

Pages