Red Hat Security Blog: April 2014 archives

  • SSL/TLS Everywhere – visions of a secure OpenStack

    As most people familiar with OpenStack are already aware, it is made up of many software components that are typically deployed in a distributed manner. The more scalable an OpenStack deployment is, the more distributed the underlying components are as the infrastructure is usually scaled out horizontally on commodity hardware. As a consequence of this distributed architecture, there are many communication channels used between all of the software components. We have users communicating...
    Posted 2014-04-23T13:42:34+00:00 - 0
  • New Red Hat Enterprise Linux 7 Security Feature: systemd-journald

    A lot has already been written about systemd-journald. For example, this article describes the security benefits of the journal. I would argue that systemd-journal is not a full replacement for syslog. The syslog format is ubiquitous, and I don't see it going away. On all Red Hat Enterprise Linux 7 machines, syslog will still be on by default. This is because it's still the defacto mechanism for centralizing your logging data, and most tools that analyze log data read syslog data. The journald...
    Posted 2014-04-11T13:30:53+00:00 - 0
  • New Red Hat Enterprise Linux 7 Security Feature: systemd Starting Daemons

    Why is this a security feature? In previous releases of Red Hat Enterprise Linux, system daemons would be started in one of two ways: At boot, init (sysV) launches an initrc script and then this script launches the daemon. An admin can log in and launch the init script by hand, causing the daemon to run. Let me show you what this means from an SELinux point of view. NOTE: In the code below, @ means execute, --> indicates transition, and === indicates a client/server communication. The...
    Posted 2014-04-08T13:30:52+00:00 - 0