• Why New Relic Synthetics?

    Do you think it's important for a web property to have the following? Ability to detect application outages from a customers perspective for both web apps and APIs An accurate uptime score, based on if the application is Up for the customer Ability to be alerted to user experience degradation Ability to diagnose and troubleshoot problems with CDN or DNS Ability to show performance gains over time from a customers perspective Ability to track performance gains by introducing changes to the CDN...
    Posted 2017-06-15T14:51:00+00:00 - 0
  • June 2017 service release: New and improved Red Hat Insights features and functionality

    The Red Hat Insights team is pleased to highlight our first post-Summit 2017 service release for functionality and feature enhancement. Red Hat Insights is a Software-as-a-Service (SaaS) that potentially prevents downtime by enabling customers to proactively monitor for infrastructure risks and critical security alerts detected in their environments, while requiring no added infrastructure. Insights offers automated remediation capabilities via Ansible Playbooks, as well as Executive Reporting...
    Posted 2017-06-07T17:04:51+00:00 - 0
  • Ansible and Insights Part 2 - Automating Ansible Core remediation

    As we discussed in our previous blog post about enabling Ansible automation with Insights, we will look closer at taking findings from Insights and using the actionable intelligence provided to perform an automated remediation via Ansible playbook. Ansible Tower setup and remediation will be covered in an upcoming post. Currently you can generate playbooks for Insights and Tower via Red Hat's customer portal. An upcoming release of Satellite 6 will further integrate Insights automated...
    Posted 2017-06-01T15:55:58+00:00 - 0
  • Secure XML Processing with JAXP on EAP 7

    The Java Development Kit (JDK) version 8 provides the Java API for XML Processing (JAXP). If a developer is using JAXP on Red Hat JBoss Enterprise Application Platform (EAP) 7 they need to be aware that Red Hat JBoss EAP 7 ships it's own implementation, with some differences from JDK 8 that are covered in this article. Background There have been three issues raised in the month of May 2017 relating to JAXP on Red Hat JBoss EAP 7: CVE-2017-7464, CVE-2017-7465, and CVE-2017-7503. All of the...
    Posted 2017-06-01T13:30:00+00:00 - 0
  • The RHSA notifications you want, right in your Inbox

    Red Hat Product Security takes pride in the quality and timeliness of its Security Advisories and all the accompanying information we publish for every erratum and vulnerability that we track and fix in our products. There are many ways in which customers and the general public can get notified about those advisories and errata and one of the most commonly used is the rhsa-announce mailing list. This list has been around for nearly 10 years, and we have recently taken steps to increase its...
    Posted 2017-05-17T13:30:00+00:00 - 10
  • Ansible and Insights Part 1 - Insights Automatic Remediation is Here

    Pairing Ansible and Insights may be the smartest thing since putting peanut butter and jelly together. With this partnership, we’ve enabled the ability for you to download playbooks from Insights to solve the problems in your infrastructure. With a few clicks, you can stop worrying, kick back, and bask in the glorious rays of automation. Our developers have done all the work of creating playbooks for you so that you don’t have to come up with them yourselves. We go through each rule in the...
    Posted 2017-05-15T21:06:53+00:00 - 0
  • Satellite 6.2.9 is released

    Satellite 6.2.9 has been released today. 6.2.9 introduces many fixes based on delivering high priority fixes and RFEs. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated later this week. Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. Customers who have received hotfixes should verify the list below to ensure their hotfix is...
    Posted 2017-04-30T14:05:02+00:00 - 6
  • Security Scoring and Grading for Container Images

    We have just rolled out an update to the interface of the Red Hat Container Catalog that attempts to answer to the question of whether or not a particular container image available in the Container Catalog can be considered secure. In the interests of transparency providing as much information as available to deploy the right container image for their needs, we are excited about these new capabilities in the Red Hat Container Catalog and wanted to give a little insight on our rationale....
    Posted 2017-04-25T16:26:09+00:00 - 0
  • Join us at Red Hat Summit 2017

    As you’ve probably heard, this year’s Red Hat Summit is in Boston May 2-4. Product Security is looking forward to taking over multiple sessions and activities over the course of those 3 days, and we wanted to give you a sneak peek of what we have planned. Sessions There will be A LOT of Product Security sessions including: Tuesday, May 2 Time Session Title Room 10:15-11:00AM L102598 - Practical OpenSCAP—Security standard compliance and reporting Room 252B 10:15-11:00AM S102106 - Red...
    Posted 2017-04-19T13:30:00+00:00 - 0
  • Determining your risk

    Red Hat continues to be a leader in transparency regarding security problems that are discovered in our software and the steps we take to fix them. We publish data about vulnerabilities on our security metrics page and recently launched an API Service that allows easier (and searchable) access to the same data. This data is important to administrators for understanding what known security problems exist and determining what they should do about it. Pitfalls of comparing version numbers...
    Posted 2017-04-12T13:30:00+00:00 - 0
  • What’s Your Total Risk?

    Recently we rolled out a couple new features to help you assess and prioritize your risk. These would be the Likelihood and Impact that you will see assigned to individual Insights Rules. Likelihood is the probability that a system will experience impact described in the rule. Since we are trying to be proactive in detecting the conditions before there is an impact, Likelihood is an important factor when prioritizing work. The higher the Likelihood, the more urgent it is to proactively...
    Posted 2017-04-10T19:25:12+00:00 - 2
  • Red Hat Satellite 5.8 Beta Now Available for Testing

    Red Hat Satellite 5.8 Beta Now Available for Testing The Red Hat Satellite team is pleased to announce the beta release of Red Hat Satellite 5.8. The Satellite 5.8 Beta represents the last minor release of the Satellite 5 product line. For customers planning to stay on Satellite 5 through the end of production and access extended life cycle support in early 2019, we encourage you to test the Satellite 5.8 Beta to plan your eventual upgrade. WHAT’S COMING IN 5.8?: Increased speed with channel...
    Posted 2017-04-06T15:02:21+00:00 - 0
  • Changes coming to TLS: Part Two

    In the first part of this two-part blog we covered certain performance improving features of TLS 1.3, namely 1-RTT handshakes and 0-RTT session resumption. In this part we shall discuss some security and privacy improvements. Remove Obsolete and insecure cryptographic primitives Remove RSA Handshakes When RSA is used for key establishment there is no forward secrecy, which basically means that an adversary can record the encrypted conversation between the client and the server and later if it...
    Posted 2017-04-05T13:30:00+00:00 - 2
  • Changes coming to TLS: Part One

    Transport layer Security version 1.3 (TLS 1.3) is the latest version of the SSL/TLS protocol which is currently under development by the IETF. It offers several security and performance improvements as compared to the previous versions. While there are several technical resouces which discuss the finer aspects of this new protocol, this two-part article is a quick reference to new features and major changes in the TLS protocol. Faster Handshakes In TLS, before data can be encrypted, a secure...
    Posted 2017-03-29T13:30:00+00:00 - 0
  • Customer security awareness: alerting you to vulnerabilities that are of real risk

    Every day we are bombarded with information. Something is always happening somewhere to someone and unfortunately it's rarely good. Looking at this through the lens of information security, NOT getting the right details at the appropriate time could be the difference from stopping and blocking an attack, or being the next sad, tragic headline... Red Hat Product Security oversees the vulnerability remediation for all of Red Hat's products. Our dual mission of governing guidelines and standards...
    Posted 2017-03-22T13:30:00+00:00 - 0
  • Questions and Answers from the February 2017 Satellite Ask-Me-Anything session

    Satellite 6 Ask Me Anything FAQ As promised, listed below are the responses to the questions we received in our Feb 2017 Satellite Ask Me Anything session. AMA Feb Questions January AMA Q&A: https://access.redhat.com/blogs/1169563/posts/2918221 Next steps: Create 2nd blog post before Tuesday AMA (linking to January Q&A as reference); Later in March, create Satellite 6 Technical FAQ Content Views Question: Does a composite content view duplicate all content in the content views it...
    Posted 2017-03-14T09:36:28+00:00 - 0
  • SPECIAL OFFER - Red Hat Satellite 6 Administration Video Classroom

    Newly launched this week is the Red Hat Satellite 6 Administration (RH403) Video Classroom course! Red Hat is offering a discount of 20% off the video classroom course if you register before August 31st, 2017. Why did we launch a Satellite 6 video classroom course? Video classrooms provide you with an interactive "classroom" experience, anywhere you choose. When traveling to an in-person class and spending a week away from the office isn't feasible, having a self-paced video training option is...
    Posted 2017-03-13T13:55:23+00:00 - 0
  • Red Hat Product Security Risk Report 2016

    At Red Hat, our dedicated Product Security team analyzes threats and vulnerabilities against all our products and provides relevant advice and updates through the Red Hat Customer Portal. Customers can rely on this expertise to help them quickly address the issues that can cause high risks and avoid wasting time or effort on those that don’t. Red Hat delivers certified, signed, supported versions of the open source solutions that enable cost-effective innovation for the enterprise. This is the...
    Posted 2017-03-07T14:39:02+00:00 - 0
  • Satellite 6.2.8 is released

    Satellite 6.2.8 has been released today as part of RHBA-2017:0447 Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions in the Installation Guide. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the release before upgrading. Please reach out to the Satellite team in these cases. A number of significant improvements are delivered in this...
    Posted 2017-03-06T10:33:52+00:00 - 4
  • How Threat Modeling Helps Discover Security Vulnerabilities

    Application threat modeling can be used as an approach to secure software development, as it is a nice preventative measure for dealing with security issues, and mitigates the time and effort required to deal with vulnerabilities that may arise later throughout the application's production life cycle. Unfortunately, it seems security has no place in the development life cycle, however, while CVE bug tracking databases and hacking incident reports proves that it ought to be. Some of the...
    Posted 2017-03-02T21:00:00+00:00 - 0
  • Keep your Satellite in orbit with Insights

    For many customers, Satellite is a vital part of their infrastructure - distributing and managing package updates, organizing systems, and providing a robust virtualization infrastructure. The overall health of your Satellite system can impact much of your daily workflow within your environment. Issues with Satellite can lead you into digging through log files, googling for answers, or calling support to find the source of the problem. With Insights, you can save multiple hours of...
    Posted 2017-02-27T15:21:28+00:00 - 0
  • Debugging a kernel in QEMU/libvirt - Part II

    This blog has previously shown how to configure a Red Hat Enterprise Linux system for kernel debugging, it expects that the system has been configured, have the source code matching the installed kernel version handy, and the reader is ready to follow along. This should not be running on a productions system as system function interruption is guaranteed. The particular problem that will be investigated is CVE-2016-9793. As discussed on the Oss-security list, this vulnerability was classified...
    Posted 2017-02-24T14:30:00+00:00 - 0
  • Subscription-manager for the former Red Hat Network User: Part 12 - Subscription Reporting Tools

    Overview One of the big changes with Satellite 6 and also Red Hat Subscription Management (RHSM) is that the tools now maintain an accurate inventory of what systems are consuming which subscription. This document will illustrate how to use hammer and other tools to extract subscription consumption information from Satellite. This information is useful for audit/reporting and other usages. Prerequisites It is important that you have read (or understand) the concepts as presented in: The Hammer...
    Posted 2017-02-21T14:29:47+00:00 - 10
  • Is Your Bond Strong?

    Most critical physical systems use multiple network interfaces bonded together to provide redundancy and, depending on the workload, to provide greater network throughput. Bonding can be configured in either manner depending on the mode specified in the bonding configuration file. It is quite common to misconfigure bonding. It is case sensitive so something might be capitalized that shouldn’t be. You might have misunderstood the documentation and configured an incorrect or suboptimal bonding...
    Posted 2017-02-13T15:12:49+00:00 - 0
  • Questions and Answers from the January 2017 Satellite Ask-Me-Anything session

    Satellite 6 Ask Me Anything FAQ As promised, listed below are the responses to the questions we received in our Jan 2017 Satellite Ask Me Anything session. We are running another Ask Me Anything on 14 Feb, so feel free to join us again. SUBSCRIPTIONS Question: On the subscription comments... you have to give it a subscription id with hammer. I have a bunch of VMs that came in with the wrong license that should be under the datacenter model. The only way I've found to fix this through the UI...
    Posted 2017-02-09T22:49:02+00:00 - 0

Pages

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.