The only thing worse than a crash is not knowing why it happened. Insights can make sure kdump is there for you.
Recovery is by far the most important first step to take after a system goes down. However, after your systems have recovered, you'll want to perform some level of root cause analysis in order to understand why the crash happened and how to prevent future similar events. This type of analysis is impossible to perform without access to pre-crash system information. Several weeks ago we published a blog entitled Disaster Recovery, which outlined how many systems would be unable to properly...From There to Here (But Not Back Again)
Red Hat Product Security recently celebrated our 15th anniversary this summer and while I cannot claim to have been with Red Hat for that long (although I’m coming up on 8 years myself), I’ve watched the changes from the “0day” of the Red Hat Security Response Team to today. In fact, our SRT was the basis for the security team that Mandrakesoft started back in the day. In 1999, I started working for Mandrakesoft, primarily as a packager/maintainer. The offer came, I suspect, because of the...Deploying OpenShift Enterprise on Atomic Host with Satellite 6.2
The Environment The basic lab environment consists of a single Satellite 6.2 server running an integrated capsule providing the necessary services. Most important for us to consider is DHCP and TFTP for the provisioning the Atomic Host on bare metal hardware. Our Satellite 6.2 server is a bare-metal machine running inside a blade server. Atomic Host is situated in the same VLAN on the network on a separate bare-metal hardware of the same specifications. DNS was set up on the Satellite server,...Happy 15th Birthday Red Hat Product Security
This summer marked 15 years since we founded a dedicated Product Security team for Red Hat. While we often publish information in this blog about security technologies and vulnerabilities, we rarely give an introspection into the team itself. So I’d like, if I may, to take you on a little journey through those 15 years and call out some events that mean the most to me; particularly what’s changed and what’s stayed the same. In the coming weeks some other past and present members of the team...Disaster Recovery
Stability is one of the most important topics in IT. Although a system might have “five 9s” availability (up for 99.999% of time), there is still a chance of a disaster occurring. And when disaster strikes, the most important action for an IT team is to perform proper RCA (Root Cause Analysis). Luckily Red Hat Enterprise Linux created a feature to help with failed systems. Enter kdump kdump is a feature of the linux kernel used to assist with crashed systems. kdump works by booting another...Stop taking aspirin to deal with headaches from troubleshooting network availability issues.
Early in my career I was responsible for maintaining build machines for multiple software engineering teams. Those build machines not only built the actual binaries for the product but they also served up critical services leveraged by engineering teams across the company. Whenever we encountered networking issues with those machines, I distinctly remember opening my email inbox and being inundated with emails from coworkers complaining about problems connecting to those services. I had to...Subscription-manager for the former Red Hat Network User: Part 7 - understanding the Red Hat Content Delivery Network
alternate title: disconnected customers like nice things too. Overview The Red Hat Content Delivery Network (henceforth known as the CDN) is the source of content for Satellite 6. Understanding This document aims to document What the Red Hat CDN is How to mirror it. How to leverage many of the tools in the Satellite 6 product to easily mirror or copy it for disconnected usage What is the Red Hat CDN? The Red Hat Content Delivery Network, nominally accessed via cdn.redhat.com is a...Red Hat Satellite Organization in Github
At Red Hat Summit this year, we announced the Red Hat Satellite organization in Github as a means to provide a location to curate scripts/projects that Red Hat employees, customers, and community members have written for usage with Red Hat Satellite. We would like to leverage this organization in the following manner: Provide a clearinghouse of well maintained, but officially unsupported tools known to work with a supported version of Satellite. Allow users of Satellite such as yourselves to...Sleep soundly. Insights has new rules to detect unexpected outages.
Every system administrator knows the feeling of having to wake up in the middle of the night because a server crashed or lost connectivity. This is where Red Hat Insights comes in. Thanks to our expansive knowledge base, the Insights team has been able to identify several critical stability issues that could cause a system outage. Don’t let these issues catch you by surprise. Check out our latest stability rules here! Rule Description Reference The “rpmdbNextIterator” error exists in the...Trends - CRC Errors
CRC (Cyclic Redundancy Check) is a test to ensure data does not become corrupt when sent across networks or storage devices. The test begins by calculating a check value that is based on the data’s contents that will be sent over the network. The check value is recalculated when the data arrives at its destination, and if the recalculated check value differs from the initial check value, then the data has been corrupted. CRC Errors and RHEL Red Hat Enterprise Linux (RHEL) will log received CRC...Satellite5, spacewalk-clone-by-date, and you!
INTRODUCTION A typical workflow for a Satellite 5 installtion involves maintaining strict control over exactly what changes are available to registered systems. This is accomplished by cloning the channels synchronized from Red Hat Network, and limiting the clones to a given subset of the 'current' state of the original channel. spacewalk-clone-by-date is a tool available as part of the Satellite 5 subscription which aims to ease the process of creating and maintaining cloned channels. However...Red Hat Satellite 6.2 is now available
Red Hat is pleased to announce the general availability of Red Hat Satellite 6.2. Red Hat Satellite 6.0 included a redesigned product architecture to manage new types of content on a wide variety of platforms, including bare-metal, private, and public clouds. Satellite 6.2 continues to build on that release and features the following: Increase Efficiency with Automated Workflows Satellite 6.2 introduces remote execution, automating workflows and enabling users to take multiple actions against...StackOverflow Assistance Pilot
As a valued customer you have access to extensive content and certain products for developer use, which help you create your applications quickly. We want to assist you wherever you may look for help. We know developers love StackOverflow. For a limited time, as a subscriber you can sign up for our StackOverflow Assistance pilot. As part of this pilot, we will try to respond within 24 hours to your developer question on a Red Hat product within StackOverflow, if it hasn’t already been answered...StackOverflow Pilot Program Monitored Tags
StackOverflow Pilot Program Monitored Tags
StackOverflow Pilot Program Monitored Tags
As part of the StackOverflow Pilot Program, the list of StackOverflow tags we will be monitoring include: jboss jboss7.x jboss5.x jboss6.x Jboss-eap-6 jboss-eap-7 jbossamq jbossfuse jboss-logging jboss-web jboss-cli openshift openshift-client-tools openshift-enterprise jboss-messaging jboss-modules jboss-tools jboss-mdb jbossws jboss-esb jboss-rules jboss-cache jboss-portal Keycloak drools apache-camel cxf activemq karaf apache-karaf Fabric8 apiman jBPM bpmRedefining how we share our security data.
Red Hat Product Security has long provided various bits of machine-consumable information to customers and users via our Security Data page. Today we are pleased to announce that we have made it even easier to access and parse this data through our new Security Data API service. While we have provided this information since January 2005, it required end users to download the content from the site, which meant you either downloaded many files and kept a local copy, or you were downloading large...Satellite 6.2 Beta 2 Now Available
Download the beta here Review beta documentation Open a ticket on the beta Red Hat is pleased to announce the the second beta for Satellite 6.2. Beta 2 is immediately available to all current beta customers. The list of new features in this beta can be reviewed in the Beta 1 Announcement Satellite 6.2 Beta - What's New Lots of bug fixes based on your feedback The first beta had very good adoption. Thank you for your time. Based on your feedback we have resolved many bugs. Specifically, you...The Answer is always the same: Layers of Security
There is a common misperception that now that containers support seccomp we no longer need SELinux to help protect our systems. WRONG. The big weakness in containers is the container possesses the ability to interact with the host kernel and the host file systems. Securing the container processes is all about shrinking the attack surface on the host OS and more specifically on the host kernel. seccomp does a great job of shrinking the attack surface on the kernel. The idea is to limit the...CVE-2016-3710: QEMU: out-of-bounds memory access issue
Quick Emulator (aka QEMU) is an open source systems emulator. It emulates various processors and their accompanying hardware peripherals like disc, serial ports, NIC et al. A serious vulnerability of out-of-bounds r/w access through the Video Graphics Array (VGA) emulator was discovered and reported by Mr Wei Xiao and Qinghao Tang of Marvel Team at 360.cn Inc. This vulnerability is formally known as Dark Portal. In this post we'll see how Dark Portal works and its mitigation. VGA is a hardware...Satellite 6.2 Beta Now Available
Download the beta here Review beta documentation Open a ticket on the beta Red Hat is pleased to announce the Satellite 6.2 beta. Available to all current Satellite customers, the beta includes several highly demanded features. Satellite 6.2 Beta - New Features and Functionality Increase Efficiency with Automated Workflows Satellite 6.2 introduces remote execution, automating workflows and enabling users to take multiple actions against groups of systems. Now Satellite 6.2 can automatically...Red Hat Product Security Risk Report: 2015
This report takes a look at the state of security risk for Red Hat products for calendar year 2015. We look at key metrics, specific vulnerabilities, and the most common ways users of Red Hat products were affected by security issues. Our methodology is to look at how many vulnerabilities we addressed and their severity, then look at which issues were of meaningful risk, and which were exploited. All of the data used to create this report is available from public data maintained by Red Hat...Badlock response planning and remediation with Red Hat Insights
Many customers utilize the SMB (Server Message Block) protocol in their production environments. SMB has become a reliable file and print sharing resource protocol for RHEL deployments in many infrastructures through the Samba project, allowing greater usage of shared and cross platform resources. There is a new man-in-the-middle vulnerability, named “badlock,” that targets any implementation of Microsoft’s Local Security Authentication and Security Account Manager remote protocols. This...Satellite 6.1.8 is Released
Satellite 6.1.8 has been released. This update fixes the following bugs: Previously, the katello-backup tool did not handle the '--help' argument correctly. With this update, katello-backup provides the appropriate help information when passed the argument. (BZ#1250185) Removing a Puppet module from the Libary after it had been added to a content view caused the Puppet Modules tab to become unresponsive. The display code has been updated, and the Puppet Modules tab now displays the deleted...Planning your response to the OpenSSL DROWN vulnerability
When a major security risk like the new OpenSSL DROWN vulnerability strikes, you have to plan your response. Generally, you should start outside (Internet-facing) and work your way inside, and prioritize those servers which expose vulnerable network services over those that simply have an older package installed. For more information on the DROWN security vulnerability (CVE-2016-0800) please refer to this Vulnerability Article. Identifying risk To help you respond to DROWN, Red Hat Insights...
Quick Links
Help
Site Info
Related Sites
Systems Status
About
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit