• Satellite 6.1 Docker Management and Workflow

    Introduction Walkthrough Add an External Registry Server Add a Content View & Life Cycle Add a Compute Resource Provision Containers Provision a Container From Docker Hub Provision Container from External Registry Provision Container from Content View List Containers Docker Tags Conclusion Introduction One of the first things you will want to do, after coming up to speed with Docker, is probably setup a Registry Server. The Docker project provides a basic Registry Server which...
    Posted 2015-05-13T12:52:55+00:00 - 9
  • VENOM, don't get bitten.

    QEMU is a generic and open source machine emulator and virtualizer and is incorporated in some Red Hat products as a foundation and hardware emulation layer for running virtual machines under the Xen and KVM hypervisors. CVE-2015-3456 (aka VENOM) is a security flaw in the QEMU's Floppy Disk Controller (FDC) emulation. It can be exploited by a malicious guest user with access to the FDC I/O ports by issuing specially crafted FDC commands to the controller. It can result in guest controlled...
    Posted 2015-05-13T11:46:18+00:00 - 0
  • Explaining Security Lingo

    This post is aimed to clarify certain terms often used in the security community. Let's start with the easiest one: vulnerability. A vulnerability is a flaw in a selected system that allows an attacker to compromise the security of that particular system. The consequence of such a compromise can impact the confidentiality, integrity, or availability of the attacked system (these three aspects are also the base metrics of the CVSS v2 scoring system that are used to rate vulnerabilities). ISO/IEC...
    Posted 2015-05-06T13:30:56+00:00 - 0
  • Container Security: Just The Good Parts

    Security is usually a matter of trade-offs. Questions like: "Is X Secure?", don't often have direct yes or no answers. A technology can mitigate certain classes of risk even as it exacerbates others. Containers are just such a recent technology and their security impact is complex. Although some of the common risks of containers are beginning to be understood, many of their upsides are yet to be widely recognized. To emphasize the point, this post will highlight three of advantages of...
    Posted 2015-04-29T14:30:02+00:00 - 0
  • Regular expressions and recommended practices

    Whenever a security person crosses a vulnerability report, one of the the first steps is to ensure that the reported problem is actually a vulnerability. Usually, the issue falls into well known and studied categories and this step is done rather quickly. Occasionally, however, one can come across bugs where this initial triage is a bit more problematic. This blog post is about such an issue, which will ultimately lead us to the concept of “recommended practice”. What happened? On July 31st...
    Posted 2015-04-22T13:30:52+00:00 - 0
  • Implementing UEFI support with Satellite 6.2

    Satellite 6 does not currently support UEFI, but thanks to John Herr from Red Hat and the Foreman Hooks plug-in, it is possible to achieve some level of integration for bare-metal or virtualized provisioning. This tutorial is for Red Hat Enterprise Linux 7.1 running Satellite 6.1 and using Grub2 for PXE booting systems (instead of traditional PXELinux). This example configuration uses Satellite 6 with Capsule running on the same server. Required conditions: Satellite 6.2 running on Red Hat...
    Posted 2015-04-21T08:09:36+00:00 - 40
  • Discovering bare metal with Satellite 6.1

    Satellite 6.1 will ship with the discovery plug-in pre-installed. The discovery plug-in enables automatic bare-metal discovery of unknown nodes on the provisioning network. These new nodes register to the Satellite Server and upload system facts such as serial ID, network interfaces, memory, and disks, as collected by Facter. After registration, the nodes show up on the Discovered Hosts page and you can initiate provisioning either manually (using the web UI or CLI, or the API) or automatically...
    Posted 2015-04-20T11:14:58+00:00 - 13
  • Drupal in Docker

    Containerizing Drupal Docker is a new technology within the past few years, but many know that linux containers have been around longer than that. With the excitement around containers and Docker, the Customer Portal team at Red Hat wanted to take a look at how we could leverage Docker to deploy our application. We hope to always iterate on how code gets released to our customers, and containers seemed like a logical step to speeding up our application delivery. Current Process The method of...
    Posted 2015-04-08T20:55:23+00:00 - 1
  • Don't judge the risk by the logo

    It's been almost a year since the OpenSSL Heartbleed vulnerability, a flaw which started a trend of the branded vulnerability, changing the way security vulnerabilities affecting open-source software are being reported and perceived. Vulnerabilities are found and fixed all the time, and just because a vulnerability gets a name and a fancy logo doesn't mean it is of real risk to users. So let's take a tour through the last year of vulnerabilities, chronologically, to see what issues got branded...
    Posted 2015-04-08T13:30:02+00:00 - 0
  • JOSE - JSON Object Signing and Encryption

    Federated Identity Management has become very widespread in past years - in addition to enterprise deployments a lot of popular web services allow users to carry their identity over multiple sites. Social networking sites especially are in a good position to drive the federated identity management, as they have both critical mass of users and the incentive to become an identity provider. As the users move away from a single device to using multiple portable devices, there is a constant pressure...
    Posted 2015-04-01T13:30:52+00:00 - 0
  • Not using IPv6? Are you sure?

    Internet Protocol version 6 (IPv6) has been around for many years and was first supported in Red Hat Enterprise Linux 6 in 2010.  Designed to provide, among other things, additional address space on the ever-growing Internet, IPv6 has only recently become a priority for ISPs and businesses. On February 3, 2011, ICANN announced that the available pool of unallocated IPv4 addresses had been completely emptied and urged network operators and server owners to implement IPv6 if they had not already...
    Posted 2015-03-25T13:30:48+00:00 - 0
  • CWE Vulnerability Assessment Report 2014

    Last year is almost three months over and we have been busy completing the CWE statistics of our vulnerabilities. The biggest change from the year before is the scale of the data - CWE report for 2013 was based on 37 classified vulnerabilities, whereas last year we classified 617 vulnerabilities in our bugzilla. Out of them 61 were closed with resolution NOTABUG, which means they were either not a security issues, or did not affect Red Hat products. These still include vulnerabilities which...
    Posted 2015-03-18T14:30:23+00:00 - 0
  • Linter for Dockerfile

    We're pleased to introduce a new Red Hat Access Labs application called Linter for Dockerfile. The Docker project provides the means of packaging applications in lightweight containers and has quickly become one of the premier projects for containerization. Docker containers offer several advantages over traditional virtual machines such as smaller disk space, less memory, and and increased performance. The Linter for Dockerfile lab application allows you to check basic dockerfile syntax and...
    Posted 2015-03-12T17:35:37+00:00 - 2
  • CWE update

    In the past Red Hat Product Security assigned weakness IDs only to vulnerabilities that meet certain criteria, more precisely, only vulnerabilities with CVSS score higher than 7. Since the number of incoming vulnerabilities was high, this filtering allowed us to focus on vulnerabilities that matter most. However, it also makes statistics incomplete, missing low and moderate vulnerabilities. In the previous year we started assigning weakness IDs to almost all vulnerabilities, greatly increasing...
    Posted 2015-03-11T14:30:24+00:00 - 0
  • Factoring RSA export keys - FREAK (CVE-2015-0204)

    This week's issue with OpenSSL export ciphersuites has been discussed in the press as "Freak" and "Smack". These are addressed by CVE-2015-0204, and updates for affected Red Hat products were released in January. Historically, the United States and several other countries tried to control the export or use of strong cryptographic primitives. For example, any company that exported cryptographic products from the United States needed to comply with certain key size limits. For RSA encryption, the...
    Posted 2015-03-04T14:45:50+00:00 - 0
  • RHEV Manager History Database Size Calculator

    We're proud to introduce a new Red Hat Access Labs app: RHEV Manager History Database Size Calculator. The RHEV Manager History Database Size Calculator helps you estimate how much space and resources will be used by the Red Hat Enterprise Virtualization 3.5 manager history database. The estimate is based on the number of entities and the length of time needed to retain the history records. The following parameters are used to make the estimate: Number of individual entities, including: Data...
    Posted 2015-03-03T04:08:13+00:00 - 0
  • Common Criteria

    ATTENTION This article has been superseded by the Red Hat Enterprise Linux Common Criteria FAQ located in the Knowledgebase. What is Common Criteria? Common Criteria (CC) is an international standard (ISO/IEC 15408) for certifying computer security software. Using Protection Profiles, computer systems can be secured to certain levels that meet requirements laid out by the Common Criteria. Established by governments, the Common Criteria treaty agreement has been signed by 17 26 countries, and...
    Posted 2015-02-25T14:30:56+00:00 - 2
  • Samba vulnerability (CVE-2015-0240)

    Samba is the most commonly used Windows interoperability suite of programs, used by Linux and Unix systems. It uses the SMB/CIFS protocol to provide a secure, stable, and fast file and print services. It can also seamlessly integrate with Active Directory environments and can function as a domain controller as well as a domain member (legacy NT4-style domain controller is supported, but the Active Directory domain controller feature of Samba 4 is not supported yet). CVE-2015-0240 is a security...
    Posted 2015-02-23T11:56:16+00:00 - 0
  • Post Over at community.redhat.com

    Check out our week at FOSDEM and Config Management Camp at community.redhat.com
    Posted 2015-02-04T20:35:21+00:00 - 3
  • Life-cycle of a Security Vulnerability

    Security vulnerabilities, like most things, go through a life cycle from discovery to installation of a fix on an affected system. Red Hat devotes many hours a day to combing through code, researching vulnerabilities, working with the community, and testing fixes–often before customers even know a problem exists. Discovery When a vulnerability is discovered, Red Hat engineers go to work verifying the vulnerability and rating it to determine it’s overall impact to a system. This is a most...
    Posted 2015-02-04T14:30:39+00:00 - 0
  • Security improvements in Red Hat Enterprise Linux 7

    Each new release of Red Hat® Enterprise Linux® is not only built on top of the previous version, but a large number of its components incorporate development from the Fedora distribution. For Red Hat Enterprise Linux 7, most components are aligned with Fedora 19, and with select components coming from Fedora 20. This means that users benefit from new development in Fedora, such as firewalld which is described below. While preparing the next release of Red Hat Enterprise Linux, we review...
    Posted 2015-01-28T14:30:34+00:00 - 0
  • Reactive Product Security at Red Hat

    The goal of Product Security at Red Hat is “to help protect customers from meaningful security concerns when using Red Hat products and services.” What does that really mean and how do we go about it? In this blog, we take a look at how Red Hat handles security vulnerabilities and what we do to reduce risk to our customers. In 2001, we founded a dedicated security team within Red Hat to handle product security. Back then, we really had just one product line, the Red Hat® Linux® distribution....
    Posted 2015-01-21T14:30:25+00:00 - 0
  • Deploying Red Hat Enterprise Linux Atomic Host with Red Hat Satellite 6

    With the ever changing landscape in IT, many enterprise environments are looking for ways to reduce or eliminate downtime, improve security, reduce footprint, and achieve application portability. Red Hat Enterprise Linux Atomic Host provides a way to achieve these goals. In this blog we cover the steps needed to setup Satellite 6 to deploy RHEL Atomic Hosts within your environment. The Environment The lab environment consists of a single Satellite 6 server running an integrated capsule...
    Posted 2015-01-13T14:06:06+00:00 - 17
  • Update on Red Hat Enterprise Linux 6 and FIPS 140 validations

    Red Hat achieved its latest successful FIPS 140 validation back in April 2013. Since then, a lot has happened. There have been well publicized attacks on cryptographic protocols, weaknesses in implementations, and changing government requirements. With all of these issues in play, we want to explain what we are doing about it. One of the big changes was that we enabled support of Elliptic Curve Cryptography (ECC) and Elliptic Curve Diffie Hellman (ECDH) in Red Hat Enterprise Linux to meet the...
    Posted 2015-01-12T14:30:06+00:00 - 0
  • Red Hat launches Red Hat Satellite 5.7

    We are proud to announce the availability of Red Hat Satellite 5.7, the last upgrade to Red Hat Satellite 5. Red Hat Satellite improves Red Hat Enterprise Linux environment management by increasing automation, and adding discipline, simplified administrative workflows and processes. With Red Hat Satellite, you can manage tens, hundreds, or even thousands of servers as easily as one. Red Hat Satellite 5.7 is the latest of the Red Hat Satellite 5 series and features several highlights, including...
    Posted 2015-01-09T20:19:50+00:00 - 0

Pages

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.