Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

3. Feature Updates

3.1. All Architectures

Systemtap
Systemtap is a GPL-based infrastructure which simplifies information gathering on a running Linux system. This assists in diagnosis of performance or functional problems. With systemtap, the tedious and disruptive "instrument, recompile, install, and reboot" sequence is no longer needed to collect diagnostic data.
Systemtap is now fully supported. For more information refer to http://sources.redhat.com/systemtap.
iSNS-utils
The Internet storage name service for Linux (isns-utils) is now supported. This allows you to register iSCSI and iFCP storage devices on the network. isns-utils allows dynamic discovery of available storage targets through storage initiators.
isns-utils provides intelligent storage discovery and management services comparable to those found in fibre-channel networks. This allows an IP network to function in a similar capacity to a storage area network.
With its ability to emulate fibre-channel fabric services, isns-utils allows for seamless integration of IP and fibre-channel networks. In addition, isns-utils also provides utilities for managing both iSCSI and fibre-channel devices within the network.
For more information about isns-utils specifications, refer to http://tools.ietf.org/html/rfc4171. For usage instructions, refer to /usr/share/docs/isns-utils-[version]/README and /usr/share/docs/isns-utils-[version]/README.redhat.setup.
rsyslog
rsyslog is an enhanced multi-threaded syslogd daemon that supports the following (among others):
  • MySQL
  • syslog/tcp
  • RFC 3195
  • permitted sender lists
  • filtering on any message part
  • more granular output format control
rsyslog is compatible with the stock sysklogd, and can be used as a replacement in most cases. Its advanced features make it suitable for enterprise-class, encrypted syslog relay chains; at the same time, its user-friendly interface is designed to make setup easy for novice users.
For more information about rsyslog, refer to http://www.rsyslog.com/.
Openswan
Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE) for Linux. IPsec uses strong cryptography to provide authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN).
This release of Openswan supports IKEv2 (RFC 4306, 4718) and contains an IKE2 daemon that conforms to IETF RFCs. For more information about Openswan, refer to http://www.openswan.org/.
Evolution
The Evolution update for this release now features the following enhancements (among others):
  • Bogofilter compatibility for filtering junk mail.
  • An option to receive pop-up notifications for new mail.
  • Improved performance for downloading messages from a Microsoft Exchange™ server.
  • A setup assistant to guide you through both backing up and restoring data and settings.
Thunderbird
Thunderbird has been updated to version 2.0.0.12. This update applies the following features (among others):
  • Message tags, which help organize email.
  • Built-in support for Google Mail and .Mac mail.
  • Find-as-you-type, which highlights and filters message text as you type.
  • An updated extension system, which provides enhanced security and allows easier extension localization.
For more information about this update, refer to http://www.mozilla.com/en-US/thunderbird/2.0.0.0/releasenotes/.
Password Hashing Using SHA-256/SHA-512
Password hashing using the SHA-256 and SHA-512 hash functions is now supported.
To switch to SHA-256 or SHA-512 on an installed system, run authconfig --passalgo=sha256 --update or authconfig --passalgo=sha512 --update. To configure the hashing method through a GUI, use authconfig-gtk. Existing user accounts will not be affected until their passwords are changed.
For newly installed systems, using SHA-256 or SHA-512 can be configured only for kickstart installations. To do so, use the --passalgo=sha256 or --passalgo=sha512 options of the kickstart command auth; also, remove the --enablemd5 option if present.
If your installation does not use kickstart, use authconfig as described above. After installation, change all created passwords, including the root password.
Appropriate options were also added to libuser, pam, and shadow-utils to support these password hashing algorithms. authconfig configures necessary options automatically, so it is usually not necessary to modify them manually:
  • New values of the crypt_style option and new options for both hash_rounds_min and hash_rounds_max are now supported in the [defaults] section of /etc/libuser.conf. For more information, refer to man libuser.conf.
  • New options sha256, sha512, and rounds are now supported by the pam_unix PAM module. For more information, refer to /usr/share/doc/pam-[pam version]/txts/README.pam_unix.
  • The following new options in /etc/login.defs are now supported by shadow-utils:
    • ENCRYPT_METHOD — Specifies the encryption methods to be used. Valid values are DES, MD5, SHA256, and SHA512. If this option is defined, MD5_CRYPT_ENAB is ignored.
    • SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS — Specifies the number of hashing rounds to use if ENCRYPT_METHOD is set to SHA256 or SHA512. If neither option is set, a default value is chosen by glibc. If only one option is set, the encryption method specifies the number of rounds.
      If both options are used, they specify an inclusive interval from which the number of rounds is chosen randomly. The selected number of rounds is limited to the inclusive interval [1000, 999999999].
OFED in comps.xml
The group OpenFabrics Enterprise Distribution is now included in comps.xml. This group contains components used for high-performance networking and clustering (for example, InfiniBand and Remote Direct Memory Access).
Further, the Workstation group has been removed from comps.xml in the Red Hat Enterprise Linux 5.2 Client version. This group only contained the openib package, which is now part of the OpenFabrics Enterprise Distribution group.
system-config-netboot
system-config-netboot is now included in this update. This is a GUI-based tool used for enabling, configuring, and disabling network booting. It is also useful in configuring PXE-booting for network installations and diskless clients.
openmpi
In order to accommodate the use of compilers other than gcc for specific applications that use message passing interface (MPI), the following updates have been applied to the openmpi and lam packages:
  • MPI installations are now consolidated under a single installation directory. All files can now be found under /usr/lib(64)/lam and /usr/lib(64)/openmpi/[openmpi version]-[compiler name].
  • Version and compiler strings are now included in the openmpi installation path, but not the lam installation path. This enables you to install multiple versions of openmpi, or install the same version of openmpi built by different compilers.
    While this capability allows you to use a version of openmpi built by another compiler, Red Hat only supports the latest, gcc-compiled version of openmpi.
  • openmpi and lam now use mpi-selector to set which MPI implementation to use at any given time. For more information, refer to man mpi-selector and man mpi-selector-menu.
Note that when upgrading to this release's version of openmpi, you should migrate any default parameters set for lam or openmpi to /usr/lib(64)/lam/etc/ and /usr/lib(64)/openmpi/[openmpi version]-[compiler name]/etc/. All configurations for either openmpi or lam should be set in these directories.
lvm2 Snapshot Volume Warning
lvm2 will now warn if a snapshot volume is near its maximum capacity. However, this feature is not enabled by default.
To enable this feature, uncomment the following line in /etc/lvm/lvm.conf
snapshot_library = "libdevmapper-event-lvm2snapshot.so"
Ensure that the dmeventd section and its delimiters ({ }) are also uncommented.
bash
bash has been updated to version 3.2. This version fixes a number of outstanding bugs, most notably:
  • bash man page: updated to reflect the correct behavior of special built-in commands (such as eval, exec, and set. In addition, the bash man page now includes an explanation of the use of aliases in non-interactive scripts.
  • File descriptors now work as expected; in previous releases, bash did not close file descriptors with two or more digits.
  • A bug in the way bash handled certain multi-byte strings is now fixed.
Note that with this update, the output of ulimit -a has also changed from the Red Hat Enterprise Linux 5.1 version. This may cause a problems with some automated scripts. If you have any scripts that use ulimit -a output strings, you should revise them accordingly.

3.2. s390x Architectures

Writing System Data to z/VM Monitor Stream
It is now possible to write process and file system data to the z/VM monitor stream. This allows you to consolidate more system resource information into a single source for performance monitoring purposes.
However, since the appropriate scripts for the services in /etc/init.d are not available in this release, you need to manually start the daemons for them. To write process utilization data to the z/VM monitor stream, run /usr/sbin/mon_procd. To write file system utilization data to the z/VM monitor stream, run /usr/sbin/mon_fsstatd.