- The matahari packages are not installed by default starting with Red Hat Enterprise Linux 6.3 and are not enabled by default to start on boot when they are installed. Manual action is needed to both install and enable the matahari services.
- The default configuration for qpid (the transport agent used by Matahari) does not enable access control lists (ACLs) or SSL. Without ACLs/SSL, the Matahari infrastructure is not secure. Configuring Matahari without ACLs/SSL is not recommended and may reduce your system's security.
- The matahari-services agent is specifically designed to allow remote manipulation of services (start, stop). Granting a user access to Matahari services is equivalent to providing a remote user with root access. Using Matahari agents should be treated as equivalent to providing remote root SSH access to a host.
- By default in Red Hat Enterprise Linux, the Matahari broker (qpidd running on port 49000) does not require authentication. However, the Matahari broker is not remotely accessible unless the firewall is disabled, or a rule is added to make it accessible. Given the capabilities exposed by Matahari agents, if Matahari is enabled, system administrators should be extremely cautious with the options that affect remote access to Matahari.
- Prior to this update, matahari agents were being unnecessarily restarted during upgrades. As a consequence, unexpected output could appear during the upgrade process. This update modifies the underlying code so that agents are not restarted more than once and no more unexpected reporting occurs.
- Prior to this update, no shell tool for using matahari agents was available. This update adds a Python API and command-line shell to matahari.
- Prior to this update, the matahari interface could not identify Python scripts written by users. This update adds the RPC agent to provide an API to execute user-written Python scripts installed on the target machine.