Chapter 1. Overview

Security

  • Driven by Trusted Platform Module (TPM) 2.0 hardware modules, the Policy-Based Decryption (PBD) capability has been extended to provide two layers of security for hybrid-cloud operations: the network-based mechanism is applicable in the cloud, while the use of TPM on-premises helps to keep information on disks physically more secure.
  • The GnuTLS library now provides improved Hardware Security Module (HSM) support.
  • OpenSSL now works with new CP Assist for Cryptographic Functions (CPACF) instructions to accelerate Galois/Counter Mode (GCM) of operation as available with IBM z14.
  • Red Hat Certificate System distributed with Red Hat Enterprise Linux 7.6 provides new default cryptographic algorithms for RSA and ECC, which help maintain FIPS compliance and stay current with cryptography requirements from NIST and other standards bodies, as well as organizations responsible for handling sensitive information.
See Chapter 16, Security and Chapter 5, Authentication and Interoperability for more information.

Networking

  • For better integration with counter-intrusion measures, firewall operations through Red Hat Enterprise Linux have been improved with enhancements to nftables. The nft command-line tool can now also provide improved control packet filtering, providing better overall visibility and simplified configuration for systems security.
For details, see Chapter 14, Networking.

Identity Management and Access Control

  • This release of OpenSC supports support new smart cards, for example, models with CardOS 5.3.
For details, see Chapter 31, Security.

Management and Automation

  • The tools for managing Red Hat Enterprise Linux 7 continue to be refined, with the latest version introducing enhancements to the Red Hat Enterprise Linux Web Console including:
    • Showing available updates on the system summary page
    • Automatic configuration of single sign-on for identity management, helping to simplify this task for security administrators
    • An interface to control firewall services
  • The following Red Hat Enterprise Linux System Roles are now fully supported: selinux, kdump, network, and timesync.
  • The integration of the Extended Berkeley Packet Filter (eBPF) provides a safer, more efficient mechanism for monitoring activity within the kernel and will help to enable additional performance monitoring and network tracing tools in the future. The eBPF tool is available as a Technology Preview.
For detailed information, refer to Chapter 19, System and Subscription Management, Chapter 15, Red Hat Enterprise Linux System Roles Powered by Ansible and Chapter 42, Kernel.

Red Hat Insights

Since Red Hat Enterprise Linux 7.2, the Red Hat Insights service is available. Red Hat Insights is a proactive service designed to enable you to identify, examine, and resolve known technical issues before they affect your deployment. Insights leverages the combined knowledge of Red Hat Support Engineers, documented solutions, and resolved issues to deliver relevant, actionable information to system administrators.
The service is hosted and delivered through the Customer Portal or through Red Hat Satellite. To register your systems, follow the Getting Started Guide for Insights.

Red Hat Customer Portal Labs

Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are: