Chapter 1. Overview

Security

  • Driven by Trusted Platform Module (TPM) 2.0 hardware modules, the Policy-Based Decryption (PBD) capability has been extended to provide two layers of security for hybrid-cloud operations: the network-based mechanism is applicable in the cloud, while the use of TPM on-premises helps to keep information on disks physically more secure.
  • The GnuTLS library now provides improved Hardware Security Module (HSM) support.
  • OpenSSL now works with new CP Assist for Cryptographic Functions (CPACF) instructions to accelerate Galois/Counter Mode (GCM) of operation as available with IBM z14.
  • Red Hat Certificate System distributed with Red Hat Enterprise Linux 7.6 provides new default cryptographic algorithms for RSA and ECC, which help maintain FIPS compliance and stay current with cryptography requirements from NIST and other standards bodies, as well as organizations responsible for handling sensitive information.

Networking

  • For better integration with counter-intrusion measures, firewall operations through Red Hat Enterprise Linux have been improved with enhancements to nftables. The nft command-line tool can now also provide improved control packet filtering, providing better overall visibility and simplified configuration for systems security.
For details, see Chapter 14, Networking.

Identity Management and Access Control

  • This release of OpenSC supports support new smart cards, for example, models with CardOS 5.3.
For details, see Chapter 33, Security.

Management and Automation

  • The tools for managing Red Hat Enterprise Linux 7 continue to be refined, with the latest version introducing enhancements to the Red Hat Enterprise Linux Web Console including:
    • Showing available updates on the system summary page
    • Automatic configuration of single sign-on for identity management, helping to simplify this task for security administrators
    • An interface to control firewall services
  • The following Red Hat Enterprise Linux System Roles are now fully supported: selinux, kdump, network, and timesync.
  • The integration of the Extended Berkeley Packet Filter (eBPF) provides a safer, more efficient mechanism for monitoring activity within the kernel and will help to enable additional performance monitoring and network tracing tools in the future. The eBPF tool is available as a Technology Preview.

Containers

  • Red Hat Enterprise Linux 7.6 introduces full support for Podman, a container management tool that complements the previously released Buildah and Skopeo tools. Podman can start and run stand-alone containers from the command line, as services using systemd, or using a remote API. These same capabilities can be used to invoke groups of containers on a single node, also called pods. Podman does not require a daemon to function, which helps to eliminate the complexity and the client-server interactions of a traditional container engine. Podman also allows building containers on a desktop, as well as in continuous integration and continuous delivery (CI/CD) systems. Finally, it enables starting containers within high-performance computing environments and big data schedulers.
    The podman command can replace the docker command in most cases, supporting almost identical features and syntax.

In-place upgrades

  • An in-place upgrade offers a way to upgrade a system to a new major release of Red Hat Enterprise Linux by replacing the existing operating system. Red Hat supports in-place upgrades from RHEL 6 to RHEL 7 and from RHEL 7 to RHEL 8. For more information, see Chapter 4, In-place Upgrades.

Additional Resources

Red Hat Customer Portal Labs

Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are: