Chapter 1. Overview
- Driven by Trusted Platform Module (TPM) 2.0 hardware modules, the Policy-Based Decryption (PBD) capability has been extended to provide two layers of security for hybrid-cloud operations: the network-based mechanism is applicable in the cloud, while the use of TPM on-premises helps to keep information on disks physically more secure.
GnuTLSlibrary now provides improved Hardware Security Module (HSM) support.
OpenSSLnow works with new CP Assist for Cryptographic Functions (CPACF) instructions to accelerate Galois/Counter Mode (GCM) of operation as available with IBM z14.
- Red Hat Certificate System distributed with Red Hat Enterprise Linux 7.6 provides new default cryptographic algorithms for RSA and ECC, which help maintain FIPS compliance and stay current with cryptography requirements from NIST and other standards bodies, as well as organizations responsible for handling sensitive information.
- For better integration with counter-intrusion measures, firewall operations through Red Hat Enterprise Linux have been improved with enhancements to
nftables. The nft command-line tool can now also provide improved control packet filtering, providing better overall visibility and simplified configuration for systems security.
Identity Management and Access Control
- This release of OpenSC supports support new smart cards, for example, models with CardOS 5.3.
Management and Automation
- The tools for managing Red Hat Enterprise Linux 7 continue to be refined, with the latest version introducing enhancements to the Red Hat Enterprise Linux Web Console including:
- Showing available updates on the system summary page
- Automatic configuration of single sign-on for identity management, helping to simplify this task for security administrators
- An interface to control firewall services
- The following Red Hat Enterprise Linux System Roles are now fully supported:
- The integration of the Extended Berkeley Packet Filter (eBPF) provides a safer, more efficient mechanism for monitoring activity within the kernel and will help to enable additional performance monitoring and network tracing tools in the future. The eBPF tool is available as a Technology Preview.
- Red Hat Enterprise Linux 7.6 introduces full support for Podman, a container management tool that complements the previously released Buildah and Skopeo tools. Podman can start and run stand-alone containers from the command line, as services using
systemd, or using a remote API. These same capabilities can be used to invoke groups of containers on a single node, also called pods. Podman does not require a daemon to function, which helps to eliminate the complexity and the client-server interactions of a traditional container engine. Podman also allows building containers on a desktop, as well as in continuous integration and continuous delivery (CI/CD) systems. Finally, it enables starting containers within high-performance computing environments and big data schedulers.The
podmancommand can replace the
dockercommand in most cases, supporting almost identical features and syntax.
- An in-place upgrade offers a way to upgrade a system to a new major release of Red Hat Enterprise Linux by replacing the existing operating system. Red Hat supports in-place upgrades from RHEL 6 to RHEL 7 and from RHEL 7 to RHEL 8. For more information, see Chapter 4, In-place Upgrades.
- Capabilities and limits of Red Hat Enterprise Linux 7 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.
- Information regarding the Red Hat Enterprise Linux life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.
- The Package Manifest document provides a package listing for RHEL 7.
- The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is now available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.