Driven by Trusted Platform Module (TPM) 2.0 hardware modules, the Policy-Based Decryption (PBD) capability has been extended to provide two layers of security for hybrid-cloud operations: the network-based mechanism is applicable in the cloud, while the use of TPM on-premises helps to keep information on disks physically more secure.
GnuTLS library now provides improved Hardware Security Module (HSM) support.
OpenSSL now works with new CP Assist for Cryptographic Functions (CPACF) instructions to accelerate Galois/Counter Mode (GCM) of operation as available with IBM z14.
Red Hat Certificate System distributed with Red Hat Enterprise Linux 7.6 provides new default cryptographic algorithms for RSA and ECC, which help maintain FIPS compliance and stay current with cryptography requirements from NIST and other standards bodies, as well as organizations responsible for handling sensitive information.
For better integration with counter-intrusion measures, firewall operations through Red Hat Enterprise Linux have been improved with enhancements to
nftables. The nft command-line tool can now also provide improved control packet filtering, providing better overall visibility and simplified configuration for systems security.
Identity Management and Access Control
Management and Automation
The tools for managing Red Hat Enterprise Linux 7 continue to be refined, with the latest version introducing enhancements to the Red Hat Enterprise Linux Web Console including:
Showing available updates on the system summary page
Automatic configuration of single sign-on for identity management, helping to simplify this task for security administrators
An interface to control firewall services
The following Red Hat Enterprise Linux System Roles are now fully supported:
The integration of the Extended Berkeley Packet Filter (eBPF) provides a safer, more efficient mechanism for monitoring activity within the kernel and will help to enable additional performance monitoring and network tracing tools in the future. The eBPF tool is available as a Technology Preview.
Red Hat Enterprise Linux 7.6 introduces full support for Podman, a container management tool that complements the previously released Buildah and Skopeo tools. Podman can start and run stand-alone containers from the command line, as services using
systemd, or using a remote API. These same capabilities can be used to invoke groups of containers on a single node, also called pods. Podman does not require a daemon to function, which helps to eliminate the complexity and the client-server interactions of a traditional container engine. Podman also allows building containers on a desktop, as well as in continuous integration and continuous delivery (CI/CD) systems. Finally, it enables starting containers within high-performance computing environments and big data schedulers.
podman command can replace the
docker command in most cases, supporting almost identical features and syntax.
Red Hat Insights
Since Red Hat Enterprise Linux 7.2, the Red Hat Insights service is available. Red Hat Insights is a proactive service designed to enable you to identify, examine, and resolve known technical issues before they affect your deployment. Insights leverages the combined knowledge of Red Hat Support Engineers, documented solutions, and resolved issues to deliver relevant, actionable information to system administrators.
Red Hat Customer Portal Labs
Red Hat Customer Portal Labs
is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/
. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are: