Language Selection

English French German Italian Portuguese Spanish

Security: Updates, DOD and Red Hat on "Security Hardening Rules"

Filed under
Red Hat
Security
  • Security updates for Thursday
  • Year-old router bug exploited to steal sensitive DOD drone, tank documents

     

    In May, a hacker perusing vulnerable systems with the Shodan search engine found a Netgear router with a known vulnerability—and came away with the contents of a US Air Force captain's computer. The purloined files from the captain—the officer in charge (OIC) of the 432d Aircraft Maintenance Squadron's MQ-9 Reaper Aircraft Maintenance Unit (AMU)at Creech Air Force Base, Nevada—included export-controlled information regarding Reaper drone maintenance.

  • Security Hardening Rules

    Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about the other category of security related rules, those related to security hardening.

    In all of the products we ship, we make a concerted effort to ship thoughtful, secure default settings to minimize the amount of configuration needed to do the work you want to do. With complex packages such as Apache httpd, however, every installation will require some degree of customization before it's ready for deployment to production, and with more complex configurations, there's a chance that a setting or the interaction between several settings can have security implications which aren't immediately evident. Additionally, sometimes systems are configured in a manner that aids rapid development, but those configurations aren't suitable for production environments.

    With our hardening rules, we detect some of the most common security-related configuration issues and provide context to help you understand the represented risks, as well as recommendations on how to remediate the issues.

More in Tux Machines

Microsoft and IBM Spin/PR

  • Windows 10 Will Finally Offer Easy Access to Linux Files [Ed: No, this is more WSL entrapment. They try to prevent people from using proper GNU/Linux with the actual kernel, either standalone or dual-boot. This is also about surveillance on one's files, keys, keystrokes, everything.]
  • Zowe Makes Mainframe Evergreen [Ed: Swapnil Bhartiya greenwashing and openwashing 2-in-1]
    Zowe also offers a vendor-agnostic experience allowing users to mix and match tooling and technologies. It provides interoperability, through the latest web technologies, products, and solutions from multiple vendors, and it allows developers to use the familiar, industry-standard, open source tools to access mainframe resources and services.
  • The ibmvnic driver with SR-IOV is now supported by SLES 12 and SLES 15 on IBM POWER9 processor-based systems
    The ibmvnic driver enables PowerVM Single Root I/O Virtualizations (SR-IOV) for improved network capabilities including reduced systems processor utilization, decreased network latency, and enforcement of network Quality of Service.

Games: Hollow Knight: Silksong, Warhammer 40,000: Mechanicus and Dusk

New Releases and Video: Archman and ArcoLinux

Mir 1.1.1 Release Candidate

  • Mir 1.1.1 - release candidate
    I’ve just kicked off the process for a bugfix release of Mir. An initial release-candidate is currently building in ppa:mir-tream/rc.
  • Mir 1.1.1 RC1 Has Fixes For PostmarketOS, Demo Shells Using Wayland
    Mir 1.1 was released back in December as the first post-1.0 feature update while now preparing for release is the Mir 1.1.1 maintenance milestone. Canonical's Alan Griffiths has tagged the Mir 1.1.1 release candidate today as the newest bug-fix release. Highlights include: - Fixing issues with PostmarketOS support, particularly around its usage of the musl C library rather than Glibc. PostmarketOS is the mobile Linux distribution derived from Alpine Linux that's been having a steady following in recent times and running on the Nexus 5/7, Nokia N9, and other devices.