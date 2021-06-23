IBM/Red Hat Leftovers
Why distroless containers aren't the security solution you think they are
The concept of distroless is a popular idea in the world of containers. The idea is to package applications in container images while at the same time removing as much of the operating system as possible (package managers, libraries, shells, etc). This does provide some security benefits, but these benefits are often blown out of proportion because of a naive understanding of what an operating system is, how it works, and in particular what a Linux distribution is and how they work.
This article will try to give a clearer understanding of the actual benefits of Distroless while at the same time tempering the over-hyped marketing of Distroless. Let’s explore some fallacies.
Reviewing RHEL systems on the Red Hat Customer Portal
In previous posts, we showed you how to enable Simple Content Access (SCA), register your Red Hat Enterprise Linux (RHEL) with Insights, and tag and review systems. In this third part of our series on Subscription Manager and SCA, we will look at reviewing your RHEL instances in the Red Hat customer portal.
Hybrid work policy templates: 6 things you need
Attitudes about hybrid work continue to evolve. In March, just under half (49 percent) of businesses said they planned to bring employees back to the office by fall 2021, but that’s since grown to nearly three-quarters (74 percent), according to the Office Re-Entry Index, published by staffing and recruiting firm LaSalle Network.
But not everyone will be leaving home to work. The majority of respondents to the most recent LaSalle Network survey (77 percent) say they are planning a hybrid office for the future with employees in the office two to three days a week. Recent surges in COVID-19 infections have made it clear that a well-functioning hybrid workspace will be required for the foreseeable future.
That sounds like consensus. However, the road ahead could be rocky as employers and employees negotiate what that looks like. Nearly four out of ten respondents (39 percent) to LaSalle’s June survey expect some conflict between leaders and staff regarding return-to-office policies.
4 ways to spot DevOps stars
In today’s business environment, speed is a competitive advantage when delivering quality software products to the market: The faster companies can meet evolving needs, the better the overall customer experience. That’s one reason why the use of DevOps teams has grown in popularity. Organizations know that when software development and operations teams work together, they can innovate faster, bring applications to market more quickly, and grow their businesses.
The current global technical talent crunch makes it difficult to recruit DevOps talent. But that doesn’t mean you should employ just anybody that presents a resume loaded with technology experience. Hiring technical talent that isn’t a good fit for your team can set back your efforts in the long run. It’s important to get it right the first time.
Red Hat To Provide Technical, Community-Building Expertise For OS-Climate Data Commons Platform
Red Hat has joined OS-Climate (OS-C), a Linux Foundation-backed open source project, to provide technical acumen and resources to help OS-C build a “Data Commons” that serves as an open data ingestion, processing and management platform for members to collaborate on standardizing and improving the accuracy of corporate climate and environmental, social and governance (ESG) metrics.
rpminspect-1.6-released
rpminspect 1.6 is now available. This release includes a lot of fine tuning and bug fixing for the various tests across multiple Fedora, CentOS, and RHEL releases. The GitHub Actions testing has expanded to cover many more distributions.
The main feature present in the 1.6 release is the handling of what I call the Product Security workflow. The idea is that any finding that says the Product Security team needs to investigate the change should not be something a developer can automatically waive. For example, a package adding a setuid root executable that the product does not already know about. The workflow for this should be the developer adds the new file to the appropriate fileinfo/ file and sends a pull request to the rpminspect-data project containing that data. The Product Security team would then review that change and approve it or not. If it’s approved, the change would be merged and the rpminspect-data package updated and rebuilt.
There are instances where some security findings should be reported slightly differently or even ignored. To handle that on a case-by-case basis, librpminspect supports the security/ rules files that allow you to specify a different reporting level for these findings. The match is performed by path glob(7) specification, package name, and package version. For the package name and version you can specify * to indicate any.
16 AnsibleFest presentations for sysadmins | Enable Sysadmin
Automation is a big part of a sysadmin's job—any time you can avoid manual intervention means you can save time and decrease the risk of human error. Ansible is one of the most popular tools for automation, so if you want to learn new ideas and best practices around automating IT, AnsibleFest is an excellent place to start.
Kubic with Kubernetes 1.22.1 released
The Kubic Project is proud to announce that snapshot 20210901 has been released containing Kubernetes 1.22.1.
