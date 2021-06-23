Language Selection

IBM/Red Hat Leftovers

Submitted by Roy Schestowitz on Wednesday 8th of September 2021 09:14:03 PM
Red Hat
  • Why distroless containers aren't the security solution you think they are

    The concept of distroless is a popular idea in the world of containers. The idea is to package applications in container images while at the same time removing as much of the operating system as possible (package managers, libraries, shells, etc). This does provide some security benefits, but these benefits are often blown out of proportion because of a naive understanding of what an operating system is, how it works, and in particular what a Linux distribution is and how they work.

    This article will try to give a clearer understanding of the actual benefits of Distroless while at the same time tempering the over-hyped marketing of Distroless. Let’s explore some fallacies.

  • Reviewing RHEL systems on the Red Hat Customer Portal

    In previous posts, we showed you how to enable Simple Content Access (SCA), register your Red Hat Enterprise Linux (RHEL) with Insights, and tag and review systems. In this third part of our series on Subscription Manager and SCA, we will look at reviewing your RHEL instances in the Red Hat customer portal.

  • Hybrid work policy templates: 6 things you need

    Attitudes about hybrid work continue to evolve. In March, just under half (49 percent) of businesses said they planned to bring employees back to the office by fall 2021, but that’s since grown to nearly three-quarters (74 percent), according to the Office Re-Entry Index, published by staffing and recruiting firm LaSalle Network.

    But not everyone will be leaving home to work. The majority of respondents to the most recent LaSalle Network survey (77 percent) say they are planning a hybrid office for the future with employees in the office two to three days a week. Recent surges in COVID-19 infections have made it clear that a well-functioning hybrid workspace will be required for the foreseeable future.

    That sounds like consensus. However, the road ahead could be rocky as employers and employees negotiate what that looks like. Nearly four out of ten respondents (39 percent) to LaSalle’s June survey expect some conflict between leaders and staff regarding return-to-office policies.

  • 4 ways to spot DevOps stars

    In today’s business environment, speed is a competitive advantage when delivering quality software products to the market: The faster companies can meet evolving needs, the better the overall customer experience. That’s one reason why the use of DevOps teams has grown in popularity. Organizations know that when software development and operations teams work together, they can innovate faster, bring applications to market more quickly, and grow their businesses.

    The current global technical talent crunch makes it difficult to recruit DevOps talent. But that doesn’t mean you should employ just anybody that presents a resume loaded with technology experience. Hiring technical talent that isn’t a good fit for your team can set back your efforts in the long run. It’s important to get it right the first time.

  • Red Hat To Provide Technical, Community-Building Expertise For OS-Climate Data Commons Platform

    Red Hat has joined OS-Climate (OS-C), a Linux Foundation-backed open source project, to provide technical acumen and resources to help OS-C build a “Data Commons” that serves as an open data ingestion, processing and management platform for members to collaborate on standardizing and improving the accuracy of corporate climate and environmental, social and governance (ESG) metrics.

  • rpminspect-1.6-released

    rpminspect 1.6 is now available. This release includes a lot of fine tuning and bug fixing for the various tests across multiple Fedora, CentOS, and RHEL releases. The GitHub Actions testing has expanded to cover many more distributions.

    The main feature present in the 1.6 release is the handling of what I call the Product Security workflow. The idea is that any finding that says the Product Security team needs to investigate the change should not be something a developer can automatically waive. For example, a package adding a setuid root executable that the product does not already know about. The workflow for this should be the developer adds the new file to the appropriate fileinfo/ file and sends a pull request to the rpminspect-data project containing that data. The Product Security team would then review that change and approve it or not. If it’s approved, the change would be merged and the rpminspect-data package updated and rebuilt.

    There are instances where some security findings should be reported slightly differently or even ignored. To handle that on a case-by-case basis, librpminspect supports the security/ rules files that allow you to specify a different reporting level for these findings. The match is performed by path glob(7) specification, package name, and package version. For the package name and version you can specify * to indicate any.

  • 16 AnsibleFest presentations for sysadmins | Enable Sysadmin

    Automation is a big part of a sysadmin's job—any time you can avoid manual intervention means you can save time and decrease the risk of human error. Ansible is one of the most popular tools for automation, so if you want to learn new ideas and best practices around automating IT, AnsibleFest is an excellent place to start.

Security: HAProxy, Misplaced FUD, and More

  • HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack

    A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks.

  • Vulnerability Could Expose HAProxy to HTTP Request Smuggling Attack | eSecurityPlanet

    A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security controls and gain unauthorized access to sensitive data. Researchers with JFrog Security uncovered the vulnerability, CVE-2021-40346, during their regular searches for new and previously unknown vulnerabilities in popular open-source projects. HAProxy fits into that category.

  • Outdated Linux Versions, Misconfigurations Triggering Cloud Attacks: Report [Ed: This is not about Linux but software that runs on it; it's like blaming Photoshop holes on "Windows"]

    The "Linux Threat Report 2021 1H" from Trend Micro found that Linux cloud operating systems are heavily targeted for cyberattacks, with nearly 13 million detections in the first half of this year. As organizations expand their footprint in the cloud, correspondingly, they are exposed to the pervasive threats that exist in the Linux landscape. This latest threat report, released Aug. 23, provides an in-depth look at the Linux threat landscape. It discusses several pressing security issues that affect Linux running in the cloud.

  • Security Risks of Relying on a Single Smartphone

    Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the SIM, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would have been much worse.

  • ClamAV 0.104.0 introduces LTS program - itsfoss.net

    The developers have announced the project’s blog a new Long Term Support (LTS) program on as part of an update of their End-of-Life (EOL) policy. The LTS program begins retrospectively with the last major version, ClamAV 0.103. The new LTS policy extends the lifespan from 0.103 to September 2023. LTS editions are supported for a minimum of three years. Each LTS version is supported with critical patch versions and access to signature updates for the duration of the three-year support period. A new LTS feature release is presented approximately every two years. Non-LTS releases are supported with critical patch versions for at least four months from the original release date of the next feature release or until the release of the next feature release. For detailed information on the Long Term Support Program, see the LTS Announcement blog post and the LTS Policy in the online documentation.

  • Best File and Disk Encryption Tools For Linux

    Most of us are familiar with Microsoft Windows or macOS - these OSes dominate the personal computing space. But the OS that is taking over the world isn’t owned by Microsoft, Apple, or any tech company for that matter. In fact, the most popular OS in the world today isn’t owned by anyone. It’s the completely open-source Linux operating system. [...] GnuPG, also known as GPG, is a unique hybrid encryption tool that not only employs conventional symmetric-key cryptography but also uses public-key cryptography. This two-prong approach to encryption helps speed up the encryption process without compromising OS security. GnuPG is popular among journalists who use the tool to encrypt important documents and protect the identities of their sources.

  • Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Zoho Releases Security Update for ADSelfService Plus | CISA

    Zoho has released a security update on a vulnerability (CVE-2021-40539) affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps. Additionally, CISA strongly urges organizations ensure ADSelfService Plus is not directly accessible from the internet.

Audiocasts/Shows: FLOSS Weekly, mintcast, and More

  • FLOSS Weekly 646: Atomic Jar and Testcontainers - Richard North

    Richard North was the dog that caught the bus when all of a sudden his open source project, Testcontainers, took off, and now has more than a million monthly downloads and developers using it at Netflix, Uber, Spotify, Google and other settings large and small. Doc Searls and Dan Lynch talk with Richard about how he caught the bus he ended up driving, how he set up Testcontainers.org, stood up Atomicjar.com as a running business backed by smart capital, and put learnings to use through a six-year journey that includes a worldwide pandemic that is changing development for everyone.

  • mintcast 369 – Cache Flushing

    1:49 The News 27:48 Security Update 32:18 Bi-Weekly Wanderings 1:01:28 Announcements & Outro First up in the news Linux Mint is ready for the facelift, Snaps get an upgrade, Kernel 5.14 is out, and 5.15 is looking good, and Ubuntu gets a release date In security cache flushing and Bluetooth flaws Then in our Wanderings Joe pines a phone with plasma, Tony walks 500 miles, and I search for a keyboard

  • Steamy PostgreSQL Shower | Coder Radio 430

    We are coming in hot, literally. It's a day of spicy takes.

today's howtos

  • Linux ls Command List and Sort Files by Size

    A directory in a Linux system can hold from a few files to hundreds and thousands of files. You may need to sort the files by size, either in ascending or descending order. The reason for sorting files by size may vary. We may want to locate the largest to smallest files or vice versa. You can easily sort files using the ls command. In this tutorial, we’ll cover the various ways of sorting files by size using the ls command. In our examples we’ll sort files in the /var/cache/apt/archives directory.

  • Share files with your client using ProjectSend

    ProjectSend is an open-source self-host file sharing platform for companies, teams and communities. It is an ideal solution if you want to share files with your clients. Let's say you are a designer who shares dozens of files with his clients every day, with ProjectSend you can do this effortlessly and without a hassle.

  • Discover your cluster logfiles - A journey into the past. | SUSE Communities

    Log files are very useful when it comes to situations where the root cause of an event has to be investigated. But analyzing logs does not only mean looking for errors in the system. There are also a lot of other informations in most of the log files. The pacemaker log file is a perfect example. Beside warnings and errors it includes also all cluster changes. The trick is to know which keywords you have to search for.

  • Set the order of task execution in Ansible with these two keywords | Enable Sysadmin

    Regular readers of Enable Sysadmin know that most of us are big fans of Ansible. We particularly like using Ansible roles to design reusable code effectively. A playbook follows a specific execution order when it runs, and there are several ways to control the order in which your tasks run. In this article, I'll look at two particularly useful Ansible features, pre_tasks and post_tasks. I'll walk you through some real (and simple) examples of how these features can add additional flexibility to your playbooks by executing tasks at different points during a playbook run.

  • Debug a web page error from the command line | Opensource.com

    Sometimes when managing a website, things can get messed up. You might remove some stale content and replace it with a redirect to other pages. Later, after making other changes, you find some web pages become entirely inaccessible. You might see an error in your browser that "The page isn't redirecting properly" with a suggestion to check your cookies.

  • Try Fusion-360 by installing on Ubuntu 20.04 LTS Linux using Wine

    “Fusion 360” is a CAD / CAM program from Autodesk, which is known for 3D modeling software. Although it is a paid graphic design software, students and schoolchildren can download the professional program for Windows and Mac free of charge. With this professional tool, you can design mechanical components and master a wide variety of tasks in product design. You can render your drafts, create animations, and – thanks to cloud support – helps to work in collaboration.

  • How to install Clone Hero on a Chromebook

    Today we are looking at how to install Clone Hero on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below. If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

  • How to list all installed packages on OpenSUSE/SUSE Linux - nixCraft

    So you want to see a list of all packages installed on your SUSE Linux or OpenSUSE Linux system? Try these simple tips for listing all packages. We can easily search for packages matching any given search text/words under OpenSUSE or SUSE Enterprise Linux using the zypper command.

  • How To Find OpenSuse / SUSE Linux Version Using CLI - nixCraft

    How do I find out my Suse Linux / OpenSuse Linux / Suse Enterprise Linux server/desktop version using the command line options? What is the command to find out OpenSUSE Linux version? This page explains how to find SUSE or OpenSUSE Linux version using the cat command and other commands.

Kubic with Kubernetes 1.22.1 released

The Kubic Project is proud to announce that snapshot 20210901 has been released containing Kubernetes 1.22.1. Read more

