Language Selection

English French German Italian Portuguese Spanish

Red Hat

Security: Updates, DOD and Red Hat on "Security Hardening Rules"

Filed under
Red Hat
Security
  • Security updates for Thursday
  • Year-old router bug exploited to steal sensitive DOD drone, tank documents

     

    In May, a hacker perusing vulnerable systems with the Shodan search engine found a Netgear router with a known vulnerability—and came away with the contents of a US Air Force captain's computer. The purloined files from the captain—the officer in charge (OIC) of the 432d Aircraft Maintenance Squadron's MQ-9 Reaper Aircraft Maintenance Unit (AMU)at Creech Air Force Base, Nevada—included export-controlled information regarding Reaper drone maintenance.

  • Security Hardening Rules

    Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about the other category of security related rules, those related to security hardening.

    In all of the products we ship, we make a concerted effort to ship thoughtful, secure default settings to minimize the amount of configuration needed to do the work you want to do. With complex packages such as Apache httpd, however, every installation will require some degree of customization before it's ready for deployment to production, and with more complex configurations, there's a chance that a setting or the interaction between several settings can have security implications which aren't immediately evident. Additionally, sometimes systems are configured in a manner that aids rapid development, but those configurations aren't suitable for production environments.

    With our hardening rules, we detect some of the most common security-related configuration issues and provide context to help you understand the represented risks, as well as recommendations on how to remediate the issues.

Red Hat News

Filed under
Red Hat
  • Top Indian carriers taking "open telco" approach to build future networks for new services: Red Hat

    Top Indian telecom service providers are taking “Open Telco” approach in building next-generation networks using networks functions virtualisation technology to bring flexibility to offer new services, and to prepare for 5G in coming years, according to the US-based open source solutions provider, Red Hat.

    Ben Panic, Director of Sales, Asia Pacific Region (Telecommunications) at Red Hat told ET that Indian telcos have already deployed open source technology-based solutions in the core functions of their mobile networks. “The target goal of NFV is to open, be multi-vendor, be flexible and agile,” he said.

  • Celebrating Red Hat’s 25th anniversary: How partners play an important role [Ed: reposted from Red Hat's site]

    As Red Hat celebrates 25 years, I would be remiss not to mention the role Red Hat partners have played in our company’s story. Partners have been an important multiplier for Red Hat and building our customer success. They are important to our future.

    Early endeavours in the channel

    In 2006, I joined Red Hat to expand the partner ecosystem. I’d been working in the channel since Moses was around, or at least since 1981. Although we were mainly selling direct, there was growing confidence that we could make the transformation to support a robust partner ecosystem.

  • Analysts Set Red Hat Inc (RHT) Target Price at $157.79
  • Buy Red Hat, An Attractive Cloud Computing Play

Red Hat News, Scientific Linux, and Fedora 29 Dropping GCC From Their Default Build Root

Filed under
Red Hat
  • Red Hat OpenStack platform adopted by Fujitsu

    Red Hat recently announced that Fujitsu has adopted Red Hat OpenStack Platform as an Infrastructure-as-a-Service (IaaS) component of Fujitsu Cloud Service for OSS, its global hybrid cloud service offering.

    As a backbone for an open hybrid cloud, Fujitsu Cloud Service for OSS is designed to help enterprises more quickly develop cloud-native and traditional applications and services in an environment built from innovative, more reliable, and more secure open technologies.

    This announcement shows the continued, long-standing collaboration between Red Hat and Fujitsu to offer hybrid cloud solutions based on open source.

  • Fujitsu Adopts Red Hat OpenStack Platform for Fujitsu Cloud Service for OSS
  • Entando Announces OEM Agreement with Red Hat on Modern Applications

    Entando, a leader in open source Digital Experience Platforms, today announced that Red Hat has agreed to include access to a set of Entando’s open source low-code tools as part of Red Hat’s newly launched Red Hat Process Automation Manager. Entando has optimized the tools to run effectively on Red Hat Process Automation Manager. Together, these technologies offer customers expanded next-generation business process automation capabilities native to Red Hat OpenShift Container Platform and a user experience (UX) designed to help them create cloud-native applications faster.

  • STT Connect builds webscale private cloud infrastructure on Red Hat

    To build its cloud on a flexible, supported open source platform, STT Connect partnered with Red Hat to deploy Red Hat OpenStack Platform, Red Hat Ansible Tower, and other enterprise Red Hat software.

    These solutions helped the company create an agile and efficient — yet secure — webscale cloud infrastructure. STT Connect became the first cloud company in Singapore to achieve the highest level Multi-Tier Cloud Security (MTCS) certification with an OpenStack private cloud.

  • The Final Build of Scientific Linux 6.10 Legacy Branch Released

    Scientific Linux has announced that the 6.10 release will be the final build of their legacy branch based on Red Hat 6.10. It will only receive security updates and major bug fixes and will be supported until November 2020.

    Fermi National Accelerator Laboratory (Fermilab) and European Organization for Nuclear Research (CERN) co-develop Scientific Linux with the aim of creating a stable operating system that is supplied with packages and applications that support scientific research. They also list using “the free exchange of ideas, designs, and implementations to prepare a computing platform for the next generation of scientific computing” as one of their goals.

  • ISVs in APAC Showcase Increased Red Hat OpenShift Adoption Across Verticals
  • Should You Buy Red Hat, Inc. (RHT) or Marsh & McLennan Companies, Inc. (MMC)?
  • Red Hat, Inc. (RHT) P/E ratio is noted at 62.01
  • Is this stock Risky for You?: Red Hat, Inc. (RHT)
  • Analyst Buzz: Red Hat, Inc. (NYSE:RHT)
  • Red Hat: Ready For Multiple Expansion
  • Fedora 29 Dropping GCC From Their Default Build Root Has Been Causing A Heated Debate

    One of the surprisingly controversial changes being implemented for Fedora 29 is dropping GCC and GCC-C++ from the default BuildRoot for assembling Fedora packages with Koji and Mock.

    Up to now it's always just been implied that GCC (including the GCC C++ compiler) is there by default with every build-root. But these days with more packages being written in languages like Go, Rust, Python, Node.js, and other modern languages, the proportion of C/C++ applications is decreasing. As such, the GCC C/C++ support is no longer being implied with the default build environments in Koji/Mock, which in turn should help package build times for non-C/C++ packages as they will no longer need to pull in the gcc/gcc-c++ packages and in turn a cleaner buildroot environment too.

Hiding the Fedora boot menu

Filed under
Red Hat

The venerable Linux boot menu has made its appearance at boot time since the days when LILO was the standard boot loader, through the days of GRUB, and onward to today's GRUB 2 and others. It is sometimes configured out by distributions as something that will potentially confuse less-technical users, but it has been a mainstay of Fedora for many releases. A recent proposal to hide the menu, starting in Fedora 29, has met a mixed reaction, but those who are not in favor are also those most able to revert to the existing behavior.

Hans de Goede raised the issue back at the end of May. He suggested that Fedora had at one time hidden the boot menu, but changed. As a longtime Fedora user, I don't remember that switch, but my memory is faulty and that may be the case here. In any case, De Goede's idea is to not have the distribution print any confusing messages at boot time: "the end goal being a user pressing the on button and then going to the graphical login manager without him seeing any text messages / menus filled with technical jargon."

The response was somewhat mixed, as might be expected. Stephen Gallagher was concerned about boots that failed and gave the user no alternatives to try. De Goede said that the plan was to detect failed boots and then show the boot menu on the next boot. He muddied the waters somewhat by mentioning a "fastboot" feature that he is planning for Fedora 30. It would effectively provide no way for a user sitting at the console to override the boot sequence (with a key press, say) and get the boot menu once the system has started booting.

Read more

Also: Fedora tackles Southeast Linux Fest 2018

Red Hat News, Mostly APAC

Filed under
Red Hat

Red Hat News

Filed under
Red Hat
  • Red Hat targets regional system integrators through program launch

    Red Hat has launched an Asia Pacific (APAC) program targeted at helping system integrators (SIs) build and modernise applications for the cloud.

    The new initiative is designed to allow partners to deliver new services at a lower cost and accelerate development for faster return on investment.

    Specifically, the Red Hat OpenShift Practice Builder Program has been designed to do just that, using the vendor's container application platform, Openshift, and a portfolio of enterprise-class application and integration middleware software products, JBoss Middleware.

  • Virtualize your OpenStack control plane with Red Hat Virtualization and Red Hat OpenStack Platform 13

    With the release of Red Hat OpenStack Platform 13 (Queens) we’ve added support to Red Hat OpenStack Platform director to deploy the overcloud controllers as virtual machines in a Red Hat Virtualization cluster. This allows you to have your controllers, along with other supporting services such as Red Hat Satellite, Red Hat CloudForms, Red Hat Ansible Tower, DNS servers, monitoring servers, and of course, the undercloud node (which hosts director), all within a Red Hat Virtualization cluster. This can reduce the physical server footprint of your architecture and provide an extra layer of availability.

    Please note: this is not using Red Hat Virtualization as an OpenStack hypervisor (i.e. the compute service, which is already nicely done with nova via libvirt and KVM) nor is this about hosting the OpenStack control plane on OpenStack compute nodes.

  • ORock Technologies Achieves FedRAMP Moderate Authorization for ORockCloud

    As a Red Hat Premier Certified Cloud and Service Provider (CCSP), ORock Technologies architected ORockCloud as a "pure-play" Red Hat cloud that incorporates a suite of Red Hat's open source solutions for enhanced flexibility, security features and control. These include: Red Hat Enterprise Linux; Red Hat OpenStack Platform; Red Hat Virtualization; Red Hat Ceph Storage; Red Hat CloudForms; Red Hat Ansible Tower; Red Hat Satellite; and associated cloud APIs.

  • Will Investors Step Up in Red Hat, Inc. (RHT) and Chubb Limited (CB)?
  • Here’s What To Do With Red Hat, Inc. (RHT), EQT Corporation (EQT)

Red Hat News: Security, Celebrating Red Hat’s 25th Anniversary and More

Filed under
Red Hat
  • Red Hat Security: Red Hat’s disclosure process

    Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around responsible disclosure. It has caused us to look back to see what went wrong so as to prevent this from happening in the future.

    Because of how important our relationships with the community and industry partners are and how seriously we treat non-public information irrespective of where it originates, we are taking this event as an opportunity to look internally at improvements and challenge assumptions we have held.

    We conducted a review and are using this to develop training around the handling of non-public information relating to security vulnerabilities, and ensuring that our relevant associates have a full understanding of the importance of engaging with upstreams as per their, and our, responsible disclosure guidelines. We are also clarifying communication mechanisms so that our associates are aware of the importance of and methods for notifying upstream of a vulnerability prior to public disclosure.

  • Celebrating Red Hat’s 25th anniversary: Red Hat partners have played an important role in our company journey

    As Red Hat celebrates 25 years, I would be remiss not to mention the role Red Hat partners have played in our company’s story. Partners have been an important multiplier for Red Hat and building our customer success. They are important to our future.

  • DH2i signs strategic-alignment agreement with Red Hat

    DH2i Co., a Fort Collins-based company that provides disaster-recovery solutions for Windows, Linux and Oracle databases, has signed a strategic-alignment agreement with Red Hat.

    After testing and validation, DH2i will become a Red Hat Technology Partner and has been certified on Red Hat Enterprise Linux 7.

  • How Financially Strong Is Red Hat Inc (NYSE:RHT)?
  • What is the fate of Red Hat, Inc. (RHT) against Blue Apron Holdings, Inc. (APRN),

Red Hat News

Filed under
Red Hat

Red Hat: APAC, Kubernetes, Raleigh and More

Filed under
Red Hat

Scientific Linux 6.10 RC 1

Filed under
Red Hat
  • Scientific Linux 6.10 RC 1 i386/x86_64 is now available for testing
  • CentOS 6.10 Released, Scientific Linux 6.10 Coming Next Week

    Based off last month's Red Hat Enterprise Linux 6.10 update, CentOS 6.10 is available this week while also the Scientific Linux 6.10 release candidate has also been made available.

    Released on Tuesday was the CentOS 6.10 release. This CentOS 6 update is derived from the same sources as RHEL 6.10.

    As such, like with upstream RHEL 6.10, this new release offers Retpolines and KPTI support for Spectre and Meltdown mitigation. Besides security update work, there are also updates to GCC and other system packages. But all in all, not much is happening for EL6 due to the time around on the market it's mostly just receiving security updates and important fixes. Red Hat Enterprise Linux 7 remains their prime focus and prepping the yet-to-be-released Red Hat Enterprise Linux 8.

Syndicate content

More in Tux Machines

Cloud-Native/Kubernetes/Container/OpenShift

  • 10 Key Attributes of Cloud-Native Applications
    Cloud-native platforms, like Kubernetes, expose a flat network that is overlaid on existing networking topologies and primitives of cloud providers. Similarly, the native storage layer is often abstracted to expose logical volumes that are integrated with containers. Operators can allocate storage quotas and network policies that are accessed by developers and resource administrators. The infrastructure abstraction not only addresses the need for portability across cloud environments, but also lets developers take advantage of emerging patterns to build and deploy applications. Orchestration managers become the deployment target, irrespective of the underlying infrastructure that may be based on physical servers or virtual machines, private clouds or public clouds. Kubernetes is an ideal platform for running contemporary workloads designed as cloud-native applications. It’s become the de facto operating system for the cloud, in much the same way Linux is the operating system for the underlying machines. As long as developers follow best practices of designing and developing software as a set of microservices that comprise cloud-native applications, DevOps teams will be able to package and deploy them in Kubernetes. Here are the 10 key attributes of cloud-native applications that developers should keep in mind when designing cloud-native applications.
  • Google Embraces New Kubernetes Application Standard
    Once an organization has a Kubernetes container orchestration cluster running, the next challenge is to get applications running. Google is now aiming to make it easier for organizations to deploy Kubernetes applications, through the Google Cloud Platform Marketplace. The new marketplace offerings bring commercial Kubernetes-enabled applications that can be run in the Google cloud, or anywhere else an organization wants. All a user needs to do is visit the GCP marketplace and click the Purchase Plan button to get started. "Once they agree to the terms, they'll find instructions on how to deploy this application on the Kubernetes cluster of their choice, running in GCP or another cloud, or even on-prem," Anil DhawanProduct Manager, Google Cloud Platform, told ServerWatch. "The applications report metering information to Google for billing purposes so end users can get one single bill for their application usage, regardless of where it is deployed."
  • Challenges and Requirements for Container-Based Applications and Application Services
    Enterprises using container-based applications require a scalable, battle-tested, and robust services fabric to deploy business-critical workloads in production environments. Services such as traffic management (load balancing within a cluster and across clusters/regions), service discovery, monitoring/analytics, and security are a critical component of an application deployment framework. This blog post provides an overview of the challenges and requirements for such application services.

Software: Music Tagger MusicBrainz, Pulseaudio, COPR, AV1

  • Music Tagger MusicBrainz Picard 2.0 Ported To Python 3 And PyQt5, Brings Improved UI And More
    MusicBrainz Picard version 2.0 was released after more than 6 years since the previous major release (1.0). The new version was ported to Python 3 and PyQt5 and includes Retina and HiDPI support, improved UI and performance, as well as numerous bug fixes. [...] MusicBrainz Picard 2.0 was ported to Python 3 (requires at least version 3.5) and PyQt5 (>= 5.7). The release announcement mentions that a side effect of this is that "Picard should look better and in general feel more responsive". Also, many encoding-related bugs were fixed with the transition to Python 3, like the major issue of not supporting non-UTF8 filenames.
  • Pulseaudio: the more things change, the more they stay the same
    Such a classic Linux story. For a video I'll be showing during tonight's planetarium presentation (Sextants, Stars, and Satellites: Celestial Navigation Through the Ages, for anyone in the Los Alamos area), I wanted to get HDMI audio working from my laptop, running Debian Stretch. I'd done that once before on this laptop (HDMI Presentation Setup Part I and Part II) so I had some instructions to follow; but while aplay -l showed the HDMI audio device, aplay -D plughw:0,3 didn't play anything and alsamixer and alsamixergui only showed two devices, not the long list of devices I was used to seeing. Web searches related to Linux HDMI audio all pointed to pulseaudio, which I don't use, and I was having trouble finding anything for plain ALSA without pulse. In the old days, removing pulseaudio used to be the cure for practically every Linux audio problem. But I thought to myself, It's been a couple years since I actually tried pulse, and people have told me it's better now. And it would be a relief to have pulseaudio working so things like Firefox would Just Work. Maybe I should try installing it and see what happens.
  • 4 cool new projects to try in COPR for July 2018
    COPR is a collection of personal repositories for software that isn’t carried in Fedora. Some software doesn’t conform to standards that allow easy packaging. Or it may not meet other Fedora standards, despite being free and open source. COPR can offer these projects outside the Fedora set of packages. Software in COPR isn’t supported by Fedora infrastructure or signed by the project. However, it can be a neat way to try new or experimental software. Here’s a set of new and interesting projects in COPR.
  • SD Times Open-Source Project of the Week: AV1
    Open source supporters and companies are teaming up to offer the next general of video delivery. The Alliance for Open Media (AOMEDIA) is made up of companies like Mozilla, Google, Cisco, Amazon and Netflix, and on a mission to create an open video format and new codec called AV1. In a blog post about the AOMedia Video, or AV1, video codec, Mozilla technical writer Judy DeMocker laid out the numbers; within the next few years, video is expected to account for over 80 percent of Internet traffic. And unbeknownst to many, all of that free, high-quality video content we’ve come to expect all across the Internet costs quite a bit for the people providing it via codec licensing fees. The most common, H.264, is used all over the place to provide the compression required to send video quickly and with quality intact.
  •  

KDE and GNOME: Kubuntu 18.04 Reviewed, Akademy, Cutelyst and GUADEC

  • Kubuntu 18.04 Reviewed in Linux ( Pro ) Magazine
    Kubuntu Linux has been my preferred Linux distribution for more than 10 years. My attraction to the KDE desktop and associated application set, has drawn from Kubuntu user, to a tester, teacher, developer, community manager and councilor. I feel really privileged to be part of, what can only be described as, a remarkable example of the free software, and community development of an exceptional product. This latest release 18.04, effectively the April 2018 release, is a major milestone. It is the first LTS Long Term Support release of Kubuntu running the “Plasma 5” desktop. The improvements are so considerable, in both performance and modern user interface ( UI ) design, that I was really excited about wanting to tell the world about it.
  • Going to Akademy
    Happy to participate in a tradition I’ve admired from afar but never been able to do myself… until this year. My tickets are bought, my passport is issued, and I’m going to Akademy! Hope to see you all there!
  • System76's New Manufacturing Facility, Ubuntu 17.10 Reaches End of Life, Google Cloud Platform Marketplace, Stranded Deep Now Available for Linux and Cutelyst New Release
    Cutelyst, a C++ web framework based on Qt, has a new release. The update includes several bug fixes and some build issues with buildroot. See Dantti's Blog for all the details. Cutelyst is available on GitHub.
  • GUADEC 2018 Videos: Help Wanted
    At this year’s GUADEC in Almería we had a team of volunteers recording the talks in the second room. This was organized very last minute as initially the University were going to do this, but thanks to various efforts (thanks in particular to Adrien Plazas and Bin Li) we managed to record nearly all the talks. There were some issues with sound on both the Friday and Saturday, which Britt Yazel has done his best to overcome using science, and we are now ready to edit and upload the 19 talks that took place in the 2nd room. To bring you the videos from last year we had a team of 5 volunteers from the local team who spent our whole weekend in the Codethink offices. (Although none of us had much prior video editing experience so the morning of the first day was largely spent trying out different video editors to see which had the features we needed and could run without crashing too often… and the afternoon was mostly figuring out how transitions worked in Kdenlive).
  • GUADEC 2018
    This year I attended my second GUADEC in beautiful Almería, Spain. As with the last one I had the opportunity to meet many new people from the extended GNOME community which is always great and I can’t recommend it enough for anybody involved in the project. [...] Flatpak continues to have a lot of healthy discussions at these events. @matthiasclasen made a post summarizing the BoF so check that out for the discussions of the soon landing 1.0 release. So lets start with the Freedesktop 18.07 (date based versioning now!) runtime which is in a much better place than 1.6 and will be solving lots of problems such as multi-arch support and just long term maintainability. I was really pleased to see all of the investment in BuildStream and the runtime from CodeThink which is really needed in the long term.

Red Hat and Fedora