There is an integrity checking software called AIDE shipped by Red Hat® Enterprise Linux® 5. AIDE provides some general strategy for implementing integrity checking to detect the intrusions when they have occurred. » Read more
Note: This article assumes that you are already familiar with Red Hat® Network (RHN) Satellite server and its applications.
Red Hat Network Satellite server allows users to locally host subscribed content from Red Hat Network and custom content in user-managed channels. An example configuration could include a server syncing content updates directly from RHN, while another mission-critical server could be disconnected from the external network, yet still receive updates via manual syncing. In the latter case, these offline servers must be manually updated regularly. Since content updates cannot be synced directly from rhn.redhat.com, RHN Satellite provides two options for our users:
1. Channel dump ISOs hosted on RHN, per Satellite release.
2. RHN-Satellite-Exporter tool running locally on a RHN Satellite server » Read more
Release Found: Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 4 Update 5
This is a new feature that has been requested in the Red Hat Enterprise Linux product line. The supported algorithms are DES, MD5, and SHA-256/512. They will be available after the upcoming updates releases as well as in Rawhide. The new algorithms will be configurable via Kickstart only. Here is the correct code. » Read more
In Red Hat Enterprise Linux 5, device-mapper-multipath is installed by default. This is a change from Red Hat Enterprise Linux 4. If a third party multipathing solution is in use, device-mapper-multipath should be disabled to avoid any conflict between multiple multipathing technologies. To disable device-mapper-multipath, turn it off with the following command:
chkconfig multipathd off
In addition, make sure the /etc/sysconfig/mkinitrd/multipath file has the following line:
MULTIPATH=NO
By default, /etc/multipath.conf has all devices blacklisted. If this default configuration has been changed, the change should be reverted. If the devices are not blacklisted, then running the multipath command could cause a conflict with other multipathing software. The /etc/multipath.conf file should contain the following:
# Blacklist all devices by default. Remove this to enable multipathing
# on the default devices.
blacklist {
devnode "*"
}
These steps will ensure that device-mapper-multipath does not conflict with any other multipathing solution in use.
Add the following line in /etc/squid/squid.conf:
acl NOCACHEDOMAIN dstdomain www.redhat.com no_cache deny NOCACHEDOMAIN
It will not cache any content come from the domain www.redhat.com.
In /var/log/squid/access.log, it will show the page from that domain will always get "TCP_MISS" on consecutive visits.
1197363963.721 892 127.0.0.1 TCP_MISS/200 11813 GET http://www.redhat.com/ - DIRECT/209.132.177.50 text/html 1197364100.832 906 127.0.0.1 TCP_MISS/200 11813 GET http://www.redhat.com/ - DIRECT/209.132.177.50 text/html
This report is an update to the risk report published in Red Hat Magazine in April 2007.
Red Hat® Enterprise Linux® 4 was released on February 15th, 2005. This report takes a look at the state of security for the first three years from
release. We look at key metrics, specific vulnerabilities, and the most common ways users were affected by security issues. We will show some best practices that could have been used to minimise the impact of the issues, and also take a look at how the included security innovations helped. » Read more
Hey you, ya you! Do you write Bash scripts?
Come here, I have a secret to tell you.
Python is easy to learn, and more powerful than Bash. I wasn’t supposed to tell you this–it’s supposed to be a secret. Anything more than a few lines of Bash could be done better in Python. Python is often just as portable as Bash too. Off the top of my head, I can’t think of any *NIX operating systems, that don’t include Python. Even IRIX has Python installed. » Read more