Language Selection

English French German Italian Portuguese Spanish

Security: Updates, DOD and Red Hat on "Security Hardening Rules"

Filed under
Red Hat
Security
  • Security updates for Thursday
  • Year-old router bug exploited to steal sensitive DOD drone, tank documents

     

    In May, a hacker perusing vulnerable systems with the Shodan search engine found a Netgear router with a known vulnerability—and came away with the contents of a US Air Force captain's computer. The purloined files from the captain—the officer in charge (OIC) of the 432d Aircraft Maintenance Squadron's MQ-9 Reaper Aircraft Maintenance Unit (AMU)at Creech Air Force Base, Nevada—included export-controlled information regarding Reaper drone maintenance.

  • Security Hardening Rules

    Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about the other category of security related rules, those related to security hardening.

    In all of the products we ship, we make a concerted effort to ship thoughtful, secure default settings to minimize the amount of configuration needed to do the work you want to do. With complex packages such as Apache httpd, however, every installation will require some degree of customization before it's ready for deployment to production, and with more complex configurations, there's a chance that a setting or the interaction between several settings can have security implications which aren't immediately evident. Additionally, sometimes systems are configured in a manner that aids rapid development, but those configurations aren't suitable for production environments.

    With our hardening rules, we detect some of the most common security-related configuration issues and provide context to help you understand the represented risks, as well as recommendations on how to remediate the issues.

More in Tux Machines

today's howtos

Andrew Crouthamel: How I Got Involved in KDE

Since this blog is starting after the beginning of my contributions to KDE, the first few regular posts will be explaining my prior contributions, before moving into the present. Read more

Security: Debian LTS, Linux Potential Local Privilege Escalation Bug, Australia Wants to Mandate Back Doors, Equifax Breach the Fault of Equifax

Graphics: NVIDIA and Gallium3D

  • NVIDIA Vulkan Beta Adds New KHR_driver_properties & KHR_shader_atomic_int64
    Not to be confused with the new NVIDIA Linux/Windows drivers that should be out today for RTX 2070/2080 "Turing" support and also initial RTX ray-tracing support, there is also out a new Vulkan beta driver this morning. The NVIDIA 396.54.06 driver is this new Vulkan beta and as implied by the version number is still on the current stable branch and not in the Turing era. But this driver release is quite exciting as it does bring support for two new extensions... These extensions are very fresh and not yet in the official Vulkan specification: VK_KHR_driver_properties and VK_KHR_shader_atomic_int64.
  • GeForce RTX 2080 Ti Linux Benchmarks Coming Today, NVIDIA Driver Bringing Vulkan RTX
    NVIDIA's review/performance embargo has now lifted on the GeForce RTX 2080 series ahead of the cards shipping tomorrow. I should have out initial Linux benchmarks later today, assuming Linux driver availability. As wrote about yesterday, just yesterday I ended up receiving the GeForce RTX 2080 Ti for Linux benchmarking. But, unfortunately, no Linux driver yet... But I am told it will be posted publicly soon with the Windows driver. Assuming that happens within the hours ahead, I'll still have initial RTX 2080 Ti benchmarks on Ubuntu Linux out by today's end -- thanks to the Phoronix Test Suite and recently wrapping up other NVIDIA/AMD GPU comparison tests on the current drivers.
  • Intel's New Iris Gallium3D Driver Picks Up Experimental Icelake Bits, GL Features
    One of the talks we are most interested in at XDC2018 is on the Intel "Iris" Gallium3D driver we discovered last month was in development. We stumbled across the Iris Gallium3D driver that's been in development for months as a potential replacement to their "i965" classic Mesa driver. But they haven't really detailed their intentions in full, but we should learn more next week. This is particularly exciting the prospects of an official Intel Gallium3D driver as the company is also expected to introduce their discrete GPUs beginning in 2020 and this new driver could be part of that plan.