Red Hat Enterprise Linux 7.2 Adds Security, DR Features
Red Hat today released Red Hat Enterprise Linux 7.2 (RHEL 7.2), the latest milestone update to its flagship operating system platform.
RHEL 7.2 is the second major update for RHEL in 2015 and follows the RHEL 7.1 milestone that debuted in March. While RHEL 7.2 has been in beta since September, Red Hat first began to talk publicly about some of the enhancements back in June during the Red Hat Summit.
Among the highlights for RHEL 7.2 is improved support for the OpenSCAP (Security Content Automation Protocol), which is designed to help organizations establish and maintain a security baseline for system configuration.
"It's correct that Red Hat Enterprise Linux has supported OpenSCAP for some time—the difference with Red Hat Enterprise Linux 7.2 is that we have integrated the configuration and application of OpenSCAP policies with Anaconda," Siddharth Nagar, principal technical product manager, Red Hat, told eWEEK.
Anaconda is Red Hat's open-source installation tool that is also used in the Fedora Linux distribution. By integrating OpenSCAP with Anaconda, security moves up-front, helping ensure that, when systems are brought online, they are done so in a secure manner that is aligned with existing policies, Nagar said.
"The new capabilities for OpenSCAP within Red Hat Enterprise Linux 7.2 are in direct response to requests from our customers," Nagar said. "More specifically, these customers are looking to operationalize, at scale, the deployment of systems that comply with their SCAP-based policies, which is exactly what the Anaconda plug-in support is designed to address."
RHEL 7.2 offers improved support for Domain Name System (DNS) security extensions (DNSsec). In Red Hat Enterprise Linux 7.2, identity management (IdM) servers with integrated DNS are now able to use DNSsec. DNSsec provides crytographic integrity to DNS information, which otherwise could potentially be at risk from attackers. Back in 2008, security researcher Dan Kaminsky first warned of the large-scale impact from a DNS flaw that could enable attacks. The long-term solution to that flaw is what DNSsec is all about. Nagar explained that DNS zones hosted on Red Hat Identity Management (IdM) servers can be automatically signed using DNSSEC, and cryptographic keys can be automatically generated and rotated.
"The biggest improvement here is that integration of DNSSEC with IdM enables automatic key generation and rotation, a previously challenging and cumbersome task for systems administrators," Nagar said.
Looking beyond just security, RHEL 7.2 now includes a feature that Red Hat is calling "relax and recover" for data recovery. The technology comes from the Relax-and-Recover community project, Nagar explained.
"It's a leading open-source disaster recovery and system migration solution, comprised of a modular framework and ready-to-go workflows for many common situations," Nagar said. "This produces a bootable image, which can be used as a restore point and it also allows restoration to different hardware, which allows it to doubly serve as a migration tool."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Read more on "Bugger Off: The Importance of Securing Your Servers" »