Couple of days ago, Redhat released its latest and last major upgrade for Satellite 5.x. Its a rather important upgrade, you are advised to upgrade soon. This upgrade contains some major improvements like stated in an earlier article Disclaimer I’m not responsible for any damage caused by the procedure provided here. Always create a backup before even thinking about upgrading a Satellite server. Preparation As always when you plan to upgrade your Satellite server to the latest version, you need ….Read More
New features in Satellite 5.8
Redhat Satellite 5 was released in version 5.8. based on Spacewalk 2.5. It will probably be the last upgrade available, Support ends in January 2019. New features and enhancements The major new feature is the introduction of support for the CDN for both, Satellite activation and content sync. The key benefit is a massively enhanced performance for content sync. It’s now called cdn-sync, not satellite-sync anymore. Be aware that some custom scripts as well as cronjobs must be updated as ….Read More
Using Ansible to automate oVirt and RHV environments
Bored of clicking in the WebUI of RHV or oVirt? Automate it with Ansible! Set up a complete virtualization environment within a few minutes. Some time ago, Ansible includes a module for orchestrating RHV environments. It allows you to automate the setup of such an environment as well as automating daily tasks. Preparation Of course, Ansible can not automate all tasks, you need to set up a few things manually. Lets assume you want your oVirt-engine or RHV-manager running outside ….Read More
PXE boot a virtual machine with NAT connection to the host
If you have a notebook and you want to quickly deploy new virtual machines for testing, PXE boot is your friend. On notebooks people are usally not using a bridged network but NAT instead. The DHCP server on the host that is managed by Libvirt needs to configured with the TFTP server and the boot file. On my “mobile lab”, I’ve installed a virtual machine with a Redhat Satellite 5 where the other VMs get its content from. PXE boot ….Read More
Signing Linux Kernel Modules and enforce to load only signed Modules
Introduction With the enforcement of loading only signed Linux Kernel Modules you can greatly enhance the security of your Systems. There are basically two methods of enforcement: Secure (UEFI) Boot and the other is a grub parameter. When using Secure boot you can sign own (or 3rd party) Kernel modules by yourself and add your public key as a MOK (Machine Owner Key) in UEFI. When not using Secure Boot, you can not load self signed modules due to the ….Read More
Setting up a 6in4 tunnel with Fedora
Why using IPv6 Tunnels anyway? Today, most Internet access providers are IPv6 enabled. However, unfortunately the majority of them do not provide a static /64 prefix, you will get it dynamically assigned. Some providers can assign you a static prefix for a surcharge. That’s useless if you want to ensure end-to-end connectivity with your Gadgets at home. Choosing a tunnel provider Since 2004 I had my own IPv6 prefix from SixXS. Pretty sad that they are shutting down its services ….Read More
Audit your systems for security compliance with OpenSCAP
Introduction to (Open)SCAP SCAP stands for Security Content Automation Protocol. It is an open standard which defines methods for security policy compliance, vulnerability management and measurement etc. This article focuses on the operating system compliance part of SCAP. It comes originally from the US National Institute of Standards and Technology (NIST) to provide a way for US government agencies to audit its systems for regulatory compliance. OpenSCAP is a NIST validated open source implementation of SCAP. Why should I make ….Read More
Using Unbound for recursive DNS lookup
Some organizations decide to use its internal authoritative DNS servers as recursive DNS because of easiness and reverse lookup of internal RFC 1918 networks works out of the box. That should be avoided for (at least) two reasons: Cache poisoning can cause security nightmares Authoritative answers are never cached and can cause a high load on the DNS servers. Cache poisoning is a problem that can lead to severe problems, as more and more information is stored in DNS. Examples: ….Read More