Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 11. Security


TLS 1.2 support added to all system components

With the addition of TLS 1.2 support to the GnuTLS component, Red Hat Enterprise Linux 6 offers complete support for TLS 1.2 in the shipped security libraries: OpenSSL, NSS, and GnuTLS. Several modern standards such as PCI-DSS v3.1 recommend the latest TLS protocol, which is currently TLS 1.2. This addition allows you to use Red Hat Enterprise Linux 6 with future revisions of security standards, which may require TLS 1.2 support.
For more information about the cryptographic changes in the Red Hat Enterprise Linux 6, see this article on the Red Hat Customer Portal: https://access.redhat.com/blogs/766093/posts/2787271. (BZ#1339222)

OpenSCAP 1.2.13 is NIST certified

OpenSCAP 1.2.13 has been certified by the National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP) 1.2 in the Authenticated Configuration Scanner category with the Common Vulnerabilities and Exposure (CVE) option. OpenSCAP provides a library that can parse and evaluate each component of the SCAP standard. This makes creating new SCAP tools convenient. Also, OpenSCAP offers a multi-purpose tool designed to format content into documents or scan a system based on this content. (BZ#1364207)

vsftpd now uses TLS 1.2 by default

Users of the Very Secure File Transfer Protocol (FTP) daemon (vsftpd) can select a specific version of TLS protocol up to 1.2. TLS 1.2 has been enabled by default to bring security of vsftpd to the same level as the same package in Red Hat Enterprise Linux 7. New default ciphers specific to TLS 1.2 has been added: ECDHE-RSA-AES256-GCM-SHA384 and ECDHE-ECDSA-AES256-GCM-SHA384. These changes do not break existing configurations. (BZ#1350724)

auditd now supports incremental_async

The audit daemon now supports a new flush technique called incremental_async. This new mode significantly improves the audit daemon's logging performance maintaining short flush intervals for security. (BZ#1369249)

scap-security-guide now supports ComputeNode

The scap-security-guide project now supports scanning of the ComputeNode variant of Red Hat Enterprise Linux and the scap-security-guide package is also distributed in the relevant channel. (BZ#1311491)

rsyslog7 now enables TLS 1.2

With this update, the rsyslog7 multi-threaded syslog daemon explicitly enables TLS 1.2 in the GnuTLS component. (BZ#1323199)
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.