Chapter 1. Overview
Security
- Driven by Trusted Platform Module (TPM) 2.0 hardware modules, the Policy-Based Decryption (PBD) capability has been extended to provide two layers of security for hybrid-cloud operations: the network-based mechanism is applicable in the cloud, while the use of TPM on-premises helps to keep information on disks physically more secure.
- The
GnuTLS
library now provides improved Hardware Security Module (HSM) support. OpenSSL
now works with new CP Assist for Cryptographic Functions (CPACF) instructions to accelerate Galois/Counter Mode (GCM) of operation as available with IBM z14.- Red Hat Certificate System distributed with Red Hat Enterprise Linux 7.6 provides new default cryptographic algorithms for RSA and ECC, which help maintain FIPS compliance and stay current with cryptography requirements from NIST and other standards bodies, as well as organizations responsible for handling sensitive information.
See Chapter 16, Security and Chapter 5, Authentication and Interoperability for more information.
Networking
- For better integration with counter-intrusion measures, firewall operations through Red Hat Enterprise Linux have been improved with enhancements to
nftables
. The nft command-line tool can now also provide improved control packet filtering, providing better overall visibility and simplified configuration for systems security.
For details, see Chapter 14, Networking.
Identity Management and Access Control
- This release of OpenSC supports support new smart cards, for example, models with CardOS 5.3.
For details, see Chapter 33, Security.
Management and Automation
- The tools for managing Red Hat Enterprise Linux 7 continue to be refined, with the latest version introducing enhancements to the Red Hat Enterprise Linux Web Console including:
- Showing available updates on the system summary page
- Automatic configuration of single sign-on for identity management, helping to simplify this task for security administrators
- An interface to control firewall services
- The following Red Hat Enterprise Linux System Roles are now fully supported:
selinux
,kdump
,network
, andtimesync
. - The integration of the Extended Berkeley Packet Filter (eBPF) provides a safer, more efficient mechanism for monitoring activity within the kernel and will help to enable additional performance monitoring and network tracing tools in the future. The eBPF tool is available as a Technology Preview.
For detailed information, refer to Chapter 19, System and Subscription Management, Chapter 15, Red Hat Enterprise Linux System Roles Powered by Ansible and Chapter 44, Kernel.
Containers
- Red Hat Enterprise Linux 7.6 introduces full support for Podman, a container management tool that complements the previously released Buildah and Skopeo tools. Podman can start and run stand-alone containers from the command line, as services using
systemd
, or using a remote API. These same capabilities can be used to invoke groups of containers on a single node, also called pods. Podman does not require a daemon to function, which helps to eliminate the complexity and the client-server interactions of a traditional container engine. Podman also allows building containers on a desktop, as well as in continuous integration and continuous delivery (CI/CD) systems. Finally, it enables starting containers within high-performance computing environments and big data schedulers.Thepodman
command can replace thedocker
command in most cases, supporting almost identical features and syntax.
For more information, see the Red Hat Enterprise Linux 7 Atomic Host Release Notes and Using podman to work with containers.
In-place upgrades
- An in-place upgrade offers a way to upgrade a system to a new major release of Red Hat Enterprise Linux by replacing the existing operating system. Red Hat supports in-place upgrades from RHEL 6 to RHEL 7 and from RHEL 7 to RHEL 8. For more information, see Chapter 4, In-place Upgrades.
Additional Resources
- Capabilities and limits of Red Hat Enterprise Linux 7 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.
- Information regarding the Red Hat Enterprise Linux life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.
- The Package Manifest document provides a package listing for RHEL 7.
- The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is now available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.
Red Hat Customer Portal Labs
Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are: