Red Hat launched Red Hat Enterprise Linux 6.9 on March 21, providing users of its older operating system with an incremental update boasting improved security capabilities.
Although the leading edge of Red Hat’s enterprise platform is currently the RHEL 7.x branch, Red Hat continues to bring new features to RHEL 6.x as well. It first released RHEL 6 in November 2010, and today’s 6.9 update will usher in what Red Hat refers to as Production Phase 3.
“This is the last Production Phase 2 release of Red Hat Enterprise Linux 6—the platform enters Production Phase 3 on May 10, 2017,” Marcel Kolaja, product manager of Red Hat Enterprise Linux at Red Hat, told eWEEK. “That means that only critical security and business-impacting issues will be addressed via updates.”
The newer RHEL 7.x product branch first became available in June 2014 and Red Hat’s customers have been adopting it ever since, though the company doesn’t share subscription numbers publicly. The most recent release of the product is the 7.3 milestone, which became generally available in November 2016.
An RHEL subscription allows a customer to select any supported version of Red Hat Enterprise Linux for each workload, according to Kolaja.
“As such, customers move fluidly between major versions to meet the needs of their business, allowing them to maintain applications on both Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 with the full backing of Red Hat support,” Kolaja said.
Among the improvements in the new RHEL 6.9 release is enhanced support for the Transport Layer Security (TLS) 1.2 standard. Kolaja said that multiple utilities inside of RHEL 6.9 have been updated to use TLS 1.2.
“Enabling TLS 1.2 encryption will enhance the security of Red Hat Enterprise Linux 6 systems and applications running on the platform,” Kolaja said.
OpenSCAP
Red Hat has also announced that its OpenSCAP utility has now been certified by the U.S. National Institute of Science and Technology (NIST). The Security Content Automation Protocol, or SCAP, is a protocol used to help establish a baseline of security compliance and configuration in a given environment. The OpenSCAP scanner is an open-source tool that enables organizations to benefit from SCAP.
“The OpenSCAP tooling source is identical in both Red Hat Enterprise Linux 7.3 and 6.9,” David Egts, chief technologist of Red Hat’s Public Sector, told eWEEK. “In both releases, OpenSCAP was rebased and NIST certified, so it can be considered new for both versions of Red Hat Enterprise Linux.”
The value in having the OpenSCAP tooling certified by NIST is that certifications ensure consistency in terms of behavior and reporting, Egts said. As such, an organization can get SCAP content from anywhere and have assurance that any NIST-certified SCAP scanner will behave identically with that specific content.
“Open standards and third-party validation deliver vendor choice and minimize vendor lock-in, something that we strongly believe in,” he said.
OpenSCAP can also be used in container environments to help establish secure configurations and deployment. Scanning is typically done at the host level, so the preferred method would be to use Red Hat Atomic Scan (which is integrated with OpenSCAP) to scan and remediate container images from outside of the container, according to Egts.
“There is always a lot going on with security and content scanning internally at Red Hat and within the upstream communities,” he said. “But one of the biggest drivers moving forward will be exploring ways to enable scanning container images for compliance issues in addition to vulnerabilities.”