Oracle Linux and the Unbreakable Enterprise Kernel, Including Premier
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
The Linux Kernel Module Programming Guide
The Linux Kernel Module Programming Guide Peter Jay Salzman Michael Burian Ori Pomerantz Copyright © 2001 Peter Jay Salzman 2007−05−18 ver 2.6.4 The Linux Kernel Module Programming Guide is a free book; you may reproduce and/or modify it under the terms of the Open Software License, version 1.1. You can obtain a copy of this license at http://opensource.org/licenses/osl.php. This book is distributed in the hope it will be useful, but without any warranty, without even the implied warranty of merchantability or fitness for a particular purpose. The author encourages wide distribution of this book for personal or commercial use, provided the above copyright notice remains intact and the method adheres to the provisions of the Open Software License. In summary, you may copy and distribute this book free of charge or for a profit. No explicit permission is required from the author for reproduction of this book in any medium, physical or electronic. Derivative works and translations of this document must be placed under the Open Software License, and the original copyright notice must remain intact. If you have contributed new material to this book, you must make the material and source code available for your revisions. Please make revisions and updates available directly to the document maintainer, Peter Jay Salzman <[email protected]>. This will allow for the merging of updates and provide consistent revisions to the Linux community. If you publish or distribute this book commercially, donations, royalties, and/or printed copies are greatly appreciated by the author and the Linux Documentation Project (LDP). -
Oracle® Linux Administrator's Solutions Guide for Release 6
Oracle® Linux Administrator's Solutions Guide for Release 6 E37355-64 August 2017 Oracle Legal Notices Copyright © 2012, 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. -
Adaptive Android Kernel Live Patching
Adaptive Android Kernel Live Patching Yue Chen Yulong Zhang Zhi Wang Liangzhao Xia Florida State University Baidu X-Lab Florida State University Baidu X-Lab Chenfu Bao Tao Wei Baidu X-Lab Baidu X-Lab Abstract apps contain sensitive personal data, such as bank ac- counts, mobile payments, private messages, and social Android kernel vulnerabilities pose a serious threat to network data. Even TrustZone, widely used as the se- user security and privacy. They allow attackers to take cure keystore and digital rights management in Android, full control over victim devices, install malicious and un- is under serious threat since the compromised kernel en- wanted apps, and maintain persistent control. Unfortu- ables the attacker to inject malicious payloads into Trust- nately, most Android devices are never timely updated Zone [42, 43]. Therefore, Android kernel vulnerabilities to protect their users from kernel exploits. Recent An- pose a serious threat to user privacy and security. droid malware even has built-in kernel exploits to take Tremendous efforts have been put into finding (and ex- advantage of this large window of vulnerability. An ef- ploiting) Android kernel vulnerabilities by both white- fective solution to this problem must be adaptable to lots hat and black-hat researchers, as evidenced by the sig- of (out-of-date) devices, quickly deployable, and secure nificant increase of kernel vulnerabilities disclosed in from misuse. However, the fragmented Android ecosys- Android Security Bulletin [3] in recent years. In ad- tem makes this a complex and challenging task. dition, many kernel vulnerabilities/exploits are publicly To address that, we systematically studied 1;139 An- available but never reported to Google or the vendors, droid kernels and all the recent critical Android ker- let alone patched (e.g., exploits in Android rooting nel vulnerabilities. -
Red Hat Enterprise Linux Certification Matrix for Dell EMC Poweredge Servers
Red Hat Enterprise Linux Certification Matrix for Dell EMC PowerEdge Servers September 10, 2021 Dell EMC Linux Team Introduction • This set of matrices attempt to represent the certification status between different versions of Red Hat Enterprise Linux and Dell EMC PowerEdge servers • Dell Technologies policy is to offer ‘validation’ support for a new release of RHEL at the moment it is GA from Red Hat – Customers with an existing Dell ProSupport contract who purchased their RHN subscription with their Dell EMC server may download and install the new release onto their server and will continue to be covered by their ProSupport contract. – Please note that only the contents of the distribution ISO are supported. No other software. • Please note the Red Hat CPU support policy here : – https://access.redhat.com/support/policy/intel 2 RHEL/Dell EMC Matrix published on September 10, 2021 Support levels for a platform/release combination • There are three levels of status : – Not Supported : The absence of an icon indicates that this release is not supported or certified for the referenced platform. – Certified: The release has been successfully certified, or the cert has been carried forward from a previous cert, and will appear on the Red Hat hardware certification page, no additional validation has been carried out. Certified is indicated by: – Validated : The release has been successfully certified and tested by Dell Technologies teams and will appear on the Red Hat hardware certification page. The contents of the distribution ISO are supported by Dell Technologies for their RHEL OEM customers and the ISO contains functioning drivers for the hardware platform. -
The Xen Port of Kexec / Kdump a Short Introduction and Status Report
The Xen Port of Kexec / Kdump A short introduction and status report Magnus Damm Simon Horman VA Linux Systems Japan K.K. www.valinux.co.jp/en/ Xen Summit, September 2006 Magnus Damm ([email protected]) Kexec / Kdump Xen Summit, September 2006 1 / 17 Outline Introduction to Kexec What is Kexec? Kexec Examples Kexec Overview Introduction to Kdump What is Kdump? Kdump Kernels The Crash Utility Xen Porting Effort Kexec under Xen Kdump under Xen The Dumpread Tool Partial Dumps Current Status Magnus Damm ([email protected]) Kexec / Kdump Xen Summit, September 2006 2 / 17 Introduction to Kexec Outline Introduction to Kexec What is Kexec? Kexec Examples Kexec Overview Introduction to Kdump What is Kdump? Kdump Kernels The Crash Utility Xen Porting Effort Kexec under Xen Kdump under Xen The Dumpread Tool Partial Dumps Current Status Magnus Damm ([email protected]) Kexec / Kdump Xen Summit, September 2006 3 / 17 Kexec allows you to reboot from Linux into any kernel. as long as the new kernel doesn’t depend on the BIOS for setup. Introduction to Kexec What is Kexec? What is Kexec? “kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot but it is indepedent of the system firmware...” Configuration help text in Linux-2.6.17 Magnus Damm ([email protected]) Kexec / Kdump Xen Summit, September 2006 4 / 17 . as long as the new kernel doesn’t depend on the BIOS for setup. Introduction to Kexec What is Kexec? What is Kexec? “kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. -
Anatomy of Linux Loadable Kernel Modules a 2.6 Kernel Perspective
Anatomy of Linux loadable kernel modules A 2.6 kernel perspective Skill Level: Intermediate M. Tim Jones ([email protected]) Consultant Engineer Emulex Corp. 16 Jul 2008 Linux® loadable kernel modules, introduced in version 1.2 of the kernel, are one of the most important innovations in the Linux kernel. They provide a kernel that is both scalable and dynamic. Discover the ideas behind loadable modules, and learn how these independent objects dynamically become part of the Linux kernel. The Linux kernel is what's known as a monolithic kernel, which means that the majority of the operating system functionality is called the kernel and runs in a privileged mode. This differs from a micro-kernel, which runs only basic functionality as the kernel (inter-process communication [IPC], scheduling, basic input/output [I/O], memory management) and pushes other functionality outside the privileged space (drivers, network stack, file systems). You'd think that Linux is then a very static kernel, but in fact it's quite the opposite. Linux can be dynamically altered at run time through the use of Linux kernel modules (LKMs). More in Tim's Anatomy of... series on developerWorks • Anatomy of Linux flash file systems • Anatomy of Security-Enhanced Linux (SELinux) • Anatomy of real-time Linux architectures • Anatomy of the Linux SCSI subsystem • Anatomy of the Linux file system • Anatomy of the Linux networking stack Anatomy of Linux loadable kernel modules © Copyright IBM Corporation 1994, 2008. All rights reserved. Page 1 of 11 developerWorks® ibm.com/developerWorks • Anatomy of the Linux kernel • Anatomy of the Linux slab allocator • Anatomy of Linux synchronization methods • All of Tim's Anatomy of.. -
Red Hat Enterprise Linux Roadmap
RED HAT ENTERPRISE LINUX ROADMAP Ron Pacheco Perry Myers Director, Red Hat Enterprise Linux Senior Director, Red Hat Enterprise Linux Product Management Engineering 8 May, 2019 AGENDA Recap RHEL 8 announcement Red Hat® Enterprise Linux® roadmap Customer problems and solutions A few new things on the horizon Q&A RHEL 8 ANNOUNCEMENT Red Hat Insights with all RHEL subscriptions Application Streams Red Hat Enterprise Linux web console Red Hat Enterprise Linux System Roles “What’s new in Red Hat Enterprise Linux 8” - Wednesday 4:30 - 5:15 PM RED HAT INSIGHTS Included with your Red Hat Enterprise Linux subscription RED HAT INSIGHTS Automated, experience driven, proactive guidance for customer success Continuous identification of new risks driven by unique industry data DISCOVER VALIDATE Based on real-world results from millions of enterprise deployments 1,000,000+ 100,000+ solved cases Unique solutions No new infrastructure to manage Integrates with tools you already have ANALYTICS RESOLVE MACHINE LEARNING AUTOMATION “85% of critical issues raised to Red Hat® support are already known to Red Hat or our partners.” — RED HAT GLOBAL SUPPORT SERVICES “Getting Started with Red Hat Insights” - (recording) Tuesday 3:45 - 4:30 PM KEY RISKS DISCOVERED Tailored resolution steps included for resolution Performance issue Recommended action Network interface is not performing Check cable, connections, and remote at maximum speed switch settings Security risk detected Recommended action Privilege escalation Apply mitigation and update the kernel Availability Recommended action OpenShift operations fail if insufficient Increase CPU and/or memory CPU or memory reservation Stability Recommended action Filesystem has exceeded Increase free space on the host. -
Protecting Your Linux Systems with Oracle Ksplice
Staying Ahead of Cyberthreats: Protecting Your Linux Systems with Oracle Ksplice The Advantages Of Zero-Downtime Patching April 23, 2020 Copyright © 2020, Oracle and/or its affiliates Public TABLE OF CONTENTS Introduction 2 Why Patching Matters 2 About Oracle Ksplice 3 Other Benefits 3 Conclusion 4 Learn More 4 1 WHITE PAPER | Staying Ahead of Cyberthreats: Protecting Your Linux Systems Copyright © 2020, Oracle and/or its affiliates |Public INTRODUCTION IT systems require regular patching for security, performance, and compliance reasons. For Linux operating system (OS) kernel updates, which include “Availability requirements important new security enhancements and bug fixes, releases happen about 1 are on the rise for once per month. These updates help keep systems current with the latest organizations undergoing innovations. However, manually patching systems has many inherent digital transformations. challenges and difficulties which tends to delay their timely application. For this Downtimes are costly, reason, zero-downtime patching solutions for Linux, like Oracle Ksplice, are with unplanned becoming essential tools. In this paper, Oracle Ksplice’s capabilities and many infrastructure downtimes advantages are explained. costing $100,000 per hour on an average. With Why Patching Matters the possibility of every organization being a Inadequate patch management can leave loopholes in the IT infrastructure leading to target for cyberattacks various security and performance issues. Ideally, patches should be applied shortly after and attackers moving very release to ensure the latest system protections. Patching typically requires downtime quickly to exploit system which, depending on operations, can require weeks or months of advanced planning. vulnerabilities, IDC Most Linux patching also traditionally happens at the disk level for file systems, which has recommends several disadvantages. -
Kdump, a Kexec-Based Kernel Crash Dumping Mechanism
Kdump, A Kexec-based Kernel Crash Dumping Mechanism Vivek Goyal Eric W. Biederman Hariprasad Nellitheertha IBM Linux NetworkX IBM [email protected] [email protected] [email protected] Abstract important consideration for the success of a so- lution has been the reliability and ease of use. Kdump is a crash dumping solution that pro- Kdump is a kexec based kernel crash dump- vides a very reliable dump generation and cap- ing mechanism, which is being perceived as turing mechanism [01]. It is simple, easy to a reliable crash dumping solution for Linux R . configure and provides a great deal of flexibility This paper begins with brief description of what in terms of dump device selection, dump saving kexec is and what it can do in general case, and mechanism, and plugging-in filtering mecha- then details how kexec has been modified to nism. boot a new kernel even in a system crash event. The idea of kdump has been around for Kexec enables booting into a new kernel while quite some time now, and initial patches for preserving the memory contents in a crash sce- kdump implementation were posted to the nario, and kdump uses this feature to capture Linux kernel mailing list last year [03]. Since the kernel crash dump. Physical memory lay- then, kdump has undergone significant design out and processor state are encoded in ELF core changes to ensure improved reliability, en- format, and these headers are stored in a re- hanced ease of use and cleaner interfaces. This served section of memory. Upon a crash, new paper starts with an overview of the kdump de- kernel boots up from reserved memory and pro- sign and development history. -
Technology Overview New Features Backupedge
Technology Overview - BackupEDGE™ Introduction to the New Features in BackupEDGE 3.x Technology Overview BackupEDGE has a long history of providing reliable data protection for New Features many thousands of users. As operating systems, storage devices and BackupEDGE 3.x usage needs and tendencies have changed over the years, it has continuously met the challenge of providing inexpensive, stable backup and disaster recovery on a variety of UNIX and Linux platforms. Clients routinely find new and clever ways to utilize products. Storage devices have taken on new and exciting features, and incredible capacities. Products designed years ago had built-in limits that were thought to be beyond comprehension. Today, these limits are routinely exceeded. The need for data security is even more apparent. We’re constantly asking our To continue to meet the evolving needs of our clients, we are always clients what tools our asking what features of our products they find most useful, what products need to serve them improvements we can make, and what new requirements they have. better. We’ve used this knowledge to map out new product strategies designed to anticipate the needs of the next generation of users, systems and storage products. This has resulted in the creation of BackupEDGE 3.x, with a combination of internal improvements, new features and enhanced infrastructure designed to become the backbone of a new generation of storage software. Summary of Major Changes and Additions BackupEDGE 3.x features include: • Improvements to partition sizing, UEFI table cleanup after DR, and SharpDrive debugging (03.04.01 build 3). • Support for Rocky Linux 8.4 and AlmaLinux 8.4 (03.04.01 build 2). -
Select Red Hat Vs. Canonical When Building a Private Cloud
SELECT RED HAT VS. CANONICAL WHEN BUILDING A PRIVATE CLOUD COMPETITIVE REVIEW BUSINESS CHALLENGES “Red Hat offers us a cloud solution that can Executives recognize that inflexible datacenter infrastructures make it difficult for IT organizations to support dynamic business priorities. However, balancing competitive pressures for innovative be integrated with our solutions against the need to work around unresponsive and unmanageable IT resources results previous infrastructure, in only incremental improvements. One way to bridge this gap is to use private clouds. While without the need to many companies are turning to OpenStack® technology, they understand that OpenStack alone demount what we is not enough. Companies need solutions that work together and are backed by enterprise-class support—from the hypervisor and operating system to the application layer—to help ensure their already had in place IT infrastructures can meet service-level agreements and support business priorities. to continue moving PRODUCT OVERVIEW forward.” Red Hat’s cloud portfolio is helping universities like NTU and telecom enterprises like Telefónica SARA ISABEL RUBIO, build cloud infrastructures that can flex to meet their dynamic business requirements. Red Hat® GLOBAL PLATFORMS OPERATION ® AND SECURITY, TELEFÓNICA GLOBAL Enterprise Linux OpenStack Platform, a massively scalable Infrastructure-as-a-Service SOLUTIONS (IaaS) offering, is the foundation of that portfolio. Built on OpenStack technology and Red Hat Enterprise Linux, the solution lets IT staff take advantage of the largest and fastest-growing We evaluated Red Hat open source cloud infrastructure project, while maintaining security, stability, and enterprise “ readiness. Cloud Infrastructure to be one of the most MORE THAN JUST OPENSTACK 1 versatile and complete OpenStack depends on Linux to provide: cloud solutions • The operating environment for OpenStack components. -
Linux Distribution - a Linux OS Platform Information API Release 1.3.0
Linux Distribution - a Linux OS platform information API Release 1.3.0 Nir Cohen, Andreas Maier Sep 04, 2018 Contents 1 Overview and motivation 3 2 Compatibility 5 3 Data sources 7 4 Access to the information 9 5 Consolidated accessor functions 11 6 Single source accessor functions 17 7 LinuxDistribution class 19 8 Normalization tables 23 9 Os-release file 25 10 Lsb_release command output 27 11 Distro release file 29 Python Module Index 31 i ii Linux Distribution - a Linux OS platform information API, Release 1.3.0 Official distro repository: distro official repo Contents 1 Linux Distribution - a Linux OS platform information API, Release 1.3.0 2 Contents CHAPTER 1 Overview and motivation The distro package (distro stands for Linux Distribution) provides information about the Linux distribution it runs on, such as a reliable machine-readable distro ID, or version information. It is the recommended replacement for Python’s original platform.linux_distribution() function, but it provides much more functionality. An alternative implementation became necessary because Python 3.5 deprecated this function, and Python 3.8 will remove it altogether. Its predecessor function platform.dist() was already deprecated since Python 2.6 and will also be removed in Python 3.8. Still, there are many cases in which access to OS distribution information is needed. See Python issue 1322 for more information. If you want to jump into the API description right away, read about the consolidated accessor functions. 3 Linux Distribution - a Linux OS platform information API, Release 1.3.0 4 Chapter 1. Overview and motivation CHAPTER 2 Compatibility The distro package is supported on Python 2.7, 3.4+ and PyPy, and on any Linux or *BSD distribution that provides one or more of the data sources used by this package.