To harden a server or simply reduce its security footprint, it is very useful to get a list of the main processes running. However, it is not an obvious task to get a synthetic view like this.
Using a command like ps -edf brings too much information and doesn’t really help you.
I recently came across the pstree command and found it quite useful.
First, install the psmisc package available in the base repository:
# yum install -y psmisc
Then, execute the pstree command:
As the test was performed on a virtual machine, I could quickly see that the smartd daemon (part of the smartmontools package) was running. This daemon monitors disk health: this is completely useless in a virtual environment where all disks are already managed by the host or a dedicated storage subsystem.
# systemctl disable --now smartd
# yum remove -y smartmontools
I hope you find this tool as useful as I found it.
Today, Red Hat announced the official release of RHEL 7.4.
To know more about this new version you can read a summary of the RHEL 7.4 changes or the RHEL 7.4 Release Notes.
Several points can be highlighted:
- docker overlay graph driver with SELinux in enforcing mode is now supported,
- OpenSSL update (1.0.2k) brings support for ALPN & native HTTP/2,
- System Security Services Daemon (SSSD) in a container is now fully supported,
- Identity Management (IdM) server container is available as a Technology Preview feature,
- OpenLDAP & Btrfs are deprecated and will be removed in future RHEL major versions.
Many technical articles were published in the last two months:
- OpenShift / Kubernetes:
- Standard Operating Environment: Part 1 / Part 2 / Part 3,
- What’s new in MACsec: setting up MACsec using wpa_supplicant and NetworkManager,
- How To Setup A Redis Server Cluster on Red Hat,
- The need for speed and the kernel datapath – recent improvements in UDP packets processing,
- Short Retry vs Long Retry in Apache Camel,
- Scaling Sync,
- Bastion Hosts and Custom SSH Configurations,
- Easily secure your Spring Boot applications with Keycloak,
- Secure your webserver with improved Certbot,
- How-to setup a 3scale AMP on-premise all-in-one install,
- Installing eBPF tools, bcc and ply on CentOS 7.
Note: Two objectives have recently been removed from the RHCSA exam:
- Install RHEL using Kickstart,
- Configure a physical machine to host virtual guests.
This means that you don’t need to learn KVM or Kickstart anymore to pass the RHCSA exam, using Virtual Box is enough.
Until one or two years there was almost no online trainings for the RHCSA & RHCE 7 certifications.
You had to take Red Hat classes or study by yourself through books.
Now, companies like EdX, Udemy and LinuxAcademy to name some of the most known have started to create good contents.
You can now find most of them in the dedicated RHEL 7 online training page.
If you like containers, at some point you will deploy them into production. And you will need a dedicated server to host them.
Atomic Host is the RedHat solution for this.
It is a lightweight version of RHEL/CentOS 7 (there is also a Fedora version) where :
- only the /etc and /var directories are writable,
- all the OS can be upgraded or rolled back atomically (hence the name) through the rpm-ostree mechanism,
- there is no yum command nor man pages.
Take the time to discover this new animal through the Atomic Host tutorial.
I don’t know if you have already heard about CPU governor.
With the global warming, IT culture should integrate the various mechanisms available for reducing computer consumption.
In a perfect world, during the idle periods servers should adjust their clock frequency to get significant power saving. They should even stop through some scalability mechanisms if possible.
If you think a better understanding of technology can help our earth, have a look at the CPU governor tutorial.
At the Red Hat annual summit the main planned features of RHEL 7.4 were disclosed.
You can find them in a dedicated page.
In addition, as of today, the RHEL 7.4 Beta has been released. Release notes are available here.
Also, new interesting Red Hat summit presentations were published this week:
Similarly, new Red Hat summit videos were released:
Of particular interest for exam candidates two labs were published:
Finally, several technical articles were recently posted:
- Ten layers of container security,
- Deploying CloudForms at Scale,
- Devops with OpenShift,
- AWS and Red Hat – Digging a Little Deeper,
- Kubernetes deep dive: API Server – part 1,
- Auto Scaling,
- Best Cloud Tools for Infrastructure Automation,
- Breaking up the Container Monolith,
- CPU Utilization is Wrong,
- Truly Seemless Reloads with HAProxy – No more Hacks!
- Kubernetes: The smart person’s guide,
- It takes more than a Circuit Breaker to create a resilient application,
- Quick reference for the Foreman installation under CentOS 7,
- NetworkManager changes and improvements,
- Basic Best Practices for Securing LDAP and Active Directory with Red Hat,
- What’s new in Red Hat OpenStack Platform 11?,
- Fighting Service Latency in Microservices with Kubernetes,
- Accelerate EDB Postgres Advanced Server with HPE Persistent Memory on HPE ProLiant servers,
- WannaCry Ransomware: Who It Affected and Why It Matters.
Happy reading, watching, and labbing!
The annual Red Hat summit 2017 happened last week.
The first videos are available on the Red Hat summit channel on Youtube.
Some presentations have already been published about:
- the Red Hat security roadmap,
- the Red Hat Ceph storage roadmap,
- the Red Hat CloudForms roadmap,
- the Red Hat Cloud Suite roadmap,
- the Red Hat Virtualization and KVM roadmaps,
- the Red Hat JBOSS BPM roadmap,
- Lessons learned with microservices,
- Developing real time intelligent applications with in-memory data management,
- The new OS model coming with Kubernetes and Docker,
- Hyper-Converged Infrastructure in OpenStack,
- Heterogeneous Memory Management,
- OpenShift for Operations,
- Reactive programming with Vert.x,
- Monitoring Java application performance using Thermostat,
- High availability for Red Hat Virtualization Manager,
- Demystifying systemd,
- JBoss AMQ 7,
- Utilizing persistent memory to improve database performance,
- Identity Management and Compliance in OpenShift,
- Choosing the right storage for your OpenStack cloud,
- DevSecOps the open source way,
- Node.js for building modern applications,
- Flexible, software-defined networking infrastructure,
- Common sense approaches to cloud security,
- Tuning Red Hat products for databases,
- Performance analysis and tuning of Red Hat Enterprise Linux,
- Building a fast and scalable architecture for SKY TV Video Encoding with Openshift Container Platform and Red Hat Gluster Storage,
- Security Enhanced Linux for mere Mortals,
- Red Hat Satellite Power User Tips and Tricks,
- HA Clustering with Red Hat Enterprise Linux 7.
Besides presentations you can also practice through:
More videos will progressively be released but be patient: last year it took Red Hat 3 months to publish most of the Red Hat Summit 2016 videos due to a problem with one of its subcontractors!
Until recently I didn’t know what was exactly the Cockpit project.
I thought it was a new complicated panel for administrators looking for a GUI.
Difficult to install, to maintain, to understand …
In fact, it is just the contrary: easy to use with a zero memory and process footprint!
Take the time to discover the Cockpit project through the Cockpit tutorial, you won’t be disappointed.