Security

How to manually copy SSH public keys to servers on Red Hat Enterprise Linux

How to manually copy SSH public keys to servers on Red Hat Enterprise Linux

We often use ssh-copy-id to copy ssh keys from our local Linux computers to RHEL servers in order to connect without typing in a password. This is not only for convenience; it enables you to script and automate tasks that involve remote machines.  Also, using ssh keys correctly is considered a best practice.  If you are conditioned to respond with your password every time you are prompted, you might not notice a prompt that isn’t legitimate (for example, spoofed).

What about when you can’t use ssh-copy-id or the target user ID doesn’t have a password (for example, an Ansible service user)? This article explains how to do it manually and avoid the common pitfall of forgetting to set the proper permissions.

Continue reading “How to manually copy SSH public keys to servers on Red Hat Enterprise Linux”

Share
Securing .NET Core on OpenShift using HTTPS

Securing .NET Core on OpenShift using HTTPS

In an effort to improve security, browsers have become stricter in warning users about sites that aren’t properly secured with SSL/TLS. ASP.NET Core 2.1 has improved support for HTTPS. You can read more about these enhancements in Improvements to using HTTPS. In this blog post, we’ll look at how you can add HTTPS to your ASP.NET Core applications deployed on Red Hat OpenShift.

Before we get down to business, let’s recap some OpenShift vocabulary and HTTPS fundamentals. If you are familiar, you can skip over these sections.

OpenShift, pods, services, routes, and S2I

OpenShift is a Kubernetes-based open-source container application platform. A Kubernetes pod is a set of containers that must be deployed on the same host. In most cases, a pod consists of a single container. When we run the same application in several pods, a service does the load balancing across those pods. A route makes a service accessible externally via a hostname.

Continue reading “Securing .NET Core on OpenShift using HTTPS”

Share
How to set up LDAP authentication for the Red Hat AMQ 7 message broker console

How to set up LDAP authentication for the Red Hat AMQ 7 message broker console

This post is a continuation of the series on Red Hat AMQ 7 security topics for developers and ops people started by Mary Cochran.  We will see how to configure LDAP authentication on a Red Hat AMQ 7 broker instance. In order to do so, we will go perform the followings actions:

  • Set up a simple LDAP server with a set of users and groups using Apache Directory Studio.
  • Connect Red Hat AMQ 7 to LDAP using authentication providers.
  • Enable custom LDAP authorization policies in Red Hat AMQ 7.

 

Continue reading “How to set up LDAP authentication for the Red Hat AMQ 7 message broker console”

Share
Securing apps and services with Keycloak (Watch DevNation Live video)

Securing apps and services with Keycloak (Watch DevNation Live video)

The video from the last DevNation Live: Securing apps and services with Keycloak is now available to watch online.  In this session, you will learn how to secure web/HTML5 applications, single-page and mobile applications, and services with Keycloak. Keycloak can be used to secure traditional monolithic applications as well as microservices and service mesh-based applications that need secure end-to-end authentication for all front- and back-end services. The examples in the video cover PHP, Node.js, and HTML/JavaScript.

Securing applications and services is no longer just about assigning a username and password. You need to manage identities. You need to integrate with legacy and external authentication systems to provide features that are in demand like social logins and single sign-on (SSO). Your list of other requirements may be long. But you don’t want to develop all of this yourself, nor should you.

Continue reading “Securing apps and services with Keycloak (Watch DevNation Live video)”

Share
How to enable sudo on Red Hat Enterprise Linux

How to enable sudo on Red Hat Enterprise Linux

You’ve probably seen tutorials that use sudo for running administrative commands as root. However when you try it, you get told your user ID is “not in the sudoers file, this incident will be reported.”  For developers, sudo can be very useful for running steps that require root access in build scripts.

This article covers:

  • How to configure sudo access on Red Hat Enterprise Linux (RHEL) and CentOS so you won’t need to use su and keep entering the root password
  • Configuring sudo to not ask for your password
  • How to enable sudo during system installation
  • Why sudo seems to work out of the box for some users and not others

Continue reading “How to enable sudo on Red Hat Enterprise Linux”

Share
Firewalld: The Future is nftables

Firewalld: The Future is nftables

Firewalld, the default firewall management tool in Red Hat Enterprise Linux and Fedora, has gained long sought support for nftables. This was announced in detail on firewalld’s project blog. The feature landed in the firewalld 0.6.0 release as the new default firewall backend.

The benefits of nftables have been outlined on the Red Hat Developer Blog:

There are many longstanding issues with firewalld that we can address with nftables that were not possible with the old iptables backend. The nftables backend allows the following improvements:

Continue reading “Firewalld: The Future is nftables”

Share
Setting up RBAC on Red Hat AMQ Broker

Setting up RBAC on Red Hat AMQ Broker

One thing that is common in the enterprise world, especially in highly regulated industries, is to have separation of duties. Role-based access controls (RBAC) have built-in support for separation of duties. Roles determine what operations a user can and cannot perform. This post provides an example of how to configure proper RBAC on top of Red Hat AMQ, a flexible, high-performance messaging platform based on the open source Apache ActiveMQ Artemis project.

In most of the cases, separation of duties on Red Hat AMQ can be divided into three primary roles:

  1. Administrator role, which will have all permissions
  2. Application role, which will have permission to publish, consume, or produce messages to a specific address, subscribe to topics or queues, or create and delete addresses.
  3. Operation role, which will have read-only permission via the web console or supported protocols

To implement those roles, Red Hat AMQ has several security features that need be configured, as described in the following sections.

Continue reading “Setting up RBAC on Red Hat AMQ Broker”

Share
Why Kubernetes is The New Application Server

Why Kubernetes is The New Application Server

Have you ever wondered why you are deploying your multi-platform applications using containers? Is it just a matter of “following the hype”? In this article, I’m going to ask some provocative questions to make my case for Why Kubernetes is the new application server.

You might have noticed that the majority of languages are interpreted and use “runtimes” to execute your source code. In theory, most Node.js, Python, and Ruby code can be easily moved from one platform (Windows, Mac, Linux) to another platform. Java applications go even further by having the compiled Java class turned into a bytecode, capable of running anywhere that has a JVM (Java Virtual Machine).

The Java ecosystem provides a standard format to distribute all Java classes that are part of the same application. You can package these classes as a JAR (Java Archive), WAR (Web Archive), and EAR (Enterprise Archive) that contains the front end, back end, and libraries embedded. So I ask you: Why do you use containers to distribute your Java application? Isn’t it already supposed to be easily portable between environments?

Continue reading “Why Kubernetes is The New Application Server”

Share
Using .NET Core in a “Disconnected” Environment

Using .NET Core in a “Disconnected” Environment

Security is a very important consideration when running your custom middleware applications.  The internet can be an unfriendly place.

Sometimes middleware users have a requirement for their software to run in a “‘disconnected” environment, which is one where the network is not routed to addresses outside the one the local node is on—in other words, no internet.

Continue reading “Using .NET Core in a “Disconnected” Environment”

Share
Red Hat Summit 2018: Develop Secure Apps and Services

Red Hat Summit 2018: Develop Secure Apps and Services

Red Hat Summit 2018 will focus on modern application development. A critical part of modern application development is of course securing your applications and services. Things were challenging when you only needed to secure a single monolithic application. In a modern application landscape, you’re probably looking at building microservices and possibly exposing application services and APIs outside the boundaries of your enterprise. In order to deploy cloud-native applications and microservices you must be able to secure them. You might be faced with the challenge of securing both applications and back-end services accessed by mobile devices while using third party identity providers like social networks. Fortunately, Red Hat Summit 2018 has a number of developer-oriented sessions where you can learn how to secure your applications and services, integrate single-sign on, and manage your APIs. Session highlights include:

Continue reading “Red Hat Summit 2018: Develop Secure Apps and Services”

Share