Insights Security

Published
When it comes to system maintenance and management, the most important aspect would be to keep all
operating systems as safe and secure as possible. Exactly here Red Hat Insights steps in - it helps users to
achieve this in an easy and quite convenient way. Since Red Hat Summit 2020, Red Hat Insights (Insights is
included in all RHEL subscriptions) has extended capabilities to manage operational efficiency and security
risks. So, which RHEL security related features does Red Hat Insights offer ? Well, here is a short overview :

  • Advisor - detects existing security issues on RHEL systems and recommends solutions to remediate.
  • Compliance - analyzes the level of a RHEL system environment compliance to an OpenSCAP policy.
  • Drift - compares RHEL hosts to each other in order to identify and further troubleshoot differences.
  • Patch - determines which product advisories may apply to an organization's specific RHEL instances.
  • Policies - enable organizations to define and monitor for specific policies being important internally.
  • Vulnerability - reports and remediates on CVEs that impact RHEL systems (in cloud or on-premises).
So far the facts, but nothing can tell more about the usefulness of Insights than a "real-world-example".
After running insights-client on a RHEL workstation, Insights Advisor reported an issue with the firewall.

Knowledgebase article Changes in firewalld related to Zone Drifting explains "Due to the possibility that
existing Red Hat Enterprise Linux installations are relying on the zone drift behaviour above, a new con-
figuration option named AllowZoneDrifting has been introduced."
 
Insights Advisor explains "A tenant of zone based firewalls is that packets enter one and only one zone.
When firewall zone drifting is enabled, packets are allowed to go to multiple zones. This is a violation of
zone based firewalls and packets could be allowed unexpectedly." 
 
To my surprise the default setting on RHEL 7 and 8 is enabled ... upstream default setiing is disabled.
I edited /etc/firewalld/firewalld.conf and changed  AllowZoneDrifting=yes to AllowZoneDrifting=no.
Note : Advisor reports this issue only when there is more than one zone active on the RHEL system !
 
Now the big question : Would anyone have been aware of this ? I guess not ... who would check all
configuration settings in every configuration file on each system ? I assume nobody ! This example
shows nicely how useful the SaaS solution Red Hat Insights can be.
 
Additional information :

About Me

I am using Red Hat based IT products - they provide absolute reliability, maximum
security, proper performance and also grant access to a huge amount of software.

I am running the latest editions of CentOS, Fedora, and Red Hat Enterprise Linux
server and workstation operating systems on physical and virtual machines (VM).

My dedicated capabilities and interests are : backup solutions & disaster recovery,
hardware drivers, infrastructure deployment, storage management, virtualization

Disclaimer

The content of the site is monitored continuously. If unintentionally rights of organizations, persons
or things will be violated, I ask for information, so that this deficiency can be corrected immediately.

All Red Hat images, logos and trademarks displayed on this website are the property of Red Hat, Inc.
I assume no liability for external links, the owners of those websites are responsible for the content.