ProHoster > Blog > wararka internetka > Siideynta qaybinta shirkadda Red Hat Enterprise Linux 8.9

Siideynta qaybinta shirkadda Red Hat Enterprise Linux 8.9

Ka dib markii la sii daayay shirkadda Red Hat Enterprise Linux 9.3, oo ah cusbooneysiin lagu sameeyay laantii hore ee Red Hat Enterprise, ayaa la daabacay. Linux 8.9, kaas oo la ilaalinayo iyadoo la barbar dhigayo laanta RHEL 9.x waxaana la taageeri doonaa ilaa ugu yaraan 2029. Dhismayaasha rakibidda waxaa loo diyaariyey qaab-dhismeedka x86_64, s390x (IBM System z), ppc64le iyo Aarch64, laakiin waxaa loo heli karaa oo keliya dadka iska diiwaan geliyay ee Mareegta Macaamiisha Red Hat (sawirrada ISO sidoo kale waa la isticmaali karaa). CentOS Ku shub 9 iyo dhismayaal bilaash ah oo RHEL ah oo loogu talagalay horumariyayaasha).

Sida laanta RHEL 9, koodhka isha ee xirmooyinka RHEL 8 RPM mar dambe si guud looma qaybiyo iyada oo loo marayo kaydka Git. CentOS, laakiin macaamiisha shirkadda ayaa heli kara iyada oo loo marayo qayb xiran oo ka mid ah mareegaha, taas oo ku xiran heshiiska isticmaalaha (EULA) oo mamnuucaya dib-u-qaybinta xogta. Koodhka isha waxaa laga heli karaa kaydka. CentOS Daawashada, laakiin si buuxda looma wada shaqayn RHEL mana laha noocyadii ugu dambeeyay ee xirmooyinka ee la mid ah kuwa ku jira RHEL. Rocky Linux, Oracle iyo SUSE waxay isku biireen oo hadda waxay soo saarayaan koodhka isha ee xirmooyinka RHEL ee sii deynta rpm iyagoo qayb ka ah mashruuca OpenELA. AlmaLinux loo beddelay isticmaalka kaydka CentOS Streamku wuxuu u oggolaanayaa kala duwanaansho yar oo ku saabsan dhaqanka (way ku kala duwanaan karaan heerka balastarrada shaqsiyeed), laakiin wuxuu ilaaliyaa iswaafajinta laba-geesoodka ah heerka ABI.

Diyaarinta sii deynta cusub ee Red Hat Enterprise Linux 8.x waxay raacdaa wareeg horumarineed iyadoo la sii daayo lixdii biloodba mar waqtiyo go'an. Ilaa 2024, laanta 8.x waxay ku jiri doontaa taageero buuxda, oo ay ku jiraan horumarin shaqo. Kadib, waxay u gudbi doontaa dayactirka, halkaas oo diiradda la saari doono hagaajinta cayayaanka iyo amniga, iyadoo horumarin yar la sameynayo oo la xiriira taageerada nidaamyada qalabka muhiimka ah.

Isbeddellada muhiimka ah:

  • Halabuurka waxaa ku jira noocyo cusub oo isku-dubarid iyo qalab loogu talagalay horumarinta: GCC Toolset 13, LLVM Toolset 16.0.6, Qalabka Rust 1.71.1, Go Toolset 1.20.10, Node.js 20, Valgrind 3.21, SystemTap 4.9, elfutils .0.189 21 -openjdk (java-17-openjdk, java-11-openjdk iyo java-1.8.0-openjdk ayaa sidoo kale sii wada dhoofinta).
  • Xirmooyinka nidaamka iyo server-ka la cusboonaysiiyay: samba 4.18.4, 389-ds-base 1.4.3.35, OpenSCAP 1.3.8, Grafana 9.2.10, opencryptoki 3.21.0, iproute 6.2.0, libnftnl 1.2.2, 1.7.2. Podman 4.6.
  • Taageerada bootinta qaabka UEFI ayaa lagu daray sawirada AMI ee jawiga daruuraha ee AWS EC2.
  • Halbeegga "inst.wait_for_disks" ayaa lagu daray shirarkii rakibaadda, kaas oo qeexaya wakhtiga sugitaanka ee faylka kickstart si uu u soo shubo ama darawaladu diyaar u noqdaan inta lagu jiro habka bootinta.
  • Faylasha kickstart-ka, ikhtiyaarro cusub oo "--ipv4-dns-search" iyo "--ipv6-dns-search" ayaa lagu daray amarka shabakadda si loo dejiyo aasaaska domain-yo tilmaamaha "raadinta" ee ku jira /etc/resolv.conf, iyo fursadaha "--ipv4-ignore-auto-dns" iyo "--ipv6-ignore-auto-dns" si aad u iska indhatirto soo celinta dejimaha DNS iyada oo loo marayo DHCP.
  • Si loo fududeeyo dhibaatooyinka qaladka, adeegga fapolicyd wuxuu ku daray gudbinta nambarada qaanuunka ee wicitaanada la diiday ee fanotify API.
  • ANSSI-BP-028 (Wakaaladda Qaranka Faransiiska ee Nabadgelyada Nidaamyada Macluumaadka) profile-yada amniga ayaa la cusboonaysiiyay nooca 2.0.
  • Taageerada dhacdooyinka FANOTIFY ayaa lagu daray agabka hanti dhawrka iyo goobaha fan_type (nooca dhacdada), fan_info (macluumaad la xidhiidha), sub_trust iyo obj_trust (heerarka aaminaadda mawduuca iyo shayga dhacdada) ayaa lagu kaydiyay diiwaanka.
  • Postfix hadda waxay awood u leedahay inay hubiso diiwaannada DNS SRV si loo go'aamiyo martida iyo dekedda server-ka boostada. server, kaas oo loo isticmaali doono gudbinta fariimaha. Sifadan la soo jeediyay waxaa loo isticmaali karaa kaabayaasha dhaqaalaha ee adeegsada adeegyada leh lambarrada dekedda shabakadda ee si firfircoon loo qoondeeyay si loo gudbiyo farriimaha iimaylka.
  • Adeegga vsftpd FTP wuxuu taageeraa isticmaalka borotokoolka TLS 1.3.
  • Xirmada koobabka-filters-ku waxay ku daraysaa darawal LF-to-CRLF kaas oo loo isticmaali karo in lagu beddelo "\n" (khadka feed) xarfaha "\r\n" soo afjaraya xariiqyada habaynta "\r\n".
  • Ammaanka goobaha adeegga nftables ee caadiga ah waa la xoojiyey. Xeerarka /etc/sysconfig/nftables/nat.nft waxaa ku jira silsilad cusub oo do_masquerade ah oo hubisa heerka randomization ee lambarrada dekedaha si loo yareeyo khatarta weerarka Dekadda Shadows (CVE-2021-3773).
  • NetworkManager hadda waxay taageertaa ikhtiyaarka "maya-aaaa" ee resolv.conf, kaas oo curyaaminaya weydiimaha DNS ee diiwaannada AAAA (xallinta cinwaanka IPv6 oo ku salaysan magaca martida). Adeegga nm-cloud-setup hadda wuxuu taageeraa habaynta AWS Red Hat Enterprise. Linux EC2 iyadoo la adeegsanayo calaamadaha IMDSv2 (Instance Metadata Service Version 2).
  • Si looga gaashaanto weerarada Specter v2 ee laxidhiidha fulinta malo awaalka ah ee tilmaamaha, qaabka AutoIBRS (Automatic Laan Restricted Speculation) ayaa lagu daray, oo lagu taageeray CPU-yada AMD ee ka bilaabmaya qoyska EPYC 9004 Genoa.
  • Laga soo bilaabo xudunta Linux 6.2 wuxuu soo galiyay darawalka Intel QAT isagoo taageero ka helaya aaladaha Intel Quick Assist Technology 401xx/402xx.
  • Lagu daray awoodda lagu qeexo UUID marka la abuurayo nidaamka faylka GFS2 (amarka "-U" ayaa lagu daray utility mkfs.gfs2).
  • FUSE3 waxay ku darsataa awooda lagu baabi'inayo gelitaanka hagaha iyada oo aan si toos ah loo furin dhibcaha buurta ee la xidhiidha gelitaankaas.
  • Awoodaha kooxaha iyo nidaamyada khaladaadka u dulqaadan waa la balaariyay: Taageerada habaynta siyaasadda ayaa lagu daray wakiilada ilaha IPaddr2 iyo IPsrcaddr. Taageerada EFS (Nidaamka Faylka Elastic ee Amazon) ayaa lagu daray ocf:wadnaha:Wakiilka nidaamka faylka. Taageerada borotokoolka SNMPv3 ayaa lagu daray wakiilka muunada digniinta_snmp.sh.
  • Isbeddellada ayaa lagu daray Glibc iyadoo la hagaajinayo si loo horumariyo waxqabadka nidaamyada leh Intel Xeon v5 CPUs.
  • Taageerada buuxda ee kaararka garaafyada Intel Arc A-Taxanaha gaarka ah (Alchemist ama DG2) ayaa la bixiyaa.
  • Waxaa lagu daray doorka nidaamka si loo maareeyo loona rakibo cutubyada habaysan. Door nidaam ayaa lagu daray rakibidda, habaynta, maaraynta iyo socodsiinta PostgreSQL DBMS. Door nidaam ayaa lagu daray xirmada Toolkit-ka, kaas oo fududeynaya qaabeynta diiwaan-hayaha Keylime iyo xaqiijiyaha, loo isticmaalo xaqiijinta xaqiiqada iyo si joogto ah loola socdo daacadnimada nidaamka dibadda. Taageerada qeexida, bedelida iyo tirtirida ipset-ka ayaa lagu daray doorka nidaamka dab-damiska. Doorarka nidaamka Podman, Kdump, Kaydinta iyo Microsoft SQL Server waa la balaariyay.
  • Taageero lagu daray faylalka muhiimka ah ee loo isticmaalo NetworkManager ilaa Cloud-init.
  • Podman wuxuu ku daraa taageerada weelasha la cufan iyadoo la isticmaalayo algorithmamka zstd. Waxaa lagu daray awoodda isticmaalka Quadlets si ay si toos ah uga soo saarto adeegyo nidaamsan sharraxaadda weelka. Qolfoofka podmansh ee lagu daray, kaas oo loo isticmaali karo beddelka /usr/bin/bash si loo bilaabo fadhiga isticmaalaha weelka dhexdiisa. Noocyada la cusboonaysiiyay ee Podman, Buildah, Skopeo, crun iyo runc.
  • Lagu daray xuduudaha taliska kernel-ka cusub: gather_data_sampling si loo xakameeyo qaabka looga hortagayo weerarrada GDS (Ururi Muunadeynta Xogta ama Hoos u dhaca iyo rdrand si loo qariyo taageerada tilmaamaha RDRAND.
  • Taageero qalab oo la ballaariyay. Darawallo lagu daray aaladaha shabakadda Thunderbolt/USB4 (thunderbolt_net) iyo adapters-ka wireless-ka ee Broadcom 802.11 (brcmfmac) oo loo bixiyay nidaamyada ARM64. Darawallo lagu daray aaladaha Bluetooth ee MediaTek, Microsoft Azure Network Adapter IB (mana_ib), Linux Darawalka Heerka Fiidiyowga ee USB (uvc), AMD SoundWire (soundwire-amd), DisplayPort Alternate Mode (typec_displayport), Virtio-mem (virtio_mem). Taageero la hagaajiyay oo loogu talagalay processor-rada Intel iyadoo lagu saleynayo microarchitecture-ka Meteor Lake.
  • Taageerada macmiilka ayaa loo dejiyay qaybaha xaqiijinta sigstore cryptographic: Rekor (Log kaydinta xogta badan ee lagu shaabadeeyay saxeexyada dhijitaalka ah) iyo Fulcio (nidaamka masuuliyiinta shahaado bixinta (root CAs) ee bixiya shahaadooyin cimri gaaban).
  • Bixinta sii socota ee taageerada tijaabada ah (Tijaabada Tiknoolajiyada) ee AF_XDP, XDP hardware offloading, Multipath TCP (MPTCP), MPLS (Multi-protocol Label Beddelka), DSA (dardariyaha qulqulka xogta), dracut, kexec reboot degdeg ah, nispor, DAX in ext4 iyo xfs, systemd-xalin, accel-config, igc, OverlayFS, Stratis, Software Guard Extensions (SGX), NVMe/TCP, DNSSEC, GNOME on ARM64 iyo IBM Z nidaamyada, AMD SEV ee KVM, Intel vGPU, Toolbox.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster