SlideShare a Scribd company logo

Introducing Oracle Linux and Securing It With ksplice

L
LF Events

Oracle Linux is expanding its share in the enterprise market. Not only as a RHEL compatible OS, it has variety of functions that will interest enterprise system admins. Ksplice is one of its attractive function, in this session we will show you how life is going to be easier patching security vulnerability without rebooting system using Ksplice. This presentation was delivered at LinuxCon Japan 2016 by Fumiyasu Ishibashi

Technology
1 of 32
Download to read offline
Introducing Oracle Linux and Securing it with Ksplice July 14 2016 Oracle Japan Global Business Unit Oracle Linux and Oracle VM Sales Principal Sales Consultant Fumiyasu Ishibashi
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Safe  Harbor  Statement   The  following  is  intended  to  outline  our  general  product  direcFon.  It  is  intended  for   informaFon  purposes  only,  and  may  not  be  incorporated  into  any  contract.  It  is  not  a   commitment  to  deliver  any  material,  code,  or  funcFonality,  and  should  not  be  relied  upon   in  making  purchasing  decisions.  The  development,  release,  and  Fming  of  any  features  or   funcFonality  described  for  Oracle’s  products  remains  at  the  sole  discreFon  of  Oracle.   2
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Agenda •  Summary  of  Oracle  Linux     •  Live  patching  with  Ksplice   3
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Summary  of  Oracle  Linux    
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Introducing Oracle Linux 5 Long history Linux support from 1998 Oracle distro 2006 Live patching for Kernel and userpace process One stop support 24x7 Supports exisiting RHEL and CentOS Dtrace,  OCFS2,  Clusterware・・・   Includes support for many Oracle softwares https://linux.oracle.com Oracle  Linux  Premium  Support   Sustaining   Support Oracle Linux Extended Support 10年 1年 1年 1年 無期限 RedHat Compatible Kernel Same glibc UEK(Unbreakable Enterprise Kernel) Non-Oracle Hardware supported Free to download Free to use Completely opensource Oracle Standard You can chose the kernel 100% Binary compatible Oracle Linux Support Endless support
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Oracle  Linux  Support  type 6 Ksplice  support   Oracle  Enterprise  Manager  free  of  use  and  support   Oracle  Clusterware  free  of  use  and  support   24x7  online  and  phone  support   Downloading  patch,  fixes,  erratas   Dtrace  support   Oracle  OpenStack  for  Oracle  Linux  support   LifeFme  Sustaining  Support   Oracle  Linux  Premier  Support Oracle  Linux  Basic  Support Login  account  for  ULN   Oracle  Linux  Network  Support Spacewalk  support  
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Oracle  Linux  SubscripFon  Pricing   •  Buy  support  for  the  systems  you   need  –  use  the  same  soware  with   updates  on  everything!       •  Oracle  only  counts  physical  sockets;   no  limit  on  cores  or  number  of   virtual  guests   Level   Price   Installable  binaries  and  errata   Free   Basic  Limited     (24x7,  unlimited  support)   (2  or  less  CPUs)   $499   Basic       (24x7,  unlimited  support)   (More  than  2  CPUs)   $1,199   Premier  Limited     (24x7,  unlimited  support)     (2  or  less  CPUs)   $1,399   Premier       (24x7,  unlimited  support)   (More  than  2  CPUs)   $2,299  
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Unbreakable  Linux  Network  (ULN)   h7ps://linux.oracle.com   8 Oracle version of RHN Portal site for Oracle Linux. Download rpm packages. Unbreakable Linux Network User‘s Guide •  How  to  register  your  server  to  ULN •  How  to  setup  a  ULN  mirror  site   (English) https://docs.oracle.com/cd/E37670_01/E39381/html/index.html (Japanese) https://docs.oracle.com/cd/E39368_01/b72803/index.html Switching from RHN to ULN https://linux.oracle.com/switch.html Free to use our public yum repo http://public-yum.oracle.com/
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Oracle  Linux  security  informaFon  on  ULN   •  Searching  Erratas,  CVEs   – hep://linux.oracle.com/errata/     – hep://linux.oracle.com/cve/     •  New  erratas  announced  through  the  mailing  list   – heps://oss.oracle.com/mailman/lisFnfo/el-­‐errata   9
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Live  patching  with  Ksplice
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice   Zero downtime patching Patching without rebooting the OS, services. Not only the kernel but also the userspace application like, glibc and openssl Rollback If something goes wrong with the new patch, you can rollback where the apps were fine! Also used for support, putting the debug kernel temporary. Fast errata release Since the patching data is complete under oracles control we provide the fully tested patches as fast as we can Oracle  ConfidenFal  –  Internal/Restricted/Highly  Restricted   11   Proven history Released from 2008 Joined Oracle from 2011
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Benefits from Ksplice   Vulnerability Easier to patch vulnerability issues Reducing administration work No more maintenance plan for patching. It can also automatically patch instead of you. Easier to solve problems In some case our support team will give you a Ksplice debug kernel patch so our support can collect more information to find the problem you have. Of course witout reboot Security Compliant It will be easier to be security compliant if you don’t need wait for pathing security fixes Oracle  ConfidenFal  –  Internal/Restricted/Highly  Restricted   12  
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Using  Ksplice  on-­‐line  or  off-­‐line •  Need  Oracle  Linux  Premiumer  Support   13 Ksplice  Server Ksplice  Client internet ULN Ksplice  Server Proxy internet ULN Ksplice  Client Ksplice  Server ULN  Mirror   (local  yum) internet ULN Ksplice   Client Ksplice  Server ULN  Mirror   (local  yum) internet ULN Ksplice   Client   (local  yum) copy Connect your server to the ULN via Proxy Offline from the local ULN repovia ULN mirror
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Technology   memory NewBug memory Before  ksplice Bug After  Ksplice  patching ① Insert  jump  to   ② ③ ④ ⑤
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Inspector •  heps://ksplice.oracle.com/inspector   •  Validate  the  patch  level  of  your  kernel;  Apply  the  patches  you  need     15
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Desktop hep://ksplice.oracle.com/try/desktop   •  Free  of  charge •  No  support     •  Ubuntu 16.04 Xenial •  Ubuntu 15.10 Wily •  Ubuntu 15.04 Vivid •  Ubuntu 14.04 LTS Trusty •  Ubuntu 12.04 LTS Precise   •  Fedora  22   •  Fedora  23   •  Fedora  24   16
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  GUI(Ubuntu  and  Fedora  only) 17
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  30  days  trial hep://ksplice.oracle.com/try/trial   •  Easy  register  and  use  it  for  30  days   •  RHEL  5,6,7  and  Oracle  Linux  5,6,7  supported   18
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Easy  installaFon •  Get  ULN  account(trial  or  Premier  support)   •  Register  your  server  to  ULN   •  Add  ksplice  channel  subscripFon  to  your  server  from  the  ULN  web  site.   •  Install  uptrack     •  Done.  No  reboot.   19 # yum install -y uptrack *  You  can  also  uninstall  it
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Command  Line  Tools  (1/4) •  uptrack-­‐show  command   •  List  the  kernel  patches  that  is  applied   uptrack-­‐show   # uptrack-show Installed updates: [guclwyc2] CVE-2012-0957: Information leak in uname syscall. [j4d07e02] Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery. [r8og1ec4] CVE-2013-1979: Privilege escalation with UNIX socket credentials. # # uptrack-show --available Available updates: [fiq04xbb] CVE-2013-2237: Information leak on IPSec key socket. [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. # •  With  the  –available opFon,  you  can  find  the  patches  that  are  available. Ksplice  ID
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Command  Line  Tools  (2/4) •  uptrack-­‐upgrade  command   Command  to  apply  all  patches  that  are  available. uptrack-­‐upgrade/uptrack-­‐install # uptrack-upgrade -y The following steps will be taken: Install [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Install [j4d07e02] Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery. Install [r8og1ec4] CVE-2013-1979: Privilege escalation with UNIX socket credentials. Install [fiq04xbb] CVE-2013-2237: Information leak on IPSec key socket. Install [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. Installing [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Installing [j4d07e02] Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery. Installing [r8og1ec4] CVE-2013-1979: Privilege escalation with UNIX socket credentials. Installing [fiq04xbb] CVE-2013-2237: Information leak on IPSec key socket. Installing [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. Your kernel is fully up to date. Effective kernel version is 2.6.39-400.215.13.el6uek # # uptrack-upgrade guclwyc2 -y The following steps will be taken: Install [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Installing [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Your kernel is fully up to date. # •  uptrack-install <Ksplice ID> will  make  you  apply  to  a  specific  patch  level
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Command  Line  Tools  (3/4) •  uptrack-remove command   You  can  remove  all  the  patches  applied  by  Ksplice. uptrack-­‐remove   # uptrack-remove -y The following steps will be taken: Remove [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Remove [j4d07e02] Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery. Remove [r8og1ec4] CVE-2013-1979: Privilege escalation with UNIX socket credentials. Remove [fiq04xbb] CVE-2013-2237: Information leak on IPSec key socket. Remove [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. # # uptrack-show Installed updates: None # •  uptrack-remove <Ksplice ID> You  can  also  can  rollback  to  the  level  you  want # uptrack-remove –y 9q4luou3 The following steps will be taken: Remove [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. #
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Command  Line  Tools  (4/4) •  The  uname  command  will  output  the  kernel  version  that  is  on  the  disk.  To   see  the  Ksplice  kernel  patch  level  use  uptrack-uname. uptrack-­‐uname   # uptrack-show Installed updates: None # uname -r 2.6.39-300.26.1.el6uek.x86_64 # uptrack-uname -r 2.6.39-300.26.1.el6uek.x86_64 # uptrack-upgrade -y The following steps will be taken: Install [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Install [j4d07e02] Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery. ... Installing [fiq04xbb] CVE-2013-2237: Information leak on IPSec key socket. Installing [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. Your kernel is fully up to date. Effective kernel version is 2.6.39-400.215.13.el6uek # uname -r 2.6.39-300.26.1.el6uek.x86_64 # uptrack-uname -r 2.6.39-400.215.13.el6uek.x86_64 Before  appling  any  Ksplice  patch ADer  appling  Ksplice  patch
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  configuraFon  file •  /etc/uptrack/uptrack.conf 24 •  You can set proxy server, https_proxy = https://proxy_URL:https_port •  If you want the patches automatically set yes,(default no). Ran by cron. autoinstall = yes •  If you set “yes” the kernel will be on the same patch level before the reboot(default yes) install_on_reboot = yes •  If you also want the new patches automatically applied after reboot set yes,(default no) upgrade_on_reboot = yes
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Uptrack  API  Tools •  RESTful  web  API   •  The  command  line  API  tools  are  included  with  the  Python  bindings  for  the   API  in  the  python-ksplice-uptrack  package.   •  The  details  are  describe  in  our  sites.   – hep://ksplice.oracle.com/uptrack/api   – heps://docs.oracle.com/cd/E37670_01/E39380/html/ol_kspapi.html   25
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Enhanced  Client •  New  feature  from  2015   •  Ksplice  Enhanced  client  can  patch  in-­‐memory  pages  of  Ksplice-­‐aware   shared  libraries.   •  Currently  for  glibc  and  openssl  user-­‐space  processes   •  Need  addiFon  packages  to  enable  Ksplice  Enhanced  client.   •  Also  need  to  update  the  system  to  install  the  Ksplice-­‐aware  versions  of  the   user-­‐space  libraries:   26 # yum install -y ksplice # yum update *glibc *openssl*
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Enhanced  Client  command  (1/3) 27 # ksplice all list-targets User-space targets: glibc-ISO8859-1-2.17.78.0.1.1.ksplice25.el7 └─ gnome-shell (3783) glibc-libutil-2.17.78.0.1.1.ksplice25.el7 ├─ firewalld (680) ├─ tuned (695) ├─ libvirtd (1492) ├─ sshd (1497) ├─ httpd (1503) ├─ httpd (1706) ├─ httpd (1707) ├─ abrt-applet (3980) ├─ tracker-miner-f (4040) ├─ gvfsd-trash (4062) ├─ sshd (29328) ├─ packagekitd (29465) └─ python (29679) ... Kernel version: Linux/x86_64/3.10.0-229.el7.x86_64/#1 SMP Fri Mar 6 04:05:24 PST 2015 ksplice all list-targets command display the running user-space processes that the client can patch ・・・  
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Enhanced  Client  command  (2/3) 28 # ksplice all show httpd (1706) httpd (1708) httpd (1707) rsyslogd (689) chronyd (705) httpd (1503) ├─ [h73qvumn]: CVE-2014-7817: Command execution in wordexp(). └─ [ml55ngz4]: CVE-2015-1781: Privilege escalation in gethostbyname_r(). Ksplice kernel updates installed: Installed updates: [rfywob9d] Clear garbage data on the kernel stack when handling signals. [6w5ho5e2] Provide an interface to freeze tasks. ksplice all show command: [89yjgn50] CVE-2015-3636: Memory corruption when unhashing IPv4 ping sockets. [g327jyvw] CVE-2015-2922: Denial-of-service of IPv6 networks when handling router advertisements. ・・・  
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Enhanced  Client  command  (3/3) 29 # ksplice all show httpd (1706) httpd (1708) httpd (1707) rsyslogd (689) chronyd (705) httpd (1503) ├─ [h73qvumn]: CVE-2014-7817: Command execution in wordexp(). └─ [ml55ngz4]: CVE-2015-1781: Privilege escalation in gethostbyname_r(). Ksplice kernel updates installed: Installed updates: [rfywob9d] Clear garbage data on the kernel stack when handling signals. [6w5ho5e2] Provide an interface to freeze tasks. ksplice all show command: [89yjgn50] CVE-2015-3636: Memory corruption when unhashing IPv4 ping sockets. [g327jyvw] CVE-2015-2922: Denial-of-service of IPv6 networks when handling router advertisements. ・・・  
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Demo •  Demo  environment 30 Ksplice  Server Ksplice  Client internet ULN VM  guest   (Virtual  Box) This  PC Oracle  Linux  6.2   vCPU  x1     RAM  4GB   Linux  Kernel   2.6.32-­‐220.el6.x86_64
Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   @ORCL_Linux   Facebook.com/ OracleLinux   Blogs.oracle.com/ linux   Oracle  Linux   Experts  Group   YouTube.com/   oraclelinuxchannel   Home  page:    oracle.com/linux   Ksplice  info:  ksplice.oracle.com   Download:    edelivery.oracle.com/linux   Learn  More  about  Oracle  Linux   Join  Our  CommuniPes,  Visit  Websites  For  More  InformaPon   ksplice-­‐support_ww@oracle.com    
Introducing Oracle Linux and Securing It With ksplice

Recommended

WebSphere App Server vs JBoss vs WebLogic vs Tomcat (InterConnect 2016)
WebSphere App Server vs JBoss vs WebLogic vs Tomcat (InterConnect 2016)WebSphere App Server vs JBoss vs WebLogic vs Tomcat (InterConnect 2016)
WebSphere App Server vs JBoss vs WebLogic vs Tomcat (InterConnect 2016)
Roman Kharkovski
 
FD.io VPP事始め
FD.io VPP事始めFD.io VPP事始め
FD.io VPP事始め
tetsusat
 
Jetson x Azure ハンズオン DeepStream Azure IoT
Jetson x Azure ハンズオン DeepStream Azure IoTJetson x Azure ハンズオン DeepStream Azure IoT
Jetson x Azure ハンズオン DeepStream Azure IoT
Deep Learning Lab(ディープラーニング・ラボ)
 
10分でわかる Cilium と XDP / BPF
10分でわかる Cilium と XDP / BPF10分でわかる Cilium と XDP / BPF
10分でわかる Cilium と XDP / BPF
Shuji Yamada
 
IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告
Kuniyasu Suzaki
 
JVMに裏から手を出す!JVMTIに触れてみよう(オープンソースカンファレンス2020 Online/Hiroshima 講演資料)
JVMに裏から手を出す!JVMTIに触れてみよう(オープンソースカンファレンス2020 Online/Hiroshima 講演資料)JVMに裏から手を出す!JVMTIに触れてみよう(オープンソースカンファレンス2020 Online/Hiroshima 講演資料)
JVMに裏から手を出す!JVMTIに触れてみよう(オープンソースカンファレンス2020 Online/Hiroshima 講演資料)
NTT DATA Technology & Innovation
 
IOS/IOS-XE 運用管理機能アップデート
IOS/IOS-XE 運用管理機能アップデートIOS/IOS-XE 運用管理機能アップデート
IOS/IOS-XE 運用管理機能アップデート
シスコシステムズ合同会社
 
DPDKによる高速コンテナネットワーキング
DPDKによる高速コンテナネットワーキングDPDKによる高速コンテナネットワーキング
DPDKによる高速コンテナネットワーキング
Tomoya Hibi
 

Recommended

WebSphere App Server vs JBoss vs WebLogic vs Tomcat (InterConnect 2016)
WebSphere App Server vs JBoss vs WebLogic vs Tomcat (InterConnect 2016)WebSphere App Server vs JBoss vs WebLogic vs Tomcat (InterConnect 2016)
WebSphere App Server vs JBoss vs WebLogic vs Tomcat (InterConnect 2016)
Roman Kharkovski
 
FD.io VPP事始め
FD.io VPP事始めFD.io VPP事始め
FD.io VPP事始め
tetsusat
 
Jetson x Azure ハンズオン DeepStream Azure IoT
Jetson x Azure ハンズオン DeepStream Azure IoTJetson x Azure ハンズオン DeepStream Azure IoT
Jetson x Azure ハンズオン DeepStream Azure IoT
Deep Learning Lab(ディープラーニング・ラボ)
 
10分でわかる Cilium と XDP / BPF
10分でわかる Cilium と XDP / BPF10分でわかる Cilium と XDP / BPF
10分でわかる Cilium と XDP / BPF
Shuji Yamada
 
IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告
Kuniyasu Suzaki
 
JVMに裏から手を出す!JVMTIに触れてみよう(オープンソースカンファレンス2020 Online/Hiroshima 講演資料)
JVMに裏から手を出す!JVMTIに触れてみよう(オープンソースカンファレンス2020 Online/Hiroshima 講演資料)JVMに裏から手を出す!JVMTIに触れてみよう(オープンソースカンファレンス2020 Online/Hiroshima 講演資料)
JVMに裏から手を出す!JVMTIに触れてみよう(オープンソースカンファレンス2020 Online/Hiroshima 講演資料)
NTT DATA Technology & Innovation
 
IOS/IOS-XE 運用管理機能アップデート
IOS/IOS-XE 運用管理機能アップデートIOS/IOS-XE 運用管理機能アップデート
IOS/IOS-XE 運用管理機能アップデート
シスコシステムズ合同会社
 
DPDKによる高速コンテナネットワーキング
DPDKによる高速コンテナネットワーキングDPDKによる高速コンテナネットワーキング
DPDKによる高速コンテナネットワーキング
Tomoya Hibi
 
自宅サーバ仮想化
自宅サーバ仮想化自宅サーバ仮想化
自宅サーバ仮想化
anubis_369
 
Kibanaでsysstatを可視化する
Kibanaでsysstatを可視化するKibanaでsysstatを可視化する
Kibanaでsysstatを可視化する
Kensuke Maeda
 
20分でわかるgVisor入門
20分でわかるgVisor入門20分でわかるgVisor入門
20分でわかるgVisor入門
Shuji Yamada
 
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
VirtualTech Japan Inc.
 
SDCCオープンネットワークのご紹介【2021/01版】
SDCCオープンネットワークのご紹介【2021/01版】SDCCオープンネットワークのご紹介【2021/01版】
SDCCオープンネットワークのご紹介【2021/01版】
ProjectDC-01
 
DevOpsにおけるAnsibleの立ち位置と使い所
DevOpsにおけるAnsibleの立ち位置と使い所DevOpsにおけるAnsibleの立ち位置と使い所
DevOpsにおけるAnsibleの立ち位置と使い所
Hidetoshi Hirokawa
 
できる!KickstartとAnsible!
できる!KickstartとAnsible!できる!KickstartとAnsible!
できる!KickstartとAnsible!
Wataru NOGUCHI
 
P4 Updates (2020) (Japanese)
P4 Updates (2020) (Japanese)P4 Updates (2020) (Japanese)
P4 Updates (2020) (Japanese)
Kentaro Ebisawa
 
【プライム・ストラテジー】ローカルLLMを複数組み合わてみた(インフラエンジニアのためのChatGPT入門LT)
【プライム・ストラテジー】ローカルLLMを複数組み合わてみた(インフラエンジニアのためのChatGPT入門LT)【プライム・ストラテジー】ローカルLLMを複数組み合わてみた(インフラエンジニアのためのChatGPT入門LT)
【プライム・ストラテジー】ローカルLLMを複数組み合わてみた(インフラエンジニアのためのChatGPT入門LT)
icebreaker4
 
HTTP/2 入門
HTTP/2 入門HTTP/2 入門
HTTP/2 入門
Yahoo!デベロッパーネットワーク
 
Wireguard 実践入門
Wireguard 実践入門Wireguard 実践入門
Wireguard 実践入門
Kazuhiro Nishiyama
 
eBPFを用いたトレーシングについて
eBPFを用いたトレーシングについてeBPFを用いたトレーシングについて
eBPFを用いたトレーシングについて
さくらインターネット株式会社
 
P4によるデータプレーンプログラミングとユースケースのご紹介
P4によるデータプレーンプログラミングとユースケースのご紹介P4によるデータプレーンプログラミングとユースケースのご紹介
P4によるデータプレーンプログラミングとユースケースのご紹介
Kumapone
 
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
Naoya Kaneko
 
Kubernetesによる機械学習基盤への挑戦
Kubernetesによる機械学習基盤への挑戦Kubernetesによる機械学習基盤への挑戦
Kubernetesによる機械学習基盤への挑戦
Preferred Networks
 
ネットワークスイッチ構築実践 2.STP・RSTP・PortSecurity・StormControl・SPAN・Stacking編
ネットワークスイッチ構築実践 2.STP・RSTP・PortSecurity・StormControl・SPAN・Stacking編ネットワークスイッチ構築実践 2.STP・RSTP・PortSecurity・StormControl・SPAN・Stacking編
ネットワークスイッチ構築実践 2.STP・RSTP・PortSecurity・StormControl・SPAN・Stacking編
株式会社 NTTテクノクロス
 
CEDEC2021 プランナーもハックしよう 業務効率化、ローコード開発とテクニカルプランナー
CEDEC2021 プランナーもハックしよう 業務効率化、ローコード開発とテクニカルプランナーCEDEC2021 プランナーもハックしよう 業務効率化、ローコード開発とテクニカルプランナー
CEDEC2021 プランナーもハックしよう 業務効率化、ローコード開発とテクニカルプランナー
SEGADevTech
 
次世代Webコンテナ Undertowについて
次世代Webコンテナ Undertowについて次世代Webコンテナ Undertowについて
次世代Webコンテナ Undertowについて
Yoshimasa Tanabe
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
PLUMgrid
 
Part 1: IoT 基盤 (製造リファレンス・アーキテクチャ勉強会)
Part 1: IoT 基盤 (製造リファレンス・アーキテクチャ勉強会)Part 1: IoT 基盤 (製造リファレンス・アーキテクチャ勉強会)
Part 1: IoT 基盤 (製造リファレンス・アーキテクチャ勉強会)
Takeshi Fukuhara
 
Caterpillar Supplier Code of Conduct - 2016 - C10756688
Caterpillar Supplier Code of Conduct - 2016 - C10756688Caterpillar Supplier Code of Conduct - 2016 - C10756688
Caterpillar Supplier Code of Conduct - 2016 - C10756688
CRLeeCat
 
Kamal_SAP_MM_WM_SD_SRM
Kamal_SAP_MM_WM_SD_SRMKamal_SAP_MM_WM_SD_SRM
Kamal_SAP_MM_WM_SD_SRM
Kamalakannan S
 

More Related Content

What's hot

What's hot (20)

自宅サーバ仮想化
自宅サーバ仮想化自宅サーバ仮想化
自宅サーバ仮想化
 
Kibanaでsysstatを可視化する
Kibanaでsysstatを可視化するKibanaでsysstatを可視化する
Kibanaでsysstatを可視化する
 
20分でわかるgVisor入門
20分でわかるgVisor入門20分でわかるgVisor入門
20分でわかるgVisor入門
 
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
 
SDCCオープンネットワークのご紹介【2021/01版】
SDCCオープンネットワークのご紹介【2021/01版】SDCCオープンネットワークのご紹介【2021/01版】
SDCCオープンネットワークのご紹介【2021/01版】
 
DevOpsにおけるAnsibleの立ち位置と使い所
DevOpsにおけるAnsibleの立ち位置と使い所DevOpsにおけるAnsibleの立ち位置と使い所
DevOpsにおけるAnsibleの立ち位置と使い所
 
できる!KickstartとAnsible!
できる!KickstartとAnsible!できる!KickstartとAnsible!
できる!KickstartとAnsible!
 
P4 Updates (2020) (Japanese)
P4 Updates (2020) (Japanese)P4 Updates (2020) (Japanese)
P4 Updates (2020) (Japanese)
 
【プライム・ストラテジー】ローカルLLMを複数組み合わてみた(インフラエンジニアのためのChatGPT入門LT)
【プライム・ストラテジー】ローカルLLMを複数組み合わてみた(インフラエンジニアのためのChatGPT入門LT)【プライム・ストラテジー】ローカルLLMを複数組み合わてみた(インフラエンジニアのためのChatGPT入門LT)
【プライム・ストラテジー】ローカルLLMを複数組み合わてみた(インフラエンジニアのためのChatGPT入門LT)
 
HTTP/2 入門
HTTP/2 入門HTTP/2 入門
HTTP/2 入門
 
Wireguard 実践入門
Wireguard 実践入門Wireguard 実践入門
Wireguard 実践入門
 
eBPFを用いたトレーシングについて
eBPFを用いたトレーシングについてeBPFを用いたトレーシングについて
eBPFを用いたトレーシングについて
 
P4によるデータプレーンプログラミングとユースケースのご紹介
P4によるデータプレーンプログラミングとユースケースのご紹介P4によるデータプレーンプログラミングとユースケースのご紹介
P4によるデータプレーンプログラミングとユースケースのご紹介
 
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
 
Kubernetesによる機械学習基盤への挑戦
Kubernetesによる機械学習基盤への挑戦Kubernetesによる機械学習基盤への挑戦
Kubernetesによる機械学習基盤への挑戦
 
ネットワークスイッチ構築実践 2.STP・RSTP・PortSecurity・StormControl・SPAN・Stacking編
ネットワークスイッチ構築実践 2.STP・RSTP・PortSecurity・StormControl・SPAN・Stacking編ネットワークスイッチ構築実践 2.STP・RSTP・PortSecurity・StormControl・SPAN・Stacking編
ネットワークスイッチ構築実践 2.STP・RSTP・PortSecurity・StormControl・SPAN・Stacking編
 
CEDEC2021 プランナーもハックしよう 業務効率化、ローコード開発とテクニカルプランナー
CEDEC2021 プランナーもハックしよう 業務効率化、ローコード開発とテクニカルプランナーCEDEC2021 プランナーもハックしよう 業務効率化、ローコード開発とテクニカルプランナー
CEDEC2021 プランナーもハックしよう 業務効率化、ローコード開発とテクニカルプランナー
 
次世代Webコンテナ Undertowについて
次世代Webコンテナ Undertowについて次世代Webコンテナ Undertowについて
次世代Webコンテナ Undertowについて
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Part 1: IoT 基盤 (製造リファレンス・アーキテクチャ勉強会)
Part 1: IoT 基盤 (製造リファレンス・アーキテクチャ勉強会)Part 1: IoT 基盤 (製造リファレンス・アーキテクチャ勉強会)
Part 1: IoT 基盤 (製造リファレンス・アーキテクチャ勉強会)
 

Viewers also liked

Caterpillar Supplier Code of Conduct - 2016 - C10756688
Caterpillar Supplier Code of Conduct - 2016 - C10756688Caterpillar Supplier Code of Conduct - 2016 - C10756688
Caterpillar Supplier Code of Conduct - 2016 - C10756688
CRLeeCat
 
Kamal_SAP_MM_WM_SD_SRM
Kamal_SAP_MM_WM_SD_SRMKamal_SAP_MM_WM_SD_SRM
Kamal_SAP_MM_WM_SD_SRM
Kamalakannan S
 
Linxu conj2016 96boards
Linxu conj2016 96boardsLinxu conj2016 96boards
Linxu conj2016 96boards
LF Events
 
Pragmatic Marketing: Building and Marketing Products People Love
Pragmatic Marketing: Building and Marketing Products People LovePragmatic Marketing: Building and Marketing Products People Love
Pragmatic Marketing: Building and Marketing Products People Love
Ellen Nyarko
 
Webinar slides: Become a MongoDB DBA - What to Monitor (if you’re really a My...
Webinar slides: Become a MongoDB DBA - What to Monitor (if you’re really a My...Webinar slides: Become a MongoDB DBA - What to Monitor (if you’re really a My...
Webinar slides: Become a MongoDB DBA - What to Monitor (if you’re really a My...
Severalnines
 
Generating a Reproducible and Maintainable Embedded Linux Environment with Po...
Generating a Reproducible and Maintainable Embedded Linux Environment with Po...Generating a Reproducible and Maintainable Embedded Linux Environment with Po...
Generating a Reproducible and Maintainable Embedded Linux Environment with Po...
LF Events
 
Best practices for MySQL High Availability
Best practices for MySQL High AvailabilityBest practices for MySQL High Availability
Best practices for MySQL High Availability
Colin Charles
 

Viewers also liked (17)

Caterpillar Supplier Code of Conduct - 2016 - C10756688
Caterpillar Supplier Code of Conduct - 2016 - C10756688Caterpillar Supplier Code of Conduct - 2016 - C10756688
Caterpillar Supplier Code of Conduct - 2016 - C10756688
 
Kamal_SAP_MM_WM_SD_SRM
Kamal_SAP_MM_WM_SD_SRMKamal_SAP_MM_WM_SD_SRM
Kamal_SAP_MM_WM_SD_SRM
 
Castigliano
CastiglianoCastigliano
Castigliano
 
HD WIRELESS FINAL PPT
HD WIRELESS FINAL PPTHD WIRELESS FINAL PPT
HD WIRELESS FINAL PPT
 
Linxu conj2016 96boards
Linxu conj2016 96boardsLinxu conj2016 96boards
Linxu conj2016 96boards
 
Pragmatic Marketing: Building and Marketing Products People Love
Pragmatic Marketing: Building and Marketing Products People LovePragmatic Marketing: Building and Marketing Products People Love
Pragmatic Marketing: Building and Marketing Products People Love
 
Welcome to the age of customer find win keep your customers
Welcome to the age of customer find win keep your customersWelcome to the age of customer find win keep your customers
Welcome to the age of customer find win keep your customers
 
API:World 2016 - Applying Domain Driven Design to APIs and Microservices
API:World 2016 - Applying Domain Driven Design to APIs and MicroservicesAPI:World 2016 - Applying Domain Driven Design to APIs and Microservices
API:World 2016 - Applying Domain Driven Design to APIs and Microservices
 
Estatica problemas resueltos 151118
Estatica problemas resueltos 151118Estatica problemas resueltos 151118
Estatica problemas resueltos 151118
 
Webinar slides: Become a MongoDB DBA - What to Monitor (if you’re really a My...
Webinar slides: Become a MongoDB DBA - What to Monitor (if you’re really a My...Webinar slides: Become a MongoDB DBA - What to Monitor (if you’re really a My...
Webinar slides: Become a MongoDB DBA - What to Monitor (if you’re really a My...
 
Festival de navidad
Festival de navidadFestival de navidad
Festival de navidad
 
Best practices for MySQL/MariaDB Server/Percona Server High Availability
Best practices for MySQL/MariaDB Server/Percona Server High AvailabilityBest practices for MySQL/MariaDB Server/Percona Server High Availability
Best practices for MySQL/MariaDB Server/Percona Server High Availability
 
Generating a Reproducible and Maintainable Embedded Linux Environment with Po...
Generating a Reproducible and Maintainable Embedded Linux Environment with Po...Generating a Reproducible and Maintainable Embedded Linux Environment with Po...
Generating a Reproducible and Maintainable Embedded Linux Environment with Po...
 
Best practices for MySQL High Availability
Best practices for MySQL High AvailabilityBest practices for MySQL High Availability
Best practices for MySQL High Availability
 
My Resume
My ResumeMy Resume
My Resume
 
Xgboost
XgboostXgboost
Xgboost
 
4g technology
4g technology4g technology
4g technology
 

Similar to Introducing Oracle Linux and Securing It With ksplice

Using MySQL in Automated Testing
Using MySQL in Automated TestingUsing MySQL in Automated Testing
Using MySQL in Automated Testing
Morgan Tocker
 

Similar to Introducing Oracle Linux and Securing It With ksplice (20)

MySQL London Tech Tour March 2015 - Oracle Linux / OVM
MySQL London Tech Tour March 2015 - Oracle Linux / OVMMySQL London Tech Tour March 2015 - Oracle Linux / OVM
MySQL London Tech Tour March 2015 - Oracle Linux / OVM
 
Netherlands Tech Tour - 04 Linux & OVM
Netherlands Tech Tour - 04 Linux & OVMNetherlands Tech Tour - 04 Linux & OVM
Netherlands Tech Tour - 04 Linux & OVM
 
Grow Your Business with Oracle Linux, Virtualization- BL v6.pdf
Grow Your Business with Oracle Linux, Virtualization- BL v6.pdfGrow Your Business with Oracle Linux, Virtualization- BL v6.pdf
Grow Your Business with Oracle Linux, Virtualization- BL v6.pdf
 
10 Razões para Usar MySQL em Startups
10 Razões para Usar MySQL em Startups10 Razões para Usar MySQL em Startups
10 Razões para Usar MySQL em Startups
 
New Not Your Father's Enterprise Manager
New Not Your Father's Enterprise ManagerNew Not Your Father's Enterprise Manager
New Not Your Father's Enterprise Manager
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!
 
Oracle Linux/Oracle VM & Oracle Cloud Overview
Oracle Linux/Oracle VM & Oracle Cloud OverviewOracle Linux/Oracle VM & Oracle Cloud Overview
Oracle Linux/Oracle VM & Oracle Cloud Overview
 
Change Management for Oracle Database with SQLcl
Change Management for Oracle Database with SQLcl Change Management for Oracle Database with SQLcl
Change Management for Oracle Database with SQLcl
 
Install Redis on Oracle Linux
Install Redis on Oracle LinuxInstall Redis on Oracle Linux
Install Redis on Oracle Linux
 
Mastering DevOps with Oracle
Mastering DevOps with Oracle Mastering DevOps with Oracle
Mastering DevOps with Oracle
 
Using MySQL in Automated Testing
Using MySQL in Automated TestingUsing MySQL in Automated Testing
Using MySQL in Automated Testing
 
Enterprise Ready OpenStack, Wiekus Beukes, Oracle
Enterprise Ready OpenStack, Wiekus Beukes, OracleEnterprise Ready OpenStack, Wiekus Beukes, Oracle
Enterprise Ready OpenStack, Wiekus Beukes, Oracle
 
Mysql repos testing.odp
Mysql repos testing.odpMysql repos testing.odp
Mysql repos testing.odp
 
Uk Linux Presentation Abhishek Kapoor
Uk Linux Presentation Abhishek KapoorUk Linux Presentation Abhishek Kapoor
Uk Linux Presentation Abhishek Kapoor
 
Oracle making openstack an enterprise grade solution
Oracle making openstack an enterprise grade solutionOracle making openstack an enterprise grade solution
Oracle making openstack an enterprise grade solution
 
Coding from Application Container Cloud to Oracle JET
Coding from Application Container Cloud to Oracle JETCoding from Application Container Cloud to Oracle JET
Coding from Application Container Cloud to Oracle JET
 
B4 making dev_ops_really_work
B4 making dev_ops_really_workB4 making dev_ops_really_work
B4 making dev_ops_really_work
 
Em13c features- HotSos 2016
Em13c features- HotSos 2016Em13c features- HotSos 2016
Em13c features- HotSos 2016
 
Why Upgrade to Oracle Database 12c?
Why Upgrade to Oracle Database 12c?Why Upgrade to Oracle Database 12c?
Why Upgrade to Oracle Database 12c?
 
OpenStack & MySQL
OpenStack & MySQLOpenStack & MySQL
OpenStack & MySQL
 

More from LF Events

Efficient kernel backporting
Efficient kernel backportingEfficient kernel backporting
Efficient kernel backporting
LF Events
 
Introduction to Open-O
Introduction to Open-OIntroduction to Open-O
Introduction to Open-O
LF Events
 
SR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and ImprovementSR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and Improvement
LF Events
 
Learning From Real Practice of Providing Highly Available Hybrid Cloud Servic...
Learning From Real Practice of Providing Highly Available Hybrid Cloud Servic...Learning From Real Practice of Providing Highly Available Hybrid Cloud Servic...
Learning From Real Practice of Providing Highly Available Hybrid Cloud Servic...
LF Events
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
LF Events
 
Trading Derivatives on Hyperledger
Trading Derivatives on HyperledgerTrading Derivatives on Hyperledger
Trading Derivatives on Hyperledger
LF Events
 
Containers: Don't Skeu Them Up, Use Microservices Instead
Containers: Don't Skeu Them Up, Use Microservices InsteadContainers: Don't Skeu Them Up, Use Microservices Instead
Containers: Don't Skeu Them Up, Use Microservices Instead
LF Events
 

More from LF Events (14)

Feature rich BTRFS is Getting Richer with Encryption
Feature rich BTRFS is Getting Richer with EncryptionFeature rich BTRFS is Getting Richer with Encryption
Feature rich BTRFS is Getting Richer with Encryption
 
KASan in a Bare-Metal Hypervisor
KASan in a Bare-Metal Hypervisor KASan in a Bare-Metal Hypervisor
KASan in a Bare-Metal Hypervisor
 
Efficient kernel backporting
Efficient kernel backportingEfficient kernel backporting
Efficient kernel backporting
 
Raspberry pi Update - Encourage your IOT
Raspberry pi Update - Encourage your IOTRaspberry pi Update - Encourage your IOT
Raspberry pi Update - Encourage your IOT
 
Introduction to Open-O
Introduction to Open-OIntroduction to Open-O
Introduction to Open-O
 
CNCF and Fujitsu
CNCF and FujitsuCNCF and Fujitsu
CNCF and Fujitsu
 
SR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and ImprovementSR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and Improvement
 
NVMe Over Fabrics Support in Linux
NVMe Over Fabrics Support in LinuxNVMe Over Fabrics Support in Linux
NVMe Over Fabrics Support in Linux
 
Taking over to the Next Generation
Taking over to the Next GenerationTaking over to the Next Generation
Taking over to the Next Generation
 
Learning From Real Practice of Providing Highly Available Hybrid Cloud Servic...
Learning From Real Practice of Providing Highly Available Hybrid Cloud Servic...Learning From Real Practice of Providing Highly Available Hybrid Cloud Servic...
Learning From Real Practice of Providing Highly Available Hybrid Cloud Servic...
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
Trading Derivatives on Hyperledger
Trading Derivatives on HyperledgerTrading Derivatives on Hyperledger
Trading Derivatives on Hyperledger
 
Boost UDP Transaction Performance
Boost UDP Transaction PerformanceBoost UDP Transaction Performance
Boost UDP Transaction Performance
 
Containers: Don't Skeu Them Up, Use Microservices Instead
Containers: Don't Skeu Them Up, Use Microservices InsteadContainers: Don't Skeu Them Up, Use Microservices Instead
Containers: Don't Skeu Them Up, Use Microservices Instead
 

Recently uploaded

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 

Recently uploaded (20)

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 

Introducing Oracle Linux and Securing It With ksplice

  • 1. Introducing Oracle Linux and Securing it with Ksplice July 14 2016 Oracle Japan Global Business Unit Oracle Linux and Oracle VM Sales Principal Sales Consultant Fumiyasu Ishibashi
  • 2. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Safe  Harbor  Statement   The  following  is  intended  to  outline  our  general  product  direcFon.  It  is  intended  for   informaFon  purposes  only,  and  may  not  be  incorporated  into  any  contract.  It  is  not  a   commitment  to  deliver  any  material,  code,  or  funcFonality,  and  should  not  be  relied  upon   in  making  purchasing  decisions.  The  development,  release,  and  Fming  of  any  features  or   funcFonality  described  for  Oracle’s  products  remains  at  the  sole  discreFon  of  Oracle.   2
  • 3. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Agenda •  Summary  of  Oracle  Linux     •  Live  patching  with  Ksplice   3
  • 4. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Summary  of  Oracle  Linux    
  • 5. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Introducing Oracle Linux 5 Long history Linux support from 1998 Oracle distro 2006 Live patching for Kernel and userpace process One stop support 24x7 Supports exisiting RHEL and CentOS Dtrace,  OCFS2,  Clusterware・・・   Includes support for many Oracle softwares https://linux.oracle.com Oracle  Linux  Premium  Support   Sustaining   Support Oracle Linux Extended Support 10年 1年 1年 1年 無期限 RedHat Compatible Kernel Same glibc UEK(Unbreakable Enterprise Kernel) Non-Oracle Hardware supported Free to download Free to use Completely opensource Oracle Standard You can chose the kernel 100% Binary compatible Oracle Linux Support Endless support
  • 6. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Oracle  Linux  Support  type 6 Ksplice  support   Oracle  Enterprise  Manager  free  of  use  and  support   Oracle  Clusterware  free  of  use  and  support   24x7  online  and  phone  support   Downloading  patch,  fixes,  erratas   Dtrace  support   Oracle  OpenStack  for  Oracle  Linux  support   LifeFme  Sustaining  Support   Oracle  Linux  Premier  Support Oracle  Linux  Basic  Support Login  account  for  ULN   Oracle  Linux  Network  Support Spacewalk  support  
  • 7. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Oracle  Linux  SubscripFon  Pricing   •  Buy  support  for  the  systems  you   need  –  use  the  same  soware  with   updates  on  everything!       •  Oracle  only  counts  physical  sockets;   no  limit  on  cores  or  number  of   virtual  guests   Level   Price   Installable  binaries  and  errata   Free   Basic  Limited     (24x7,  unlimited  support)   (2  or  less  CPUs)   $499   Basic       (24x7,  unlimited  support)   (More  than  2  CPUs)   $1,199   Premier  Limited     (24x7,  unlimited  support)     (2  or  less  CPUs)   $1,399   Premier       (24x7,  unlimited  support)   (More  than  2  CPUs)   $2,299  
  • 8. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Unbreakable  Linux  Network  (ULN)   h7ps://linux.oracle.com   8 Oracle version of RHN Portal site for Oracle Linux. Download rpm packages. Unbreakable Linux Network User‘s Guide •  How  to  register  your  server  to  ULN •  How  to  setup  a  ULN  mirror  site   (English) https://docs.oracle.com/cd/E37670_01/E39381/html/index.html (Japanese) https://docs.oracle.com/cd/E39368_01/b72803/index.html Switching from RHN to ULN https://linux.oracle.com/switch.html Free to use our public yum repo http://public-yum.oracle.com/
  • 9. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Oracle  Linux  security  informaFon  on  ULN   •  Searching  Erratas,  CVEs   – hep://linux.oracle.com/errata/     – hep://linux.oracle.com/cve/     •  New  erratas  announced  through  the  mailing  list   – heps://oss.oracle.com/mailman/lisFnfo/el-­‐errata   9
  • 10. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Live  patching  with  Ksplice
  • 11. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice   Zero downtime patching Patching without rebooting the OS, services. Not only the kernel but also the userspace application like, glibc and openssl Rollback If something goes wrong with the new patch, you can rollback where the apps were fine! Also used for support, putting the debug kernel temporary. Fast errata release Since the patching data is complete under oracles control we provide the fully tested patches as fast as we can Oracle  ConfidenFal  –  Internal/Restricted/Highly  Restricted   11   Proven history Released from 2008 Joined Oracle from 2011
  • 12. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Benefits from Ksplice   Vulnerability Easier to patch vulnerability issues Reducing administration work No more maintenance plan for patching. It can also automatically patch instead of you. Easier to solve problems In some case our support team will give you a Ksplice debug kernel patch so our support can collect more information to find the problem you have. Of course witout reboot Security Compliant It will be easier to be security compliant if you don’t need wait for pathing security fixes Oracle  ConfidenFal  –  Internal/Restricted/Highly  Restricted   12  
  • 13. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Using  Ksplice  on-­‐line  or  off-­‐line •  Need  Oracle  Linux  Premiumer  Support   13 Ksplice  Server Ksplice  Client internet ULN Ksplice  Server Proxy internet ULN Ksplice  Client Ksplice  Server ULN  Mirror   (local  yum) internet ULN Ksplice   Client Ksplice  Server ULN  Mirror   (local  yum) internet ULN Ksplice   Client   (local  yum) copy Connect your server to the ULN via Proxy Offline from the local ULN repovia ULN mirror
  • 14. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Technology   memory NewBug memory Before  ksplice Bug After  Ksplice  patching ① Insert  jump  to   ② ③ ④ ⑤
  • 15. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Inspector •  heps://ksplice.oracle.com/inspector   •  Validate  the  patch  level  of  your  kernel;  Apply  the  patches  you  need     15
  • 16. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Desktop hep://ksplice.oracle.com/try/desktop   •  Free  of  charge •  No  support     •  Ubuntu 16.04 Xenial •  Ubuntu 15.10 Wily •  Ubuntu 15.04 Vivid •  Ubuntu 14.04 LTS Trusty •  Ubuntu 12.04 LTS Precise   •  Fedora  22   •  Fedora  23   •  Fedora  24   16
  • 17. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  GUI(Ubuntu  and  Fedora  only) 17
  • 18. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  30  days  trial hep://ksplice.oracle.com/try/trial   •  Easy  register  and  use  it  for  30  days   •  RHEL  5,6,7  and  Oracle  Linux  5,6,7  supported   18
  • 19. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Easy  installaFon •  Get  ULN  account(trial  or  Premier  support)   •  Register  your  server  to  ULN   •  Add  ksplice  channel  subscripFon  to  your  server  from  the  ULN  web  site.   •  Install  uptrack     •  Done.  No  reboot.   19 # yum install -y uptrack *  You  can  also  uninstall  it
  • 20. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Command  Line  Tools  (1/4) •  uptrack-­‐show  command   •  List  the  kernel  patches  that  is  applied   uptrack-­‐show   # uptrack-show Installed updates: [guclwyc2] CVE-2012-0957: Information leak in uname syscall. [j4d07e02] Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery. [r8og1ec4] CVE-2013-1979: Privilege escalation with UNIX socket credentials. # # uptrack-show --available Available updates: [fiq04xbb] CVE-2013-2237: Information leak on IPSec key socket. [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. # •  With  the  –available opFon,  you  can  find  the  patches  that  are  available. Ksplice  ID
  • 21. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Command  Line  Tools  (2/4) •  uptrack-­‐upgrade  command   Command  to  apply  all  patches  that  are  available. uptrack-­‐upgrade/uptrack-­‐install # uptrack-upgrade -y The following steps will be taken: Install [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Install [j4d07e02] Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery. Install [r8og1ec4] CVE-2013-1979: Privilege escalation with UNIX socket credentials. Install [fiq04xbb] CVE-2013-2237: Information leak on IPSec key socket. Install [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. Installing [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Installing [j4d07e02] Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery. Installing [r8og1ec4] CVE-2013-1979: Privilege escalation with UNIX socket credentials. Installing [fiq04xbb] CVE-2013-2237: Information leak on IPSec key socket. Installing [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. Your kernel is fully up to date. Effective kernel version is 2.6.39-400.215.13.el6uek # # uptrack-upgrade guclwyc2 -y The following steps will be taken: Install [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Installing [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Your kernel is fully up to date. # •  uptrack-install <Ksplice ID> will  make  you  apply  to  a  specific  patch  level
  • 22. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Command  Line  Tools  (3/4) •  uptrack-remove command   You  can  remove  all  the  patches  applied  by  Ksplice. uptrack-­‐remove   # uptrack-remove -y The following steps will be taken: Remove [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Remove [j4d07e02] Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery. Remove [r8og1ec4] CVE-2013-1979: Privilege escalation with UNIX socket credentials. Remove [fiq04xbb] CVE-2013-2237: Information leak on IPSec key socket. Remove [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. # # uptrack-show Installed updates: None # •  uptrack-remove <Ksplice ID> You  can  also  can  rollback  to  the  level  you  want # uptrack-remove –y 9q4luou3 The following steps will be taken: Remove [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. #
  • 23. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Command  Line  Tools  (4/4) •  The  uname  command  will  output  the  kernel  version  that  is  on  the  disk.  To   see  the  Ksplice  kernel  patch  level  use  uptrack-uname. uptrack-­‐uname   # uptrack-show Installed updates: None # uname -r 2.6.39-300.26.1.el6uek.x86_64 # uptrack-uname -r 2.6.39-300.26.1.el6uek.x86_64 # uptrack-upgrade -y The following steps will be taken: Install [guclwyc2] CVE-2012-0957: Information leak in uname syscall. Install [j4d07e02] Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery. ... Installing [fiq04xbb] CVE-2013-2237: Information leak on IPSec key socket. Installing [9q4luou3] CVE-2014-3687: Remote denial-of-service in SCTP stack. Your kernel is fully up to date. Effective kernel version is 2.6.39-400.215.13.el6uek # uname -r 2.6.39-300.26.1.el6uek.x86_64 # uptrack-uname -r 2.6.39-400.215.13.el6uek.x86_64 Before  appling  any  Ksplice  patch ADer  appling  Ksplice  patch
  • 24. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  configuraFon  file •  /etc/uptrack/uptrack.conf 24 •  You can set proxy server, https_proxy = https://proxy_URL:https_port •  If you want the patches automatically set yes,(default no). Ran by cron. autoinstall = yes •  If you set “yes” the kernel will be on the same patch level before the reboot(default yes) install_on_reboot = yes •  If you also want the new patches automatically applied after reboot set yes,(default no) upgrade_on_reboot = yes
  • 25. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Uptrack  API  Tools •  RESTful  web  API   •  The  command  line  API  tools  are  included  with  the  Python  bindings  for  the   API  in  the  python-ksplice-uptrack  package.   •  The  details  are  describe  in  our  sites.   – hep://ksplice.oracle.com/uptrack/api   – heps://docs.oracle.com/cd/E37670_01/E39380/html/ol_kspapi.html   25
  • 26. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Enhanced  Client •  New  feature  from  2015   •  Ksplice  Enhanced  client  can  patch  in-­‐memory  pages  of  Ksplice-­‐aware   shared  libraries.   •  Currently  for  glibc  and  openssl  user-­‐space  processes   •  Need  addiFon  packages  to  enable  Ksplice  Enhanced  client.   •  Also  need  to  update  the  system  to  install  the  Ksplice-­‐aware  versions  of  the   user-­‐space  libraries:   26 # yum install -y ksplice # yum update *glibc *openssl*
  • 27. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Enhanced  Client  command  (1/3) 27 # ksplice all list-targets User-space targets: glibc-ISO8859-1-2.17.78.0.1.1.ksplice25.el7 └─ gnome-shell (3783) glibc-libutil-2.17.78.0.1.1.ksplice25.el7 ├─ firewalld (680) ├─ tuned (695) ├─ libvirtd (1492) ├─ sshd (1497) ├─ httpd (1503) ├─ httpd (1706) ├─ httpd (1707) ├─ abrt-applet (3980) ├─ tracker-miner-f (4040) ├─ gvfsd-trash (4062) ├─ sshd (29328) ├─ packagekitd (29465) └─ python (29679) ... Kernel version: Linux/x86_64/3.10.0-229.el7.x86_64/#1 SMP Fri Mar 6 04:05:24 PST 2015 ksplice all list-targets command display the running user-space processes that the client can patch ・・・  
  • 28. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Enhanced  Client  command  (2/3) 28 # ksplice all show httpd (1706) httpd (1708) httpd (1707) rsyslogd (689) chronyd (705) httpd (1503) ├─ [h73qvumn]: CVE-2014-7817: Command execution in wordexp(). └─ [ml55ngz4]: CVE-2015-1781: Privilege escalation in gethostbyname_r(). Ksplice kernel updates installed: Installed updates: [rfywob9d] Clear garbage data on the kernel stack when handling signals. [6w5ho5e2] Provide an interface to freeze tasks. ksplice all show command: [89yjgn50] CVE-2015-3636: Memory corruption when unhashing IPv4 ping sockets. [g327jyvw] CVE-2015-2922: Denial-of-service of IPv6 networks when handling router advertisements. ・・・  
  • 29. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Ksplice  Enhanced  Client  command  (3/3) 29 # ksplice all show httpd (1706) httpd (1708) httpd (1707) rsyslogd (689) chronyd (705) httpd (1503) ├─ [h73qvumn]: CVE-2014-7817: Command execution in wordexp(). └─ [ml55ngz4]: CVE-2015-1781: Privilege escalation in gethostbyname_r(). Ksplice kernel updates installed: Installed updates: [rfywob9d] Clear garbage data on the kernel stack when handling signals. [6w5ho5e2] Provide an interface to freeze tasks. ksplice all show command: [89yjgn50] CVE-2015-3636: Memory corruption when unhashing IPv4 ping sockets. [g327jyvw] CVE-2015-2922: Denial-of-service of IPv6 networks when handling router advertisements. ・・・  
  • 30. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Demo •  Demo  environment 30 Ksplice  Server Ksplice  Client internet ULN VM  guest   (Virtual  Box) This  PC Oracle  Linux  6.2   vCPU  x1     RAM  4GB   Linux  Kernel   2.6.32-­‐220.el6.x86_64
  • 31. Copyright  ©  2015  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   @ORCL_Linux   Facebook.com/ OracleLinux   Blogs.oracle.com/ linux   Oracle  Linux   Experts  Group   YouTube.com/   oraclelinuxchannel   Home  page:    oracle.com/linux   Ksplice  info:  ksplice.oracle.com   Download:    edelivery.oracle.com/linux   Learn  More  about  Oracle  Linux   Join  Our  CommuniPes,  Visit  Websites  For  More  InformaPon   ksplice-­‐support_ww@oracle.com