Red Hat Insights: Your very own security consultant

Christian Labisch is a Red Hat Accelerator and is not employed by Red Hat. A version of this blog was previously published on The Red Hat Universe.

When it comes to system maintenance and management, the most critical aspect is to keep all operating systems as safe and secure as possible. This is where Red Hat Insights steps in - it helps users manage security in an easy and convenient way by analyzing system configurations. Since Red Hat Summit 2020, Red Hat Insights has extended capabilities to manage operational efficiency and security risks.

Note: Insights is included in all Red Hat Enterprise Linux (RHEL) subscriptions.

Red Hat Insights overview

What RHEL security-related features does Red Hat Insights offer? Well, here is a short overview:

• Advisor - detects existing security issues on RHEL systems and recommends solutions to remediate.
• Compliance - analyzes the level of compliance a RHEL system environment has to an OpenSCAP policy.
• Drift - compares RHEL hosts to each other to identify and further troubleshoot differences.
• Patch - determines which product advisories may apply to an organization's specific RHEL instances.
• Policies - enables organizations to define and monitor for specific internal policies.
• Vulnerability - reports and remediates on CVEs that impact RHEL systems (in cloud or on-premises).

So those are the facts. However, nothing can better display how useful Insights can be than a real-world example.

Use Red Hat Insights

After running insights-client on a RHEL workstation, Insights Advisor reported an issue with the firewall.

Traffic occurs, or services are allowed unexpectedly when firewall zone drifting is enabled. The related Knowledge Base article Changes in firewalld related to Zone Drifting explains the situation this way:

Due to the possibility that existing Red Hat Enterprise Linux installations are relying on the zone drift behavior above, a new configuration option named AllowZoneDrifting has been introduced.

Here is how Insights Advisor defines the issue:

A tenant of zone based firewalls is that packets enter one and only one zone. When firewall zone drifting is enabled, packets are allowed to go to multiple zones. This is a violation of zone based firewalls and packets could be allowed unexpectedly.

To my surprise, on RHEL 7 and 8 systems the default setting for firewall zone drifting is Enabled, and the upstream default setting is Disabled. I edited /etc/firewalld/firewalld.conf and changed AllowZoneDrifting=yes to AllowZoneDrifting=no to remediate the problem. The real concern, however, is whether I would have ever known about this setting without the Insights Advisor.

Note: Advisor only reports this issue when there is more than one zone active on the RHEL system.

Did you know?

Now the big question: Would you have been aware of this particular firewall configuration and its ramifications? I guess not; who would check all configuration settings in every configuration file on each system? I assume nobody! Insights does, however. Furthermore, it would have alerted you to a potential vulnerability that you wouldn't have been likely to discover yourself. This example shows nicely how useful the SaaS solution Red Hat Insights can be.

Additional information:

• Red Hat Insights - Technical FAQ
• Red Hat Insights - Security Information

[ Free online course: Red Hat Enterprise Linux technical overview. ]