Product SiteDocumentation Site

3. Modificaciones en Fedora para administradores de sistema

3.1. Seguridad

3.1.1. OpenSCAP

3.1.1.1. Abstract
Fedora 14 brings in support of the SCAP (Security Content Automation Protocol). A library called OpenSCAP that provides development framework and several SCAP scanning tools are included in the distribution. OVAL and XCCDF contents specific for Fedora 14 that can be used for automated system configuration checking are also provided.

3.1.2. Description

OpenSCAP is an open-source framework for SCAP developers. SCAP is a line of standards managed by NIST (National Institute of Standards and Technology). It was created to provide a standardized approach to maintaining the security of systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.
The SCAP suite contains multiple complex data exchange formats that are to be used to transmit important vulnerability, configuration, and other security data. Historically, there have been few tools that provide a way to query this data in the needed format. The OpenSCAP project aims to create a framework of libraries to improve the accessibility of SCAP and enhance the usability of the information it represents.
The tools based on OpenSCAP library which are included in this Fedora feature are:
  • oscap-scan - command line scanner driven by OVAL/XCCDF content
  • secstate - tool that attempts to streamline the Certification and Accreditation (C&A) process of Linux systems by providing a mechanism to verify, validate, and provide remediation to security relevant configuration items.
  • firstaidkit-plugin-openscap - Plugin for FirstAidKit which allows user to perform basic automated security audit and evaluate the results in text or graphical environment.
With this feature installed, the user can use different ways to perform automatic scan of his system and make sure the system is in compliance with defined security configuration. The user is enabled to automatically remediate the system.

3.1.3. References

3.2. Virtualización

3.2.1. La nube computacional de Amazon Elastic

A partir de Fedora 14, también los usuarios de los servicios ofrecidos por la Nube computacional de Amazon Elastic podrán disfrutar de esta distribución.
Para más información, diríjase a:

3.2.2. Marco de trabajo Spice para virtualización de escritorio

El protocolo SPICE (por las iniciales en inglés de Simple Protocol for Independent Computing Environments) es utilizado para realizar la comunicación entre el cliente y el servidor, mejorando la interacción con los huéspedes de máquinas virtuales. Spice agrega un dispositivo de monitor QXL en el QEMU, y ofrece controladores para este dispositivo tanto para las X como para Windows.
El marco de trabajo Spice para virtualizaciones de escritorio intenta ofrecer una solución completa y de código abierto, para la interacción con los escritorios virtuales.
Para más información, diríjase a:

3.2.3. Migración de Xen hacia KVM

virt-v2v es una herramienta de línea de comandos que habilita a los dominios de Xen (esto es, a los huéspedes), para que sean migrados y poder utilizar KVM. Así, los usuarios con huéspedes Xen podrán conocer qué tal funciona KVM. Además, los usuarios pueden migrar desde Xen a KVM debido a su mejor y más sencilla forma de utilización.
Para más información, diríjase a:

3.2.4. Otras Mejoras

3.2.4.1. Repositorio de pruebas de tecnologías de virtualización
El Repositorio de pruebas de virtualización ha sido creado para quienes quieran conocer los paquetes más recientes relacioandos con la virtualización. Este repositorio ha sido destinado fundamentalmente para la asistencia en las pruebas y para la experimentación prematura. No ha sido diseñado para el despliegue de producción.
Para conocer mayores detalles, diríjase a:
3.2.4.2. Soporte Xen en el Kernel
El paquete kernel en Fedora 14 ofrece soporte para arranque como un huésped domU, pero no funcionará como un dom0 hasta que tal soporte sea provisto por los desarrolladores del kernel.
La versión de Fedora más reciente que tiene soporte para dom0 es Fedora 8.
El inicio de un huésped Xen domU dentro de un equipo Fedora 14 necesita del paquete xenner basado en KVM. Xenner ejecuta el kernel huésped junto con un pequeño emulador Xen, como si fueran huéspedes KVM.
Para conocer mayores detalles, diríjase a:

3.3. Web Servers

3.3.1. Varnish

Varnish was updated to 2.1.3. Improvements include better scalability and a new log function.
The main changes you can read here, from Varnish website.

3.3.2. Apache

httpd was updated from 2.2.14 to 2.2.16. This version includes mod and security fixes, and core change:
  • Filter init functions are now run strictly once per request before handler invocation. The init functions are no longer run for connection filters.
For more information refer to CHANGES 2.2 from Apache website.

3.4. Server Configuration Tools

3.4.1. ipmiutil

ipmiutil performs a series of common IPMI server management functions to allow administrators to perform management functions without a learning curve. It can gather FRU inventory data, SEL firmware log, sensors, watchdog, power control, health, monitoring, and has an SOL console. It can write sensor thresholds, FRU asset tags, and supports a full IPMI configuration save/restore. Ease-of-use examples with ipmiutil: configuring the IPMI LAN requires a single command, and a soft-reboot can be easily performed instead of a hard reboot. This utility can use various existing IPMI drivers, or run in driverless mode, which is useful for boot media or test environments. The decoding of IPMI events includes a severity, and any events not recognized at least return the data, rather than just Unknown. Features compared to other IPMI packages: http://ipmiutil.sourceforge.net/docs/ipmisw-compare.htm

3.5. X Display System

3.5.1. vbetool not installed by default

Due to problems with vbetool, this package has been removed from the default installation of Fedora. This change may impact users with suspending and resuming their computers. These problems should only affect users of uncommon VGA adaptors and not users of nVidia, ATI, or Intel adaptors.

3.5.2. Mouse Behavior

The latest version of evdev, version 2.5, changed the default for the middle mouse button emulation code. This change has disabled emulation of the middle mouse button by clicking the left and right mouse buttons.
3.5.2.1. Enabling the middle mouse button emulation
Middle mouse button emulation can be enabled by the addition of a xorg.conf snippet:
        Section "InputClass"
	  Identifier "middle button emulation class"
	  MatchIsPointer "on"
	  Option "Emulate3Buttons" "on"
	EndSection