When Red Hat rolls out Red Hat Enterprise Linux 4.0 next week, the red carpet treatment may be warranted. In our Clear Choice test of this operating system package (we tested RHEL 4.0 Advanced Server, Red Hat's most robust Linux distribution), we found huge performance gains over previous editions, beefed up security options and vastly improved hardware detection mechanisms. For this combination, we give RHEL 4.0 a Network World Clear Choice award.

The increased speed comes by way of the new Linux 2.6.9 kernel. RHEL 4.0 posted numbers in our Web transactional test that showed a 23% hike over the numbers posted by RHEL 3.0 on identical hardware (See graphic, below).

The increase in security comes by way of an optional Security Enhanced Linux (SELinux) kernel modification. These SELinux modifications - which are compiled into the Linux kernel by default at installation - get rid of root user and hierarchical privilege vulnerabilities.

This is the first time these methods have been included in an enterprise distribution. They are designed to improve security by directly controlling application access to operating system services. SELinux provides configuration control of every privileged service running inside its environment. These links prevent root user-access manipulation from exploits attempted against a server.

In practical use, SELinux can keep in check applications that attempt to claim privilege higher than those already established by user and group permissions. These applications then can be configured to limit their action to specific up-privileged resources, rather than those privileges connoted by user access.

Strict enforcement of privilege might stop (especially older) applications, but SELinux log files then can be used to alter services or fix applications so that they can run inside this more secure environment. There are older Unix/Linux/BSD applications that might try to make unapproved calls to printing services or older device code running on a server. To get these working inside the SELinux environment, you'd have to make changes to the Linux configuration file. We experienced such a problem with an older printing application, but we could make it work inside the SELinux parameters by adding a single line to the SELinux configuration files.