Skip Links

Red Hat's new Linux package boasts power and security

By Tom Henderson, Network World
February 07, 2005 12:04 AM ET

Network World - When Red Hat rolls out Red Hat Enterprise Linux 4.0 next week, the red carpet treatment may be warranted. In our Clear Choice test of this operating system package (we tested RHEL 4.0 Advanced Server, Red Hat's most robust Linux distribution), we found huge performance gains over previous editions, beefed up security options and vastly improved hardware detection mechanisms. For this combination, we give RHEL 4.0 a Network World Clear Choice award.

The increased speed comes by way of the new Linux 2.6.9 kernel. RHEL 4.0 posted numbers in our Web transactional test that showed a 23% hike over the numbers posted by RHEL 3.0 on identical hardware (See graphic, below).

How we did it
Archive of Network World tests
Subscribe to the Network Product Test Results newsletter

The increase in security comes by way of an optional Security Enhanced Linux (SELinux) kernel modification. These SELinux modifications - which are compiled into the Linux kernel by default at installation - get rid of root user and hierarchical privilege vulnerabilities.

This is the first time these methods have been included in an enterprise distribution. They are designed to improve security by directly controlling application access to operating system services. SELinux provides configuration control of every privileged service running inside its environment. These links prevent root user-access manipulation from exploits attempted against a server.

In practical use, SELinux can keep in check applications that attempt to claim privilege higher than those already established by user and group permissions. These applications then can be configured to limit their action to specific up-privileged resources, rather than those privileges connoted by user access.

Strict enforcement of privilege might stop (especially older) applications, but SELinux log files then can be used to alter services or fix applications so that they can run inside this more secure environment. There are older Unix/Linux/BSD applications that might try to make unapproved calls to printing services or older device code running on a server. To get these working inside the SELinux environment, you'd have to make changes to the Linux configuration file. We experienced such a problem with an older printing application, but we could make it work inside the SELinux parameters by adding a single line to the SELinux configuration files.

The better hardware detection is brought to the operating system by way of improvements in Anaconda, Red Hat's hardware installer/detector. This program made no mistakes in our diverse server platform compatibility tests (see How we did it ).

The use of faster CD-ROM drivers was a small pleasure. This made installation via CD faster than it was with previous editions. We configured PXE boot, and found that this was the easiest and fastest method of populating the many servers we tested for compatibility.

Also, Red Hat has significantly boosted its list of detectable devices - especially in troublesome areas such as embedded SCSI controllers and unusual network cards. Hardware changes, such as the change or addition of items like host-bus adapters and USB devices, were handled flawlessly.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News