RHEL 5

Hi Everyone:

Red Hat Enterprise Linux 5 was released this week. But
I am not upgrading to this version, I got comfortable
with Red Hat Enterprise Linux 4.

But here's a blurb on RHEL5.

Tony

**

Red Hat Enterprise Linux 5 surprises For Red Hat
administrators
Security policy? Web application compatibility?
Virtualization? Our test team faced down the
surprising new features of Red Hat Enterprise Linux so
you don't have to

By Tom Henderson, LinuxWorld.com, 03/14/07

Administrators who have run Linux, or garden-variety
Unix variants, have learned to live inside the Unix
system administration and security models. They’re
still there, in the new Red Hat Enterprise Linux 5
distribution (RHEL5). But there’s a chance that a
migration to RHEL5 can cause things to break and stop
working if you’re not aware of the changes.
Related links

If you’ve followed Fedora Core 6, then little of Red
Hat’s Enterprise Linux 5 will be a mystery to you. If
you're used to RHEL version 4 and earlier, however,
you’ll find that Red Hat now puts in place some very
serious value in the form of user session security and
if desired, server session paravirtualization.

The changes come on four levels: Security Enhanced
Linux (SELinux) deployment, Xen virtualization, new
versions of important software packages, and the onset
of IPv6. It’s absolutely possible to deploy and ignore
these feature sets that Red Hat bundles into RHEL5 and
lead a happy life. Your resulting life may be bereft
of both the newest features -- stable and predictable
server paravirtualization -- but you’ll have an
up-to-date distribution with a full kit of the latest
applications.
SELinux

Red Hat first delivered SELinux in RHEL4. Security
Enhanced Linux is a method of atomizing user sessions,
and preventing user sessions from accessing root
authentication, or applications and processes that can
gain root. Microsoft introduced similar technology in
Windows XP SP2 and it now lives in Windows Vista, too.
The concept prevents applications from increasing
their privilege. Older applications may misbehave
because they’re unable to garner resources that were
"legal" before.

Shaking out these applications may be very simple, and
there are numerous policy control settings that
administrators can make to selectively elevate
critical activities without compromising essential
systems security. Different levels of primary SELinux
environmental control can be set ranging from very
tight to "who cares?" The important consideration is
that a bit of experimentation is needed to ensure
reliability. SELinux Troubleshooter is a good tool to
examine the logs of SELinux errors so you can track
down and fix them. SELinux Management Tool in turn,
can fix a wide variety of settings issues so that
problems found through the logs have a chance to be
fixed in an orderly way.

The benefit at the end of the exercise of deploying
SELinux is that it becomes very difficult for sessions
to jeopardize systems security or tie up crucial
resources with misbehaving applications -- if SELinux
controls are properly applied.
Xen

Red Hat criticized the virtualization technology Xen
when Novell included it in its SUSE Linux Enterprise
Server 10, released in July 2006. But the company has
changed its tune, as XenSource and Red Hat have worked
with Xen through several rounds of maturation. The
downside to running applications within guest
operating system sessions is that virtualized sessions
can be stifled by sporadic high disk I/O or network
needs. Virtualized sessions also aren’t really
designed for graphics. However, applications that run
as processing jobs in the old IBM Job Control
Language/JCL sense often do very well in guest
operating system sessions provided you're confident
you can control their communications demands or
spontaneous high-memory paging needs.

Apache
The advanced Apache 2.3 version also is included,
which for some represents a milestone for its ability
to use Lightweight Directory Access Protocol
authentication more closely. RHEL4 included the 2.0
version of the Web server. What others have found,
however, is that Web applications need to be strongly
tested prior to moving to Apache 2.3, in the same way
that Apache 2.0 represented a leap, and probably a
code update session, when migrating from Apache 1.3.
The robust feature set of Apache 2.3 is tempting for
many reasons, including more flexible authentication
support, but the module API is different.
Related links

IPv6
The final implication for sysadmins is the advent of a
full-featured support in RHEL5 of IPv6. Yes, IPv4
works just fine, but if your organization is one of
many that finds itself being pushed towards IPv6 and
its comparatively gargantuan IP address space, RHEL5
and its core routing and firewalling understand and
use both IPv6 and IPv4 almost interchangeably. If
you’ve worried about cross-application support for
IPv6, RHEL5 has it.

Summary
Many of these advanced components can be highly
desirable both from a reliability and systems security
perspective. As a basis for new code development,
however, the components inside the RHEL5 distro aren’t
experimental, or technology previews anymore. Instead
you’ll find them in the community supported environs
of the Fedora Project, where they may or may not catch
the Red Hat Linux wind in their sails.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Mar 16 09:14:14 2007