Do you want a solid Linux distribution that also delivers the latest languages and solid security? Yes? Then consider getting Red Hat Enterprise Linux 8.6.[1]
Red Hat[2] announced this new release at the Red Hat Summit[3]. It has numerous new features, but the ones that caught my eye were the security improvements.
For example, if you're serious about securing your Linux distribution, you should run Security-Enhanced Linux (SELinux)[4]. But, SELinux has long had a fundamental problem. Because its Common Intermediate Language (CIL) couldn't store the module name and version in the module itself, there was no simple way to verify that the installed module was the right version. This kind of thing has become a common software chain supply security[5] problem.
Now, however, you can create a SHA256 hash checksum signature for your SELinux modules. You can then compare this with the original file's checksum to make sure you're actually using the correct SELinux configuration file.
Continuing with configuration file security improvements, RHEL's OpenSSH[6] servers now support drop-in configuration files. The sshd_config file supports the Include directive. That means you can include configuration files in another directory. What makes this matter is that it makes it easier to apply system-specific configurations on OpenSSH servers by using automation tools such as Ansible Engine[7]. It also makes it easier to organize different configuration files for different uses, such as filtering incoming connections.
Libreswan[8], a popular open-source IPsec Virtual Private Network (VPN) server and Internet Key Exchange (IKE)[9], has been rebased to upstream version 4.5. This includes many bug fixes and enhancements, such as the support of IKE version 2 for Labeled IPsec[10].This enables Libreswan to work