RedHat - a nice surprise

Recently I begun to work on a 64-bit machine with RHEL WS 4 installed. I was skeptical at first towards RH, but it turned out to be a nice experience. Installed packages (e.g. mysql, apache) have no automatic configuration at all. Defaults are reasonable. And they are not automatically put into all runlevels as in some other distributions. I don't have a feeling that I'm working "against" the system which I had with many other distributions.

The best part is how RedHat has become security-conscious. I already mentioned not enabling daemons by default after installation. Another is that the firewall is always active and passes through a select few ports. And there comes SELinux. The "targeted" policy that comes with RedHat is almost invisible; it contains few vulnerable daemons and lets other users do their work as usual. I noticed that SELinux is active because mysqld mysteriously reported EACCESS on its datadir, even though all permissions were correct and the directory was accessible when I made su to the mysql user. I moved the data directory from its default place /var/lib/mysql to /home/mysql. The new directory wasn't marked in the policy as accessible to mysqld so I had to fiddle a bit to fix that.

All in all - go for RedHat!


No comments: