The best part is how RedHat has become security-conscious. I already mentioned not enabling daemons by default after installation. Another is that the firewall is always active and passes through a select few ports. And there comes SELinux. The "targeted" policy that comes with RedHat is almost invisible; it contains few vulnerable daemons and lets other users do their work as usual. I noticed that SELinux is active because mysqld mysteriously reported EACCESS on its datadir, even though all permissions were correct and the directory was accessible when I made
suto the mysql user. I moved the data directory from its default place
/home/mysql. The new directory wasn't marked in the policy as accessible to mysqld so I had to fiddle a bit to fix that.
All in all - go for RedHat!
Tags: linux redhat